misp-circl-feed/feeds/circl/misp/59dce1ec-b998-42ad-ba4f-48a4950d210f.json

653 lines
No EOL
19 KiB
JSON

{
"Event": {
"analysis": "1",
"date": "2017-10-10",
"extends_uuid": "",
"info": "M2M - Locky Affid=3, \"asasin\" / Trickbot \"mac1\" 2017-10-10 : \"Status of invoice A2171234-56\" - \"A2171234-56.html\"",
"publish_timestamp": "1507830327",
"published": true,
"threat_level_id": "3",
"timestamp": "1507830166",
"uuid": "59dce1ec-b998-42ad-ba4f-48a4950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#006c6c",
"name": "ecsirt:malicious-code=\"ransomware\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Locky\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:tool=\"Trick Bot\""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "md5",
"uuid": "59dce1ed-5068-4bb6-ae81-88d9950d210f",
"value": "a85fa294fa2d4d48565cd78b4950695d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "md5",
"uuid": "59dce1ed-5884-4f7f-9514-40f7950d210f",
"value": "554a8eabcb28deeb57d70a3c1d6c3a5d"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1ed-9cd4-4502-bdd0-2dd8950d210f",
"value": "http://haproprab.net/js/*"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "hostname",
"uuid": "59dce1ee-3604-4fcc-8698-8864950d210f",
"value": "haproprab.net"
},
{
"category": "Network activity",
"comment": "haproprab.net",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1ee-55a0-4080-8e5d-4451950d210f",
"value": "49.51.134.194"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1ee-0ca4-4f87-801f-4d49950d210f",
"value": "http://yamanashi-jyujin.jp/l0.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "hostname",
"uuid": "59dce1ee-da50-4838-9947-86c4950d210f",
"value": "yamanashi-jyujin.jp"
},
{
"category": "Network activity",
"comment": "yamanashi-jyujin.jp",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1ef-9a6c-4720-b747-8751950d210f",
"value": "180.222.185.74"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1ef-5f64-4c61-abf5-48c0950d210f",
"value": "http://smi-wi.com/l0.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "hostname",
"uuid": "59dce1ef-5664-4fd4-9223-88d9950d210f",
"value": "smi-wi.com"
},
{
"category": "Network activity",
"comment": "smi-wi.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f0-0134-47a1-bdeb-4f44950d210f",
"value": "72.52.195.204"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1f0-51a8-43ff-96d9-88a8950d210f",
"value": "http://qxr33qxr.com/b0.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "hostname",
"uuid": "59dce1f0-3878-46ff-9f53-2dd8950d210f",
"value": "qxr33qxr.com"
},
{
"category": "Network activity",
"comment": "qxr33qxr.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f1-bf80-4f79-9f29-8864950d210f",
"value": "67.210.102.240"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1f1-5920-4d31-8770-4099950d210f",
"value": "http://mtblanc-let.co.uk/b0.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "hostname",
"uuid": "59dce1f1-b9a4-4399-a3df-465f950d210f",
"value": "mtblanc-let.co.uk"
},
{
"category": "Network activity",
"comment": "mtblanc-let.co.uk",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f1-48fc-42cd-9241-86c4950d210f",
"value": "217.199.175.27"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": true,
"type": "url",
"uuid": "59dce1f2-e3c4-4a33-9993-8928950d210f",
"value": "http://haproprab.net/eroorrrs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f2-2c5c-4b69-bed3-4555950d210f",
"value": "91.83.88.51"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f2-5430-4e13-abe2-4cf7950d210f",
"value": "46.237.117.193"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f2-5704-4cf0-b1b7-48a7950d210f",
"value": "79.170.7.139"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f3-c030-49ca-8680-2dd8950d210f",
"value": "41.57.103.218"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f3-b044-494d-b1f5-882b950d210f",
"value": "196.202.194.202"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f3-b708-42b2-aa22-8864950d210f",
"value": "46.20.56.239"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f3-4aa4-48d8-b1f5-4e89950d210f",
"value": "176.120.126.21"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f4-ddb0-4809-af2c-426a950d210f",
"value": "91.239.249.118"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f4-b930-4908-832d-86c4950d210f",
"value": "194.87.103.184"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f4-19ec-4e92-ab91-8928950d210f",
"value": "92.63.102.64"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f4-8ec4-40ec-8803-2fc8950d210f",
"value": "194.87.238.53"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f5-6bac-4868-8c1b-878f950d210f",
"value": "92.63.102.159"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f5-7e64-4081-8e0b-8751950d210f",
"value": "194.87.232.219"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f5-bc8c-441f-a2d8-4150950d210f",
"value": "149.154.69.70"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f6-a098-4022-83b5-88d9950d210f",
"value": "78.24.223.153"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f6-3e54-4802-ad22-47f3950d210f",
"value": "194.87.92.207"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f6-bcb0-4147-bd09-47d9950d210f",
"value": "194.87.94.239"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f7-79c4-4b32-92c8-2dd8950d210f",
"value": "195.133.147.238"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f7-0c7c-4db1-a96b-882b950d210f",
"value": "62.109.15.132"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f7-15d4-473c-8767-88a8950d210f",
"value": "194.87.236.240"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f7-5fbc-4033-8810-4e37950d210f",
"value": "62.109.6.237"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f8-069c-4aa2-8cc6-468d950d210f",
"value": "149.154.69.47"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f8-8278-4898-8735-431c950d210f",
"value": "82.146.47.121"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f8-612c-40b0-832f-8928950d210f",
"value": "78.24.216.250"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f8-9778-4d26-9d0e-2fc8950d210f",
"value": "82.146.56.218"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830159",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f8-d3a8-4521-ad5f-8751950d210f",
"value": "185.159.131.198"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f9-d490-465a-8e0f-88d9950d210f",
"value": "194.87.146.32"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f9-5ef4-463a-9681-4185950d210f",
"value": "5.133.179.77"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f9-012c-4a8e-a8a4-2dd8950d210f",
"value": "94.242.224.214"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1f9-0958-44ea-9c34-88a8950d210f",
"value": "194.87.92.242"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1fa-4cec-484d-8f70-8864950d210f",
"value": "195.133.146.236"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "ip-dst",
"uuid": "59dce1fa-4d8c-488c-9ad6-4b09950d210f",
"value": "193.124.117.238"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": true,
"type": "sha256",
"uuid": "59dfa990-1d08-410c-9aa9-36f102de0b81",
"value": "aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": true,
"type": "sha1",
"uuid": "59dfa990-2bd4-419c-a817-36f102de0b81",
"value": "47dde438bfb84ef917b8beadf5fde3f0f503c013"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "link",
"uuid": "59dfa990-de4c-4dcd-852f-36f102de0b81",
"value": "https://www.virustotal.com/file/aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10/analysis/1507712630/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": true,
"type": "sha256",
"uuid": "59dfa990-22d4-41bc-aeaf-36f102de0b81",
"value": "10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": true,
"type": "sha1",
"uuid": "59dfa990-dd38-4234-baa7-36f102de0b81",
"value": "0db85dd510c03b3642bd7d1f214bade1a2574106"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507830160",
"to_ids": false,
"type": "link",
"uuid": "59dfa990-db78-4b97-a870-36f102de0b81",
"value": "https://www.virustotal.com/file/10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0/analysis/1507712666/"
}
]
}
}