2023-12-14 14:30:15 +00:00
|
|
|
{"Event": {"info": "OSINT - Gozi ISFB Remains Active in 2018, Leverages \"Dark Cloud\" Botnet For Distribution", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:banker=\"Gozi ISFB\""}], "publish_timestamp": "0", "timestamp": "1520949345", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "3ebecaa7-b9a3-48a4-becf-194625b24f9d", "sharing_group_id": "0", "timestamp": "1520948273", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "3ebecaa7-b9a3-48a4-becf-194625b24f9d", "uuid": "5aa7d85f-e3c8-46bd-912a-436802de0b81", "timestamp": "1520949343", "referenced_uuid": "be09f3b1-9fcf-4d5b-848e-41fecd41123d", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "Malicious Document", "category": "Payload delivery", "uuid": "5aa7d42e-00fc-4476-a6ed-4cf402de0b81", "timestamp": "1520948270", "to_ids": true, "value": "8e8ee386d56f308511f69045b9b06160f3cc40f9", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "Malicious Document", "category": "Payload delivery", "uuid": "5aa7d42f-40e4-4f2e-990e-4c5702de0b81", "timestamp": "1520948271", "to_ids": true, "value": "f7854d717ea3449b6cf2ed56b8fc1e790dff23df19c62e554f233300faac8750", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "Malicious Document", "category": "Payload delivery", "uuid": "5aa7d42f-2f4c-4ca0-a7d1-469402de0b81", "timestamp": "1520948271", "to_ids": true, "value": "12d070eb94b43e5ea279f913b1b88888", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "be09f3b1-9fcf-4d5b-848e-41fecd41123d", "sharing_group_id": "0", "timestamp": "1520948272", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "Malicious Document", "category": "External analysis", "uuid": "5aa7d430-80b4-44a0-83a6-480f02de0b81", "timestamp": "1520948272", "to_ids": false, "value": "https://www.virustotal.com/file/f7854d717ea3449b6cf2ed56b8fc1e790dff23df19c62e554f233300faac8750/analysis/1520467062/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "Malicious Document", "category": "Other", "uuid": "5aa7d430-bf34-4151-9467-483d02de0b81", "timestamp": "1520948272", "to_ids": false, "value": "33/60", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "Malicious Document", "category": "Other", "uuid": "5aa7d430-edf4-4b8c-8d3b-46af02de0b81", "timestamp": "1520948272", "to_ids": false, "value": "2018-03-07 23:57:42", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "b5694caa-9b22-415f-8272-9c57b3eb08c3", "sharing_group_id": "0", "timestamp": "1520948275", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "b5694caa-9b22-415f-8272-9c57b3eb08c3", "uuid": "5aa7d85f-4e14-4205-8f9d-4f5702de0b81", "timestamp": "1520949343", "referenced_uuid": "2b4622e3-ecfd-4e33-88d1-4be6fee2d27e", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "Malicious Document", "category": "Payload delivery", "uuid": "5aa7d431-5bdc-464d-a795-472002de0b81", "timestamp": "1520948273", "to_ids": true, "value": "a7d3eca0ca37cfdf4c52b8d1c5dfe66c2c1f0044", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "Malicious Document", "category": "Payload delivery", "uuid": "5aa7d431-a770-4ea5-9c07-4aef02de0b81", "timestamp": "1520948273", "to_ids":
|
