misp-circl-feed/feeds/circl/misp/59d480ba-a7cc-4041-8470-4647950d210f.json

1 line
No EOL
16 KiB
JSON

{"Event": {"info": "M2M - Locky 2017-10-03 : Affid=3, offline, \".ykcol\" : \"Emailing - DOC123\" - \"DOC123.7z\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}], "publish_timestamp": "1507106042", "timestamp": "1507106049", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "59d480bb-aba8-45fd-b40a-46bd950d210f", "timestamp": "1507106041", "to_ids": true, "value": "b75bd60dc3686fe62eb4a4a8372be966", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59d480bb-e56c-4642-8e7c-dd82950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://420ent.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480bb-616c-478c-9cb6-4fb8950d210f", "timestamp": "1507106041", "to_ids": true, "value": "420ent.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "420ent.com", "category": "Network activity", "uuid": "59d480bc-ab8c-41ce-a602-6a98950d210f", "timestamp": "1507106041", "to_ids": false, "value": "98.124.251.72", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-827c-4805-addc-4fcd950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://acaciainvestigations.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-11ec-4a1e-a167-dd7d950d210f", "timestamp": "1507106041", "to_ids": true, "value": "acaciainvestigations.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "acaciainvestigations.com", "category": "Network activity", "uuid": "59d480bd-add8-4985-b92f-40c8950d210f", "timestamp": "1507106041", "to_ids": false, "value": "208.79.200.25", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-bd08-4a33-af0e-dbc4950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://aimonino.info/p66/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480be-5fd0-42af-9334-4890950d210f", "timestamp": "1507106041", "to_ids": true, "value": "aimonino.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59d480dc-287c-49e2-ab55-4224950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://atez.vn/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480dc-4c14-4b62-891e-dd7d950d210f", "timestamp": "1507106041", "to_ids": true, "value": "atez.vn", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "atez.vn", "category": "Network activity", "uuid": "59d480de-5b54-4988-a5e9-430f950d210f", "timestamp": "1507106041", "to_ids": false, "value": "203.162.31.116", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480de-a008-4552-8903-4ed9950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://chimachinenow.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480de-55b0-476b-93dc-43c2950d210f", "timestamp": "1507106041", "to_ids": true, "value": "chimachinenow.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "chimachinenow.com", "category": "Network activity", "uuid": "59d480de-f6fc-40c4-9d6d-4846950d210f", "timestamp": "1507106041", "to_ids": false, "value": "199.30.241.139", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480df-8790-4ce6-b7e5-4c7f950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://dbatee.gr/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480df-ee64-4037-8419-45f4950d210f", "timestamp": "1507106041", "to_ids": true, "value": "dbatee.gr", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "dbatee.gr", "category": "Network activity", "uuid": "59d480df-8ee4-4188-8230-dd7d950d210f", "timestamp": "1507106041", "to_ids": false, "value": "62.103.152.100", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480df-e884-47af-9bd9-dd82950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://envi-herzog.de/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e0-9504-4447-93f8-4611950d210f", "timestamp": "1507106041", "to_ids": true, "value": "envi-herzog.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "envi-herzog.de", "category": "Network activity", "uuid": "59d480e0-ec34-44be-84d7-4025950d210f", "timestamp": "1507106041", "to_ids": false, "value": "194.116.187.130", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e0-f6a0-42e9-9f24-6d43950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://eternallyclassicjewelry.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e0-63b0-49ac-9ea7-4483950d210f", "timestamp": "1507106041", "to_ids": true, "value": "eternallyclassicjewelry.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "eternallyclassicjewelry.com", "category": "Network activity", "uuid": "59d480e1-b9d0-41f9-b481-4fb9950d210f", "timestamp": "1507106041", "to_ids": false, "value": "98.124.251.166", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e1-3ebc-4f76-ae00-6a98950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://matern-eger.de/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e1-88fc-4375-a668-6e37950d210f", "timestamp": "1507106041", "to_ids": true, "value": "matern-eger.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "matern-eger.de", "category": "Network activity", "uuid": "59d480e1-e5d4-432c-94a6-4fe4950d210f", "timestamp": "1507106041", "to_ids": false, "value": "87.106.222.105", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e2-7678-4cc6-946e-4d6b950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://mysushi.it/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e2-12b8-42a9-820b-dd7d950d210f", "timestamp": "1507106041", "to_ids": true, "value": "mysushi.it", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "mysushi.it", "category": "Network activity", "uuid": "59d480e2-9068-4c31-bd5b-44cf950d210f", "timestamp": "1507106041", "to_ids": false, "value": "93.174.71.137", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e3-bd54-4aa7-8736-46b1950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://phmetreci.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e3-0e60-4264-b2e9-6d43950d210f", "timestamp": "1507106041", "to_ids": true, "value": "phmetreci.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "phmetreci.com", "category": "Network activity", "uuid": "59d480e3-c45c-4a33-a796-49fe950d210f", "timestamp": "1507106041", "to_ids": false, "value": "185.150.128.21", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e3-c54c-4e59-81d3-4123950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://placecomp.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e3-c010-4d94-b48a-6a98950d210f", "timestamp": "1507106041", "to_ids": true, "value": "placecomp.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "placecomp.com", "category": "Network activity", "uuid": "59d480e4-bf14-4285-b832-6e37950d210f", "timestamp": "1507106041", "to_ids": false, "value": "74.208.88.65", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e4-5860-489d-a690-4717950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://restaurantelburladero.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e4-e8e0-4b4e-b2f6-4609950d210f", "timestamp": "1507106042", "to_ids": true, "value": "restaurantelburladero.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "restaurantelburladero.com", "category": "Network activity", "uuid": "59d480e5-8fc4-4596-8240-dd7d950d210f", "timestamp": "1507106042", "to_ids": false, "value": "5.2.88.79", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e5-9f50-4861-be8e-1b2c950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://runkel.com.mx/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e5-0ea8-4b22-bf54-4b56950d210f", "timestamp": "1507106042", "to_ids": true, "value": "runkel.com.mx", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "runkel.com.mx", "category": "Network activity", "uuid": "59d480e6-65b4-4c38-af3f-dbc4950d210f", "timestamp": "1507106042", "to_ids": false, "value": "173.201.253.230", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e7-9df4-4a57-842e-6a98950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://sabines-marmeladen.de/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e7-acc0-4436-8c9a-6e37950d210f", "timestamp": "1507106042", "to_ids": true, "value": "sabines-marmeladen.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "sabines-marmeladen.de", "category": "Network activity", "uuid": "59d480e7-89a0-4116-b3d0-42ee950d210f", "timestamp": "1507106042", "to_ids": false, "value": "178.77.75.180", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e7-83a0-409e-81f1-4b79950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://sancorbr.com.br/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e8-3c14-4a35-85d5-43a1950d210f", "timestamp": "1507106042", "to_ids": true, "value": "sancorbr.com.br", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "sancorbr.com.br", "category": "Network activity", "uuid": "59d480e8-62f0-4c10-85de-1b2c950d210f", "timestamp": "1507106042", "to_ids": false, "value": "69.64.57.170", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e8-1668-413b-8bf3-47a3950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://shanta.de/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e9-56f0-46b8-a7ac-4a24950d210f", "timestamp": "1507106042", "to_ids": true, "value": "shanta.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "shanta.de", "category": "Network activity", "uuid": "59d480e9-9e9c-444b-8e88-4620950d210f", "timestamp": "1507106042", "to_ids": false, "value": "83.169.1.28", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480e9-a7c8-43d7-937e-dbc4950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://studioslefteris.gr/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480e9-32c0-4061-aebe-4d57950d210f", "timestamp": "1507106042", "to_ids": true, "value": "studioslefteris.gr", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "studioslefteris.gr", "category": "Network activity", "uuid": "59d480ea-06fc-4040-a126-6e37950d210f", "timestamp": "1507106042", "to_ids": false, "value": "158.69.151.250", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480ea-61c8-463f-9eb8-4d80950d210f", "timestamp": "1507106042", "to_ids": true, "value": "http://yoma888.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480ea-3db0-4c77-b852-4d0e950d210f", "timestamp": "1507106042", "to_ids": true, "value": "yoma888.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "yoma888.com", "category": "Network activity", "uuid": "59d480eb-ad34-4677-99f5-dd7d950d210f", "timestamp": "1507106042", "to_ids": false, "value": "60.199.166.77", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966 - Xchecked via VT: d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01", "category": "External analysis", "uuid": "59d49cfa-28e8-4633-bb40-458f02de0b81", "timestamp": "1507106042", "to_ids": false, "value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507105280/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966", "category": "External analysis", "uuid": "59d486ba-ee54-49db-82ad-475902de0b81", "timestamp": "1507106042", "to_ids": false, "value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507059034/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966", "category": "Artifacts dropped", "uuid": "59d486ba-e218-4d68-b028-46cb02de0b81", "timestamp": "1507106042", "to_ids": true, "value": "68fc9c06dec69b161e940c385dd1b229f4f972b2", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966", "category": "Artifacts dropped", "uuid": "59d486ba-5a48-4bb5-a2c5-492902de0b81", "timestamp": "1507106042", "to_ids": true, "value": "d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01", "disable_correlation": false, "object_relation": null, "type": "sha256"}], "extends_uuid": "", "published": false, "date": "2017-10-04", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "59d480ba-a7cc-4041-8470-4647950d210f"}}