106 lines
No EOL
3.3 KiB
JSON
106 lines
No EOL
3.3 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-05-23",
|
|
"extends_uuid": "",
|
|
"info": "Locky of the day (20160520)",
|
|
"publish_timestamp": "1463984552",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1463984507",
|
|
"uuid": "5742a093-4190-414a-8a36-4c8d950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#006c6c",
|
|
"name": "ecsirt:malicious-code=\"ransomware\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984312",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5742a0b8-25d0-4320-a7aa-4755950d210f",
|
|
"value": "staffsolut.nichost.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Enriched via the circl_passivedns module",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5742a0d0-b7fc-45f5-a82a-3309950d210f",
|
|
"value": "195.208.1.146"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "msg0008040339157.docm",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984415",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5742a11f-2c44-46d1-983d-4260950d210f",
|
|
"value": "0b3323531a322c89aa4c9059a1b215a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984433",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "5742a131-8d48-4c73-91ff-4b80950d210f",
|
|
"value": "1536:3DnCkuBxIKKiuyYuAkbWPU74MimdaaGYIpTFRa:zCGKgyYuAEWPbM5aaGBpZI"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984507",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5742a17b-d064-4742-9332-40da02de0b81",
|
|
"value": "ed44bde7c63f0d65b0f2fdc64aedb002e8e9c6ce90caef1835f558a036cf4b90"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984507",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5742a17b-3cb8-42d5-a9f2-445102de0b81",
|
|
"value": "1575f0f495e566c768d67dd188ff84ce3eb7952c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1463984507",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5742a17b-e188-4e69-9705-4c1102de0b81",
|
|
"value": "https://www.virustotal.com/file/ed44bde7c63f0d65b0f2fdc64aedb002e8e9c6ce90caef1835f558a036cf4b90/analysis/1463766071/"
|
|
}
|
|
]
|
|
}
|
|
} |