2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2018-05-22",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Emotet 5-18-2018",
|
|
|
|
"publish_timestamp": "1589183759",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1621849729",
|
|
|
|
"uuid": "5b0438ad-6d20-4a53-9a8b-2c1c0acd0835",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "Synovus Financial",
|
|
|
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "misp-galaxy:tool=\"Emotet\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#003860",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"pastie-website\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#002642",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"microblog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004061",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-c7ac-49a6-b78f-2c420acd0835",
|
|
|
|
"value": "50.37.10.78|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-20f0-4baa-b9ad-2c420acd0835",
|
|
|
|
"value": "50.84.214.74|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-1464-4a92-bcd8-2c420acd0835",
|
|
|
|
"value": "65.25.17.131|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-6724-4133-9846-2c420acd0835",
|
|
|
|
"value": "67.20.224.109|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-caf4-4260-a33f-2c420acd0835",
|
|
|
|
"value": "69.129.91.38|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-6944-4ac5-bb83-2c420acd0835",
|
|
|
|
"value": "70.167.17.7|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-fa54-4b42-a740-2c420acd0835",
|
|
|
|
"value": "72.49.55.42|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-6978-4f21-8e03-2c420acd0835",
|
|
|
|
"value": "86.209.63.166|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-5114-4463-aac3-2c420acd0835",
|
|
|
|
"value": "105.228.39.7|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-a450-43be-80a9-2c420acd0835",
|
|
|
|
"value": "119.18.8.51|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004061",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-b090-4a74-bec9-2c420acd0835",
|
|
|
|
"value": "169.0.250.138|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-7ed0-41b4-aa42-2c420acd0835",
|
|
|
|
"value": "179.52.46.11|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-7444-4a71-a9d9-2c420acd0835",
|
|
|
|
"value": "192.227.112.57|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-f0a0-46ed-8938-2c420acd0835",
|
|
|
|
"value": "199.167.209.11|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-9548-496f-96fb-2c420acd0835",
|
|
|
|
"value": "222.112.169.133|80",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-2c44-4426-895e-2c420acd0835",
|
|
|
|
"value": "37.120.170.231|443",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-4c8c-4d5e-b966-2c420acd0835",
|
|
|
|
"value": "174.140.167.85|443",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c4-b078-43e2-9d5d-2c420acd0835",
|
|
|
|
"value": "188.226.223.31|443",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5b0438c5-fbd8-4d17-bb11-2c420acd0835",
|
|
|
|
"value": "217.160.93.187|443",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00aad0",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "veris:action:malware:variety=\"C2\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b0438d9-9b24-475a-9eb1-08ef0acd0835",
|
|
|
|
"value": "http://lemat.sk/YQJHmA",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b0438d9-ae60-4a28-b202-08ef0acd0835",
|
|
|
|
"value": "http://columbiainstitute.org/O/YBC4RQ/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Support Tool",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5b0438e9-88c4-4681-aa0b-2c060acd0835",
|
|
|
|
"value": "https://www.virustotal.com/#/file/1b9e1f248b3dd13e0c8668117caa7f8af1e34918f1e9ac6f71d619e50fd91538/detection"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2d-d2e0-4a3a-a20f-2ade0acd0835",
|
|
|
|
"value": "http://emulsiflex.com/Wz51Bq1/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2d-6a18-4b90-b690-2ade0acd0835",
|
|
|
|
"value": "http://e-muhr.de/IcS1A5z/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2d-cc18-4e88-95f6-2ade0acd0835",
|
|
|
|
"value": "http://emulsiflex.com/Wz51Bq1",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2d-6720-440e-a5c4-2ade0acd0835",
|
|
|
|
"value": "http://lemat.sk/YQJHmA/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2e-b2f8-4984-9875-2ade0acd0835",
|
|
|
|
"value": "http://columbiainstitute.org/O/YBC4RQ",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2e-ba3c-44c1-8389-2ade0acd0835",
|
|
|
|
"value": "http://sweatshop.org/dnqN0nl",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2e-c00c-4b03-9b9d-2ade0acd0835",
|
|
|
|
"value": "http://www.gardonyrefhir.hu/gmQuF9x",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2e-aeac-4727-aa52-2ade0acd0835",
|
|
|
|
"value": "http://sweatshop.org/dnqN0nl/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1527004113",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b043a2e-1968-4be5-a86d-2ade0acd0835",
|
|
|
|
"value": "http://e-muhr.de/IcS1A5z",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#2d0048",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#cc4900",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "diamond-model:Infrastructure",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "11",
|
|
|
|
"timestamp": "1527003445",
|
|
|
|
"uuid": "5b043935-825c-49d4-b93c-08ef0acd0835",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5b043935-b294-48fc-bce2-08ef0acd0835",
|
|
|
|
"value": "923a8d46eca1e77e020e0ac0951226d8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "text",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5b043935-0f14-48ff-bd0c-08ef0acd0835",
|
|
|
|
"value": "Emotet"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5b043935-45b8-4e74-90b9-08ef0acd0835",
|
|
|
|
"value": "1b9e1f248b3dd13e0c8668117caa7f8af1e34918f1e9ac6f71d619e50fd91538"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5b043935-1384-439f-b8f6-08ef0acd0835",
|
|
|
|
"value": "22468.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5b043935-1ac0-445b-9399-08ef0acd0835",
|
|
|
|
"value": "45ef0de6aa324ebebdf9ba61129cd316e19973ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ssdeep",
|
|
|
|
"uuid": "5b043935-797c-41b6-a6b1-08ef0acd0835",
|
|
|
|
"value": "3072:8ZL3fu/kIS5c7+iMfmGkV1C5o63qaGymSUO:G0fac7Kflgao63qaGLS"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Emotet",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "state",
|
|
|
|
"timestamp": "1527003738",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5b043935-160c-4861-8ce2-08ef0acd0835",
|
|
|
|
"value": "Malicious"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|