misp-circl-feed/feeds/circl/misp/59cbb4ef-1310-4e85-8432-4879950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "M2M -  Locky 2017-09-27 : Affid=3, offline, \".ykcol\" :\n \"INVOICE\" - \"A1234-5678901234.7z\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}], "publish_timestamp": "1506524919", "timestamp": "1506524912", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "59cbb4f0-9360-42b7-89f0-4e4d950d210f", "timestamp": "1506524906", "to_ids": true, "value": "1c1a6b70b5e2b13c019d5cbdf0f12738", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f0-94d4-4d80-97dc-483b950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://antwerpvillas.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f0-0470-4ae8-b4fc-48a3950d210f", "timestamp": "1506524906", "to_ids": true, "value": "antwerpvillas.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "antwerpvillas.com", "category": "Network activity", "uuid": "59cbb4f0-cde8-4b39-8644-4100950d210f", "timestamp": "1506524906", "to_ids": false, "value": "78.40.96.174", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f1-8188-45f0-aea0-4e7e950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://apethorpevillage.co.uk/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f1-5658-4600-a2a6-41d3950d210f", "timestamp": "1506524906", "to_ids": true, "value": "apethorpevillage.co.uk", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "apethorpevillage.co.uk", "category": "Network activity", "uuid": "59cbb4f1-1814-458c-b287-4c34950d210f", "timestamp": "1506524906", "to_ids": false, "value": "88.150.140.239", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f1-20bc-4c0a-80ad-4b1a950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://asi-automazioni.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f2-26e4-473e-86f7-4c43950d210f", "timestamp": "1506524906", "to_ids": true, "value": "asi-automazioni.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "asi-automazioni.com", "category": "Network activity", "uuid": "59cbb4f2-be64-4bc7-9900-47b4950d210f", "timestamp": "1506524906", "to_ids": false, "value": "5.135.180.43", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f2-9538-4a7f-9702-43cd950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://freevillemusic.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f2-6cdc-4b4d-ab07-4a69950d210f", "timestamp": "1506524906", "to_ids": true, "value": "freevillemusic.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "freevillemusic.com", "category": "Network activity", "uuid": "59cbb4f3-b870-4ed0-8795-4f83950d210f", "timestamp": "1506524906", "to_ids": false, "value": "66.84.8.235", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f3-6d80-4d64-9ed7-477e950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://galeona.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f3-7200-4366-8a34-4451950d210f", "timestamp": "1506524906", "to_ids": true, "value": "galeona.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "galeona.com", "category": "Network activity", "uuid": "59cbb4f3-a4a8-49aa-8f78-45cc950d210f", "timestamp": "1506524906", "to_ids": false, "value": "212.89.16.142", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f4-9bc0-4d8d-87e0-4e35950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://gdrural.com.au/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f4-48f4-4831-8425-4002950d210f", "timestamp": "1506524906", "to_ids": true, "value": "gdrural.com.au", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "gdrural.com.au", "category": "Network activity", "uuid": "59cbb4f5-9eac-443e-a25d-4559950d210f", "timestamp": "1506524906", "to_ids": false, "value": "113.20.6.89", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f5-9064-4234-8935-4ef4950d210f", "timestamp": "1506524906", "to_ids": true, "value": "http://geocean.co.id/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f6-99fc-44df-a68f-4cff950d210f", "timestamp": "1506524906", "to_ids": true, "value": "geocean.co.id", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "geocean.co.id", "category": "Network activity", "uuid": "59cbb4f7-86dc-402d-b0ed-4ef7950d210f", "timestamp": "1506524905", "to_ids": false, "value": "202.169.44.143", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f7-c704-4cc1-ab59-4df1950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://gilgroup.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f7-7c7c-4e02-a1ba-4c31950d210f", "timestamp": "1506524905", "to_ids": true, "value": "gilgroup.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "gilgroup.com", "category": "Network activity", "uuid": "59cbb4f8-ff10-4930-a4ac-4594950d210f", "timestamp": "1506524905", "to_ids": false, "value": "216.185.44.105", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f8-cb68-4cf5-bb8f-4957950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://giraudnet.co.uk/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f8-6d68-4271-aef6-42c5950d210f", "timestamp": "1506524905", "to_ids": true, "value": "giraudnet.co.uk", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "giraudnet.co.uk", "category": "Network activity", "uuid": "59cbb4f8-1df8-4e94-afc5-4578950d210f", "timestamp": "1506524905", "to_ids": false, "value": "188.165.73.129", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f9-2bc8-4333-bb4c-45cd950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://glostrap.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4f9-25d4-4f72-b829-4330950d210f", "timestamp": "1506524905", "to_ids": true, "value": "glostrap.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "glostrap.com", "category": "Network activity", "uuid": "59cbb4f9-f18c-41e2-a3f0-4165950d210f", "timestamp": "1506524905", "to_ids": false, "value": "216.114.192.21", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fa-1920-49e6-b481-431e950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://graficasicarpearanjuez.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fa-bd10-4757-9330-4f90950d210f", "timestamp": "1506524905", "to_ids": true, "value": "graficasicarpearanjuez.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "graficasicarpearanjuez.com", "category": "Network activity", "uuid": "59cbb4fa-b6fc-4843-9bd9-4c4d950d210f", "timestamp": "1506524905", "to_ids": false, "value": "185.18.197.109", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fa-9dd4-45b0-99a5-4ed0950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://granado.es/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fb-77dc-4c59-8e1a-4d82950d210f", "timestamp": "1506524905", "to_ids": true, "value": "granado.es", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "granado.es", "category": "Network activity", "uuid": "59cbb4fb-2d64-4bde-9673-4f8b950d210f", "timestamp": "1506524905", "to_ids": false, "value": "37.247.122.30", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fb-9508-432d-9df0-468b950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://hkcel.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fb-c3e0-4165-be84-45af950d210f", "timestamp": "1506524905", "to_ids": true, "value": "hkcel.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "hkcel.com", "category": "Network activity", "uuid": "59cbb4fd-21c4-4520-8ead-4271950d210f", "timestamp": "1506524905", "to_ids": false, "value": "202.181.132.166", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fe-3bf8-456e-9ac4-4c25950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://hmbre.com/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4fe-a1b0-4ad8-8864-4493950d210f", "timestamp": "1506524905", "to_ids": true, "value": "hmbre.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "hmbre.com", "category": "Network activity", "uuid": "59cbb4fe-ead4-4042-b3b2-4a47950d210f", "timestamp": "1506524905", "to_ids": false, "value": "69.27.177.4", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4ff-7ec8-4220-8b38-4548950d210f", "timestamp": "1506524905", "to_ids": true, "value": "http://poemsan.info/p66/niugufvt4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59cbb4ff-32d8-462f-90f7-4b6e950d210f", "timestamp": "1506524905", "to_ids": true, "value": "poemsan.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738", "category": "Artifacts dropped", "uuid": "59cbbeea-0cd8-4013-bd2d-190802de0b81", "timestamp": "1506524906", "to_ids": true, "value": "e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738", "category": "Artifacts dropped", "uuid": "59cbbeea-83d4-47e2-b522-190802de0b81", "timestamp": "1506524906", "to_ids": true, "value": "d21b9d5ca7327bb1ca57aaf8752e7764a3334fe8", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738", "category": "External analysis", "uuid": "59cbbeea-6980-4c6c-b680-190802de0b81", "timestamp": "1506524906", "to_ids": false, "value": "https://www.virustotal.com/file/e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4/analysis/1506520270/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": true, "date": "2017-09-27", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "59cbb4ef-1310-4e85-8432-4879950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink