501 lines
No EOL
15 KiB
JSON
501 lines
No EOL
15 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2017-11-09",
|
|
"extends_uuid": "",
|
|
"info": "M2M - Locky 2017-11-03 : Affid=3, offline, \".asasin\" : \"Scanned image from MX-2600N\" - \"20171103_123456.doc\"",
|
|
"publish_timestamp": "1510261157",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1510261077",
|
|
"uuid": "5a044feb-cda0-4844-b5f0-2214950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#006c6c",
|
|
"local": false,
|
|
"name": "ecsirt:malicious-code=\"ransomware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:ransomware=\"Locky\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5a044fec-f524-41fc-8865-75a9950d210f",
|
|
"value": "1f608125c16f3396000f6ec9d929d6c9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044fed-6f00-4baa-b022-4cfd950d210f",
|
|
"value": "http://336.linux1.testsider.dk/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044fed-2e84-4587-a638-4751950d210f",
|
|
"value": "336.linux1.testsider.dk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "336.linux1.testsider.dk",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a044fed-7894-4890-a0a2-991b950d210f",
|
|
"value": "77.243.131.16"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044fed-b0d4-4426-937d-43b4950d210f",
|
|
"value": "http://betadesign.es/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044fee-a7b0-4069-bf11-cda3950d210f",
|
|
"value": "betadesign.es"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044ff7-7674-4d8c-9596-2214950d210f",
|
|
"value": "http://comercialarques.es/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044ff8-f574-49a0-afe2-4976950d210f",
|
|
"value": "comercialarques.es"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "comercialarques.es",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a044ff8-d9f8-495b-a11d-4d06950d210f",
|
|
"value": "31.47.74.202"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044ff8-9090-4be9-986a-75a9950d210f",
|
|
"value": "http://deltaled.es/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044ff8-4fd0-4326-908a-4829950d210f",
|
|
"value": "deltaled.es"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044ff9-3154-45cf-9bd2-991b950d210f",
|
|
"value": "http://testbxc.u-host.ru/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044ff9-2db4-4df3-8004-4582950d210f",
|
|
"value": "testbxc.u-host.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "testbxc.u-host.ru",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261062",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a044ff9-f2a0-4dac-b725-717b950d210f",
|
|
"value": "212.220.124.233"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044ffa-f278-4e4a-baec-cda3950d210f",
|
|
"value": "http://unbescheiden.net/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044ffa-6388-4155-959f-45d7950d210f",
|
|
"value": "unbescheiden.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "unbescheiden.net",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
|
|
"value": "212.223.152.138"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a044ffa-8784-424a-9f41-cd7d950d210f",
|
|
"value": "http://watchez.biz/lbMld6sGda"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a044ffa-6a70-4f12-86ee-cdb1950d210f",
|
|
"value": "watchez.biz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a045019-b49c-4ab1-af1e-4bcf950d210f",
|
|
"value": "http://pabxconsultants.co.za/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a045019-5050-44ec-bbe5-717b950d210f",
|
|
"value": "pabxconsultants.co.za"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "pabxconsultants.co.za",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501a-67f4-411f-86ae-cda3950d210f",
|
|
"value": "41.72.154.151"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501a-1e60-42f3-877a-416e950d210f",
|
|
"value": "http://san-syo.co.jp/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501a-f530-4544-8853-42a4950d210f",
|
|
"value": "san-syo.co.jp"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "san-syo.co.jp",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501b-6870-42ac-91f8-47bc950d210f",
|
|
"value": "219.94.169.237"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501b-9bc0-43f0-a2d2-cd7d950d210f",
|
|
"value": "http://saranville.com/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501b-b5e4-48f9-a097-cdb1950d210f",
|
|
"value": "saranville.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "saranville.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501c-5960-4c09-a66b-2214950d210f",
|
|
"value": "27.254.148.14"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501c-9940-4606-ab46-4b38950d210f",
|
|
"value": "http://pwmsteel.com/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501c-af58-4df0-9f87-cdb4950d210f",
|
|
"value": "pwmsteel.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "pwmsteel.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501d-2d3c-42b1-a945-cd35950d210f",
|
|
"value": "50.21.229.37"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501d-fe00-4fcb-bb88-45ff950d210f",
|
|
"value": "http://visualindesign.be/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501d-9d98-4447-b8d7-cc6f950d210f",
|
|
"value": "visualindesign.be"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "visualindesign.be",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501d-9f10-423d-b00b-75a9950d210f",
|
|
"value": "5.135.178.149"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501e-6e10-4c26-9d36-4bfc950d210f",
|
|
"value": "http://twonkygames.com/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501e-6d70-4cb2-aa7e-cdab950d210f",
|
|
"value": "twonkygames.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "twonkygames.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "5a04501e-e6f8-44ce-96c8-4f95950d210f",
|
|
"value": "85.25.242.138"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5a04501e-8ff0-4078-bc2e-991b950d210f",
|
|
"value": "http://evengrollighromsof.net/p66/dhYtebv3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5a04501f-8b24-490c-861c-48d9950d210f",
|
|
"value": "evengrollighromsof.net"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5a04c147-52f0-4649-a1bc-4c0202de0b81",
|
|
"value": "73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5a04c147-a0d0-4cd1-aeb0-4e7602de0b81",
|
|
"value": "1fd9f901ab7f51a542e455b51e6442040d3fa39c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1510261063",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5a04c147-2bf4-4e41-afaf-49be02de0b81",
|
|
"value": "https://www.virustotal.com/file/73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0/analysis/1510056897/"
|
|
}
|
|
]
|
|
}
|
|
} |