528 lines
No EOL
18 KiB
JSON
528 lines
No EOL
18 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-11-05",
|
|
"extends_uuid": "",
|
|
"info": "OSINT CryptoWall v4 Emerges Days After Cyber Threat Alliance Report by Palo Alto Networks Unit 42",
|
|
"publish_timestamp": "1447223861",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1447223857",
|
|
"uuid": "564264fe-1794-4894-878f-68b5950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191826",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56426512-800c-4695-b9a4-cf48950d210b",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-after-cyber-threat-alliance-report/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191864",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56426538-dc54-419e-94e4-cf3d950d210b",
|
|
"value": "4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191864",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56426538-1ed4-4fdb-95e1-cf3d950d210b",
|
|
"value": "http://46.30.43.183/syria.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191865",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56426539-c1a0-47e5-b39a-cf3d950d210b",
|
|
"value": "http://46.30.45.110/analitics.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191865",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56426539-9bac-49fa-83ea-cf3d950d210b",
|
|
"value": "3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653a-1060-4d38-bab5-cf3d950d210b",
|
|
"value": "299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653a-c194-498d-b7a9-cf3d950d210b",
|
|
"value": "3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653a-5f54-4f76-ac40-cf3d950d210b",
|
|
"value": "9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653b-a50c-48d3-b84f-cf3d950d210b",
|
|
"value": "2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653b-5a60-4a20-a1bd-cf3d950d210b",
|
|
"value": "41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653c-92d8-4e82-a9d5-cf3d950d210b",
|
|
"value": "bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653c-a478-4416-80f8-cf3d950d210b",
|
|
"value": "dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5642653c-a510-45ad-981e-cf3d950d210b",
|
|
"value": "4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191869",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5642653d-ca54-4c85-93d5-cf3d950d210b",
|
|
"value": "46.30.43.183"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447191869",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5642653d-bddc-458a-b158-cf3d950d210b",
|
|
"value": "46.30.45.110"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223423",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e07f-d140-4b5d-817c-cf3c950d210b",
|
|
"value": "2f687a620b12db374de7d1c3bb8905fc764b5c0a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223424",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e080-2aa0-43a3-87be-cf3c950d210b",
|
|
"value": "d6b64f2be383a9d26bd6f2e7dad3399f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223424",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e080-1640-409d-baa9-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d/analysis/1446585480/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223424",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e080-97b4-49b5-bb62-cf3c950d210b",
|
|
"value": "17564218c2127ef7c88754333598d4549ead35ea"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223425",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e081-887c-4d00-8111-cf3c950d210b",
|
|
"value": "d67af2c69617081f73b9c6df543c908f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223425",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e081-f188-42b3-a439-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2/analysis/1446822342/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223426",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e082-5b40-4a76-865f-cf3c950d210b",
|
|
"value": "949f1903642e72575e107ee492faba670c8e0006"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223426",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e082-e1ec-4a96-bc66-cf3c950d210b",
|
|
"value": "5384f752e3a2b59fad9d0f143ce0215a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223426",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e082-dda4-488c-8517-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2/analysis/1447214288/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e083-4564-4a15-9580-cf3c950d210b",
|
|
"value": "71cdc9064c25ac7fb469c018255e0f04aa9add7a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223427",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e083-1304-4ffd-9f37-cf3c950d210b",
|
|
"value": "999b597cdfc10a8e960e3c24e1c51e26"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223428",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e084-a1c0-43ae-a113-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63/analysis/1446579385/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e084-6028-47e0-8f86-cf3c950d210b",
|
|
"value": "b38fb01ffe6fbaead77c80dbd21bb6077464b8a5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223428",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e084-ceb0-4472-8409-cf3c950d210b",
|
|
"value": "e28a0ed74e78e75710b0d46742e407e3"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223429",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e085-b648-41f3-b451-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3/analysis/1446996756/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e085-d408-46d8-b71d-cf3c950d210b",
|
|
"value": "4e1423e1404ce1d5d6536da0443074636257d0bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223430",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e086-c704-477c-8411-cf3c950d210b",
|
|
"value": "faa1d566f5bd28e908a40189d83edd42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223430",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e086-b5f0-4fac-ac55-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804/analysis/1446293167/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e086-3e28-4961-b5af-cf3c950d210b",
|
|
"value": "e5216e3f23ba1dfb33c45412dd96a2f87ca45dca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223431",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e087-24bc-4d1e-8b9d-cf3c950d210b",
|
|
"value": "e73806e3f41f61e7c7a364625cd58f65"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223431",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e087-7b8c-4aeb-a133-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801/analysis/1447151428/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223432",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e088-10f4-4ebf-a354-cf3c950d210b",
|
|
"value": "4dc7d878dcbbae9b37453b6874937a2bb426ddb4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223432",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e088-982c-479f-8ec2-cf3c950d210b",
|
|
"value": "48e4daf494e4fa2577d8fa94b7b89e35"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223433",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e089-9bcc-47eb-ae4b-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223/analysis/1446822341/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223433",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e089-bd2c-4c30-8d3b-cf3c950d210b",
|
|
"value": "cb5c885266840321245098aa0b9574950ab95c60"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223433",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e089-f7d4-4efa-b002-cf3c950d210b",
|
|
"value": "274b166a39093fc87faa42a7608841d7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223434",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e08a-eeac-48f3-83c2-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667/analysis/1446293477/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223434",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5642e08a-537c-4208-b5a1-cf3c950d210b",
|
|
"value": "65ddba4a3ffbb84875573e7442560fcfcd42c947"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223435",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5642e08b-6234-4dd2-b803-cf3c950d210b",
|
|
"value": "50b965686ad2cbdc0066e870a928177e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1447223435",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5642e08b-a72c-421b-b5db-cf3c950d210b",
|
|
"value": "https://www.virustotal.com/file/4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56/analysis/1447182903/"
|
|
}
|
|
]
|
|
}
|
|
} |