396 lines
No EOL
12 KiB
JSON
396 lines
No EOL
12 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-03-28",
|
|
"extends_uuid": "",
|
|
"info": "Locky of the day (20160328) - affid=3",
|
|
"publish_timestamp": "1459257689",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1459175372",
|
|
"uuid": "56f93f55-e6d0-45c9-8109-74ad02de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175281",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56f93f71-1e1c-4f57-974a-3f2b02de0b81",
|
|
"value": "61894322c327ef2cbead173387a955db7e0dfa0ae7799bbe9608b15c78964d7e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 61894322c327ef2cbead173387a955db7e0dfa0ae7799bbe9608b15c78964d7e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175291",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56f93f7b-edc4-4d27-bd7c-3f2c02de0b81",
|
|
"value": "76f27ed591f0270e73dbb0853e71f80a5b32218e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 61894322c327ef2cbead173387a955db7e0dfa0ae7799bbe9608b15c78964d7e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175291",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56f93f7b-44ac-4975-84f3-3f2c02de0b81",
|
|
"value": "1f1e3688f85070dd1e9a766d03b6817e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175291",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56f93f7b-2fa0-4325-aa27-3f2c02de0b81",
|
|
"value": "https://www.virustotal.com/file/61894322c327ef2cbead173387a955db7e0dfa0ae7799bbe9608b15c78964d7e/analysis/1459171638/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175313",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f91-ad50-4798-90bc-3f2702de0b81",
|
|
"value": "92.63.87.134"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175313",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f91-e500-4b6f-967b-3f2702de0b81",
|
|
"value": "176.31.47.100"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175313",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f91-4e5c-4bfd-8669-3f2702de0b81",
|
|
"value": "185.117.72.94"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175314",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f92-db3c-4944-be9f-3f2702de0b81",
|
|
"value": "84.19.170.249"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175314",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f92-3bc0-40a4-98e3-3f2702de0b81",
|
|
"value": "83.217.8.127"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175314",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f93f92-cc08-4a78-a453-3f2702de0b81",
|
|
"value": "91.200.14.73"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175359",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fb3-7fc0-429c-aa4a-3f5d02de0b81",
|
|
"value": "http://comprecaldas.com/js/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175372",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcc-4c84-46a6-9079-3f2f02de0b81",
|
|
"value": "http://comprecaldas.com/js/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175373",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcd-ad84-461c-80b2-3f2f02de0b81",
|
|
"value": "http://distrazur.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175373",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcd-d728-410b-b440-3f2f02de0b81",
|
|
"value": "http://dragonex.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175373",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcd-6f38-4be3-9645-3f2f02de0b81",
|
|
"value": "http://homedesire.co.uk/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175374",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fce-b880-4a0e-8755-3f2f02de0b81",
|
|
"value": "http://lascelta.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175374",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fce-84d4-4104-a05f-3f2f02de0b81",
|
|
"value": "http://orkneyhampers.co.uk/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175374",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fce-a728-4eca-9081-3f2f02de0b81",
|
|
"value": "http://pockettypewriter.co.uk/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175375",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcf-beac-4828-a54d-3f2f02de0b81",
|
|
"value": "http://sandbox.bottlestore.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175375",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcf-afe8-4514-8bf4-3f2f02de0b81",
|
|
"value": "http://scorpena.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175375",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcf-f130-485e-886d-3f2f02de0b81",
|
|
"value": "http://store.brugomug.co.uk/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459175375",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56f93fcf-0b84-4b10-a9ea-3f2f02de0b81",
|
|
"value": "http://wholesale.undercovermama.com/765f46vb.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252857",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e79-f934-4337-8091-43d4950d210f",
|
|
"value": "comprecaldas.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252858",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7a-22b4-4a5e-a88b-42c4950d210f",
|
|
"value": "distrazur.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252858",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7a-6234-4245-aded-4f2f950d210f",
|
|
"value": "homedesire.co.uk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252858",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7a-e6dc-47de-bba3-41be950d210f",
|
|
"value": "dragonex.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252859",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7b-f358-4891-9f38-4253950d210f",
|
|
"value": "orkneyhampers.co.uk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252859",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7b-ed70-4c4c-903f-49ac950d210f",
|
|
"value": "lascelta.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252859",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7b-86bc-4b96-bf6c-4616950d210f",
|
|
"value": "wholesale.undercovermama.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252859",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7b-5fd4-4a72-9b79-481b950d210f",
|
|
"value": "pockettypewriter.co.uk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252860",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7c-89c4-4b7c-9350-4509950d210f",
|
|
"value": "scorpena.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252860",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7c-d424-41c5-bbf4-446a950d210f",
|
|
"value": "sandbox.bottlestore.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459252860",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56fa6e7c-e9b0-4beb-a611-412b950d210f",
|
|
"value": "store.brugomug.co.uk"
|
|
}
|
|
]
|
|
}
|
|
} |