misp-circl-feed/feeds/circl/misp/59259700-5778-40e2-9800-b458950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "Jaff 2017-05-24 : \"IMG_1234.pdf\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Jaff\""}], "publish_timestamp": "0", "timestamp": "1495635779", "analysis": "1", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "59259743-2c78-4f39-bdb4-43b6950d210f", "timestamp": "1495635779", "to_ids": true, "value": "y887drossetorling.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259742-2c48-4321-8064-4990950d210f", "timestamp": "1495635778", "to_ids": true, "value": "http://y887drossetorling.info/a5/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "williams-fitness.com", "category": "Network activity", "uuid": "59259742-80d4-46c3-aa7b-0cdb950d210f", "timestamp": "1495635778", "to_ids": true, "value": "143.95.44.115", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259741-0530-414b-b35c-436f950d210f", "timestamp": "1495635777", "to_ids": true, "value": "williams-fitness.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "uslugitransportowe-warszawa.pl", "category": "Network activity", "uuid": "5925973f-75c0-4061-9abe-49bc950d210f", "timestamp": "1495635775", "to_ids": true, "value": "188.68.249.235", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259740-40f4-4d93-9ed7-b44f950d210f", "timestamp": "1495635776", "to_ids": true, "value": "http://williams-fitness.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925973e-8cc0-40f1-8086-b45c950d210f", "timestamp": "1495635774", "to_ids": true, "value": "uslugitransportowe-warszawa.pl", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5925973d-8924-4d1e-a4a5-31d2950d210f", "timestamp": "1495635773", "to_ids": true, "value": "http://uslugitransportowe-warszawa.pl/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "tdtuusula.com", "category": "Network activity", "uuid": "5925973c-cadc-455d-8622-486b950d210f", "timestamp": "1495635772", "to_ids": true, "value": "95.213.201.30", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925973b-3e18-45d1-90a9-b459950d210f", "timestamp": "1495635771", "to_ids": true, "value": "tdtuusula.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5925973a-3620-4b70-aa96-4737950d210f", "timestamp": "1495635770", "to_ids": true, "value": "http://tdtuusula.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "tbhomeinspection.com", "category": "Network activity", "uuid": "5925973a-7510-4c57-ace1-0cd9950d210f", "timestamp": "1495635770", "to_ids": true, "value": "70.33.241.150", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259739-6930-48d4-bfc6-4a53950d210f", "timestamp": "1495635769", "to_ids": true, "value": "tbhomeinspection.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259738-efb0-470f-9a11-b456950d210f", "timestamp": "1495635768", "to_ids": true, "value": "http://tbhomeinspection.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "tabelaistanbul.net", "category": "Network activity", "uuid": "59259737-c364-4241-995e-4c9c950d210f", "timestamp": "1495635767", "to_ids": true, "value": "37.247.111.46", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259736-4c68-428f-92bd-4f42950d210f", "timestamp": "1495635766", "to_ids": true, "value": "tabelaistanbul.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259735-4e0c-4680-a55c-7bd8950d210f", "timestamp": "1495635765", "to_ids": true, "value": "http://tabelaistanbul.net/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "pcflame.com.au", "category": "Network activity", "uuid": "59259734-eb70-46eb-b382-4fd0950d210f", "timestamp": "1495635764", "to_ids": true, "value": "103.9.170.249", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259733-7464-4504-af9b-4e38950d210f", "timestamp": "1495635763", "to_ids": true, "value": "pcflame.com.au", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259732-78f8-4d0d-ac1d-0cdb950d210f", "timestamp": "1495635762", "to_ids": true, "value": "http://pcflame.com.au/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "oliverkuo.com.au", "category": "Network activity", "uuid": "59259731-37c4-4a0a-a436-b458950d210f", "timestamp": "1495635761", "to_ids": true, "value": "27.54.86.49", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259730-8be4-4d2e-add7-4e7b950d210f", "timestamp": "1495635760", "to_ids": true, "value": "oliverkuo.com.au", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5925972f-bc14-4493-8180-4927950d210f", "timestamp": "1495635759", "to_ids": true, "value": "http://oliverkuo.com.au/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "olgasmile.ru", "category": "Network activity", "uuid": "5925972e-8c78-4ae1-8512-b45c950d210f", "timestamp": "1495635758", "to_ids": true, "value": "141.8.195.45", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925972d-4fbc-4811-9c18-41b5950d210f", "timestamp": "1495635757", "to_ids": true, "value": "olgasmile.ru", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5925972d-a72c-4924-b52d-0cd9950d210f", "timestamp": "1495635757", "to_ids": true, "value": "http://olgasmile.ru/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925972a-aef0-4d00-a0f9-4dcf950d210f", "timestamp": "1495635754", "to_ids": true, "value": "minnessotaswordfishh.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5925972a-15ac-4f7c-9d07-4752950d210f", "timestamp": "1495635754", "to_ids": true, "value": "http://minnessotaswordfishh.com/af/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "khaosoklake.com", "category": "Network activity", "uuid": "59259729-705c-4d87-977e-4f61950d210f", "timestamp": "1495635753", "to_ids": true, "value": "77.104.168.120", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259727-1ea8-4aa6-9a57-0cdb950d210f", "timestamp": "1495635751", "to_ids": true, "value": "khaosoklake.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259727-d168-4300-a636-47f4950d210f", "timestamp": "1495635751", "to_ids": true, "value": "http://khaosoklake.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "jinyuxuan.de", "category": "Network activity", "uuid": "59259726-d524-4e68-9d4f-b458950d210f", "timestamp": "1495635750", "to_ids": true, "value": "81.169.145.68", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259725-f418-450c-9cf1-4525950d210f", "timestamp": "1495635749", "to_ids": true, "value": "jinyuxuan.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259724-0e9c-4fb1-8a60-b44f950d210f", "timestamp": "1495635748", "to_ids": true, "value": "http://jinyuxuan.de/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "hr991.com", "category": "Network activity", "uuid": "59259724-e1d0-4952-82e7-4696950d210f", "timestamp": "1495635748", "to_ids": true, "value": "103.238.225.190", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259722-e268-4574-a194-b45c950d210f", "timestamp": "1495635746", "to_ids": true, "value": "hr991.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59259722-1bd8-44c7-96a2-31d2950d210f", "timestamp": "1495635745", "to_ids": true, "value": "http://hr991.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "electron-trade.ru", "category": "Network activity", "uuid": "59259720-8824-4b28-9218-472d950d210f", "timestamp": "1495635744", "to_ids": true, "value": "89.108.118.14", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925971f-e800-4d35-84a9-b459950d210f", "timestamp": "1495635743", "to_ids": true, "value": "electron-trade.ru", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59259702-8d0c-432e-8cae-b45c950d210f", "timestamp": "1495635714", "to_ids": true, "value": "be60ac06c22159319bd757e0c35be957", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59259702-8200-4e7f-b43a-4887950d210f", "timestamp": "1495635714", "to_ids": true, "value": "c9c897215e6f805eaf03ad56afd6e331", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59259704-7f98-4551-82c6-475b950d210f", "timestamp": "1495635716", "to_ids": true, "value": "http://abcenglishclub.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59259705-f070-499f-bef1-b458950d210f", "timestamp": "1495635717", "to_ids": true, "value": "abcenglishclub.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "abcenglishclub.com", "category": "Network activity", "uuid": "59259706-25dc-4542-9007-4754950d210f", "timestamp": "1495635718", "to_ids": true, "value": "100.42.56.20", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259707-de98-4182-8654-4513950d210f", "timestamp": "1495635719", "to_ids": true, "value": "http://b.cms-hosting.by/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59259708-0c24-4e55-99f6-41e4950d210f", "timestamp": "1495635720", "to_ids": true, "value": "b.cms-hosting.by", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "b.cms-hosting.by", "category": "Network activity", "uuid": "59259709-c73c-4a1f-8a90-0cdb950d210f", "timestamp": "1495635721", "to_ids": true, "value": "93.84.115.212", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925970a-c2c4-4755-a5c7-4288950d210f", "timestamp": "1495635722", "to_ids": true, "value": "http://better57toiuydof.net/af/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925970b-7d4c-4b05-89bf-4f2c950d210f", "timestamp": "1495635723", "to_ids": true, "value": "better57toiuydof.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "better57toiuydof.net", "category": "Network activity", "uuid": "5925970c-7524-40f5-bcdb-7bd8950d210f", "timestamp": "1495635724", "to_ids": true, "value": "54.165.236.47", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925970d-7544-4ea6-8425-b456950d210f", "timestamp": "1495635725", "to_ids": true, "value": "http://billiginurlaub.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925970e-a4a0-4fac-940c-0cd9950d210f", "timestamp": "1495635726", "to_ids": true, "value": "billiginurlaub.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "billiginurlaub.com", "category": "Network activity", "uuid": "5925970f-c854-4e1f-88d1-4e0e950d210f", "timestamp": "1495635727", "to_ids": true, "value": "162.144.5.108", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259710-5bd8-4bd6-bf87-405d950d210f", "timestamp": "1495635728", "to_ids": true, "value": "http://david-faber.de/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59259711-3fe8-41b9-a0ad-4f7e950d210f", "timestamp": "1495635729", "to_ids": true, "value": "david-faber.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "david-faber.de", "category": "Network activity", "uuid": "59259711-4818-4ed4-a14c-31d2950d210f", "timestamp": "1495635729", "to_ids": true, "value": "81.169.145.78", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259712-3078-4667-bdd9-b45c950d210f", "timestamp": "1495635730", "to_ids": true, "value": "http://digital-helpdesk.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59259713-8a90-4a78-badc-421d950d210f", "timestamp": "1495635731", "to_ids": true, "value": "digital-helpdesk.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "digital-helpdesk.com", "category": "Network activity", "uuid": "59259714-e7dc-4af6-a172-b44f950d210f", "timestamp": "1495635732", "to_ids": true, "value": "163.47.73.92", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59259715-7d34-4c49-889e-4267950d210f", "timestamp": "1495635733", "to_ids": true, "value": "http://dogplay.co.kr/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59259716-002c-4d84-b812-43a9950d210f", "timestamp": "1495635734", "to_ids": true, "value": "dogplay.co.kr", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "dogplay.co.kr", "category": "Network activity", "uuid": "59259719-774c-444f-8905-0cdb950d210f", "timestamp": "1495635737", "to_ids": true, "value": "1.234.27.239", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925971a-75dc-4e3c-8094-4e91950d210f", "timestamp": "1495635738", "to_ids": true, "value": "http://ecoeventlogistics.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925971a-b324-4595-a2d3-4c25950d210f", "timestamp": "1495635738", "to_ids": true, "value": "ecoeventlogistics.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "ecoeventlogistics.com", "category": "Network activity", "uuid": "5925971b-4b9c-41e7-9d10-7bd8950d210f", "timestamp": "1495635739", "to_ids": true, "value": "199.116.112.134", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925971c-89e8-4d1e-81ca-4593950d210f", "timestamp": "1495635740", "to_ids": true, "value": "http://elateplaza.com/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5925971d-9a78-4791-8d7c-b456950d210f", "timestamp": "1495635741", "to_ids": true, "value": "elateplaza.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "elateplaza.com", "category": "Network activity", "uuid": "5925971e-6460-441c-bdfc-4cc9950d210f", "timestamp": "1495635742", "to_ids": true, "value": "94.23.97.226", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5925971e-9fe4-4016-ac0b-0cd9950d210f", "timestamp": "1495635742", "to_ids": true, "value": "http://electron-trade.ru/FsMflooY", "disable_correlation": false, "object_relation": null, "type": "url"}], "extends_uuid": "", "published": false, "date": "2017-05-24", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "59259700-5778-40e2-9800-b458950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink