misp-circl-feed/feeds/circl/stix-2.1/5b072226-9b38-47c4-a948-0a8d0acd0835.json

154 lines
579 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b072226-9b38-47c4-a948-0a8d0acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:48:21.000Z",
"modified": "2018-05-24T20:48:21.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b072226-9b38-47c4-a948-0a8d0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:48:21.000Z",
"modified": "2018-05-24T20:48:21.000Z",
"name": "Wells Fargo Phish",
"published": "2018-05-25T14:51:46Z",
"object_refs": [
"observed-data--5b0722ec-95d4-4c29-8557-082c0acd0835",
"file--5b0722ec-95d4-4c29-8557-082c0acd0835",
"artifact--5b0722ec-95d4-4c29-8557-082c0acd0835",
"observed-data--5b07230b-598c-4d5a-bc93-0e520acd0835",
"file--5b07230b-598c-4d5a-bc93-0e520acd0835",
"artifact--5b07230b-598c-4d5a-bc93-0e520acd0835",
"x-misp-attribute--5b072323-4fb0-4c02-a5bc-2a940acd0835",
"x-misp-attribute--5b072335-1ff8-4921-b7e3-27d00acd0835",
"x-misp-attribute--5b0724e4-a0d8-4e45-9096-2af10acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"veris:action:social:variety=\"Phishing\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b0722ec-95d4-4c29-8557-082c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:46:45.000Z",
"modified": "2018-05-24T20:46:45.000Z",
"first_observed": "2018-05-24T20:46:45Z",
"last_observed": "2018-05-24T20:46:45Z",
"number_observed": 1,
"object_refs": [
"file--5b0722ec-95d4-4c29-8557-082c0acd0835",
"artifact--5b0722ec-95d4-4c29-8557-082c0acd0835"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Support Tool\"",
"diamond-model:Capability"
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b0722ec-95d4-4c29-8557-082c0acd0835",
"name": "WellsPhish.PNG",
"content_ref": "artifact--5b0722ec-95d4-4c29-8557-082c0acd0835"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b0722ec-95d4-4c29-8557-082c0acd0835",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA3kAAAKsCAYAAABRdHT9AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7L0HnB/Fff4vN8AGbDAd9UbH2E51ev4pv8SJW7pLXLAdJ8Yt7pgmIQSiC5BASAj1eip3ut5777338r379n5dz/95Zu8rHUKUYMBSsnuv57bM7LSdnfm8vzO7u6C4sQ+2bNmyZcuWLVu2bNmydb6oqKEXBXXdp7ZTixsQl16CA0mFOGhUxO3T2m9UjH1SsrXWsfl+TvlNLMTRjAqkFTejpHEQJ3JrcSS1HIdPlBodPFGMg4mWDjEsxbf7WLaJ/2BKIQ5z/wjDOJyQT/8F2HcsB0eSSxCXynPp/0RuHcNuQV51L9JLWhl2GQ4nlzKsMsZfigOJ5UxbKfbT7+H0UuxKyGaac7EvMQtx3D6ckIO4pHwcOJFj4jtAHUpT3otwPKsK2WXtWFDS1A9btmzZsmXLli1btmzZOp8kuCttHkB2ZRt2HstEcmEdsivakVvZaZTzKnXRbxeyqixln9VPJ/JrepCUX4+9hLRc+ttFSEstbEJeebdRbkXXKWWVtiKnvA0ZJU1ILWpAfFYFUvJqkZpTgwyGkVvagtyyVp7XYfzmMv7UomYcJtilFbdi55EcZJe3I53Ql1najsyyTmSVdXPN9FUwH9WdSC1tRF5tO7LKG5DP7SLmN7+S8Va0IL+2CxnlLciu7iAwtiAhuxrH0iqwoKxlELZs2bJly5YtW7Zs2bJ1PkmgV9E2TBDqwIsHklBY30Mo6yQcdby+KtsJSGc5TgnyBHaZZW3YE5+H0qYh7DiSRQBrI8wRAmMSgNF/AaEtj5C250gmHnlmJ7Udjz67A48/uxtxJwqQXdyMHIJevvwz7MK6PhTU9jHsfCQXNBEgc1Hc2G/izKvuIWD2UdrvpQiUhLzsilYCXiPPJ+AR7LIJszmlTSisJRDSLYf5z67q4PndBhgPJxVjgQrGli1btmzZsmXLli1bts4nlbcOmemaOVXt2HYoBbXdTkJUr4GdmPJPqQsFBCZLhDOudWy+35gEXFmEpZ1Hs1HWPIyX4zLNCFx+FSFMIowV0F8hIayktgdHk4vw4KPPo2vIjf4xL9deNHWOEvR2IS2vDhWNA/TXZ6BQEFnaNExwzEZKYTP2JhQQWIfm4mX8DD+3ohvJ+Y14dNNe3PfoZty97ils3XcMW3bHYe0jz2DNI89h+/5E+iV4alSPcJtR3mrSLYg8mlqGBZXtI7Bly5YtW7Zs2bJly5at801VHQ7zbN4WQo/Ar7C+D/m1vSg4pR4U1/eisKYLRTWdKK7pOKXC2i4UN/QbwLJG2Ohvbq1ju4/norJt1Izk5RGgighqhTW9XNOdwJaQUYHdcenYeTAZd695Aqk5pTieko/41CKUECDvX78ZGQX1KOJ2aV0/CmqUln6UtzgM5GWUCiRzCKvDTHP3XHoZf3UfUvIa8MTmvUjLL0dNSwde3HMY26iWzl7si0vFpu2HCJvt1nRVQm4ey0BpF9AeSSHkqWBs2bJly5YtW7Zs2bJl63zSfMjTSJ5G9goEeYSdQkJVEYGqmPs5Fa0orGozKqpsOaXcCqqq08CVXrBS3DBgQEnn6bk8PZMnyNNInuBJgFZIaCyjv+ySFjy+aQ8yC6uRWVCJrIIq5BVX45f3bcATz+xAHM9du2EL0vPrzGhfUTUBby5sQZ6maQrydhEkS9sGTR4KBaNKew1Br7IbhxjG+idexKDLjz6HB30jLmQXVOCpzbuQlF2BfI3kEfAKGwieTUzbHOQdSyvHgurOUdiyZcuWLVu2bNmyZcvW+aaarjHzLN5Lh1NR0TZC2CGsNQ0R2AYNUGUUN+GpF/Zi00t7sfmlPdRuPL9N2oPHNr2MjdvjDBwJ8gwUEuAkgd++EwWoah8zI3nal3tpYz8hrx85Jc1Y++jzKKvpQHxyLhKS81FKaPzF3Q9jzUPPIiGtDA88/Dwhrx6ldb2oah5BKdNUwrArWkex+3ieedHK7vg8lHcMo6ix1zybJ/cSAmpFwxDS8+rx3IsH8OLLh9Ez4EJb1zAefvx5HDmRizzGVd0+bKarFutFNC0WpGq08Fh6BRZo7qotW7Zs2bJly5YtW7ZsnU8S4Gkt0Nkel4aqjlGUtoyghEBVRGiraHUgNb8Ov1q3EbUtfahr6UF9SzcaWrqMskvqsObJbadG8fT8ndYx4NOnFGo6XebtmnrWr7ihD+UtQ4SwXuSUNmPd41uQlFGCTS/uwwFC5otb9+Oeezbg3geexJOb9mDTtjgU13SjrJ7nEfDKGb7iqGp3mmfxMss6sCchH1XdDkIaAbKFaWD4FY1DKCin26E0bN1xBFW1nThyPB15hdXIK67Dhqdfwv7jWahuGzbTNUsJeOUEXL0kRsAan1GJBfW9btiyZcuWLVu2bNmyZcvW+aS6HpdZ6y2bO45mEPqcqGgfI/SMoojAo1G49KJGbHj2ZWQW1CC7oBo5BRXILSg36xOZJVjzxDbUdXvMSJ2gUKAUgz190662y23esmlG2TRipjd6Eqzyylvx4GMv4FhSHu5d8wTuue8x7Nx1FD/58RokJhciLbcGpTU9qGwaRH2HE+UEt0qGrzhqOt3Yd6IQ2RVdZrSwtm8MZe0EtfZhVBLWqgiqeaVteOKZnUhILkD8iRw8u/llrN/wLLLyq8x38p7ZdgD13cwr01KuF9F0OAigI2ZKaUJmFRbU9XlRTzX0etDUY6mRhdXQNydua79JBcn9un5rXW/c5JfnzEnbOqbz6vs8RrHw6/t8dLPisfxY7pK23xkpHbz4VMNrSPmI6exh2LJly5at/z063be9LXq9sN6ueN5qHL/p+N8uvaPxz6sbxj6ZZ6fEtue7napHtmzZOhckwNNaoKPv5NV2uQzklbcRfghTGtkraegj9JRiy84j2LrzMHUI23YctLT3OI5lVhg4qiaICQr1DJ4Fe4M4lFJiAFCQV9I4YJ4B1KcbzDTJmk5s2xNvno/buHk3nn52B56hHnt8C4rKWlDTMowahlNJaKxhmFUtDp43hiqmra7bi/2JRcip7DYfZK8fcBPSRlBJUKvuGKN/+iMUHksqxEu7jmPPgURk51YgM6cc2/ccw8v7EpGaX4sKpkWjmTqvqpOAy/jMx9uza7CgbCSAmsEAWvr86OryopMeWrtHWWDUgBPNJMu2rhF08Vj1ECl0xIXKYcIRE9PMQm0lFLYz812EuNYeAmG3E00EwYZBD2oHvagaCKCyN4Sa3gga+yNo6fWjlY1lcz8vzICXfnxc+9BINb0Z9XvNuc39rzzeMOCnAvPkZ7iEzCEH6odG0DA0bNQ0NGTUOMhjg6OoH2RBDzq5ZtqZnvlh2rJly5at/11qZv/UQjX3u87Ydpnt19p/J9xOx//Gft8Jt3cj/vOhjJtoTzT0z7cfXluNtC3OVq9s2bL1m1HzIO1/8ojgS5BngZ93ThYIarSvtnMUla0aSRs0qppTZduwea4v5tc63zpHI3aHUosZRwDbDqWaOGIjiPqRqK7LSWgjmJlwh1DN8KSatiHUEdQaerxo6Gb7IvVYEtzVc13b5cHB5BLkVffiQHIxj3kZJ+MlUxk/VF2nBzWCTgJoVesIattHGS7zYfYdqCGU1tO/ztVoo8KUqujveFY1FlQPBwk5ATZ2PnQwUx29LrT3seEjxDVQ9QIqNWy9PlQzkAoGUt4h2mQgnT7So5+Z9KKRCW4mKLYwnBaeI0CsG2IChwl4AxHUEvAa+0NopZ+2Pq/x00gIrBtiw8kLdLYLdzY1E8SaDehpO3Zc5/vZ+KoBjjXGQW7HRHdCZxOBronAZ6RtHrPOUdrCp8I5M05btmzZsnX+S31Gy4DH9D8xY9/W/3XJxtEPzUFjN7yRZDOcrW7ZsmXr3ZcAT9K2nstLyK1CdmUbsirakB0T909tV7S+WnJ/DSUX1iGjrJmM4OV2LVKLG067z4/jbOGa4x3ILn+l0opbkMV1SmGT+V6epoWmFTebD6+/Wu3Iksr
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b07230b-598c-4d5a-bc93-0e520acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:46:59.000Z",
"modified": "2018-05-24T20:46:59.000Z",
"first_observed": "2018-05-24T20:46:59Z",
"last_observed": "2018-05-24T20:46:59Z",
"number_observed": 1,
"object_refs": [
"file--5b07230b-598c-4d5a-bc93-0e520acd0835",
"artifact--5b07230b-598c-4d5a-bc93-0e520acd0835"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Support Tool\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b07230b-598c-4d5a-bc93-0e520acd0835",
"name": "iris-pe-export-2018-05-24T13_07_22-07_00.csv",
"content_ref": "artifact--5b07230b-598c-4d5a-bc93-0e520acd0835"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b07230b-598c-4d5a-bc93-0e520acd0835",
"payload_bin": "ZG9tYWluLCJ3aG9pcyB1cmwiLGFkc2Vuc2UsYWxleGEsImdvb2dsZSBhbmFseXRpY3MiLHN0YXR1cywiYWRtaW4gY29udGFjdCBuYW1lIiwiYWRtaW4gY29udGFjdCBvcmciLCJhZG1pbiBjb250YWN0IHN0cmVldCIsImFkbWluIGNvbnRhY3QgY2l0eSIsImFkbWluIGNvbnRhY3Qgc3RhdGUiLCJhZG1pbiBjb250YWN0IHBvc3RhbCIsImFkbWluIGNvbnRhY3QgY291bnRyeSIsImFkbWluIGNvbnRhY3QgcGhvbmUiLCJhZG1pbiBjb250YWN0IGZheCIsImFkbWluIGNvbnRhY3QgZW1haWwgMSIsImFkbWluIGNvbnRhY3QgZW1haWwgMiIsImFkbWluIGNvbnRhY3QgZW1haWwgMyIsImJpbGxpbmcgY29udGFjdCBuYW1lIiwiYmlsbGluZyBjb250YWN0IG9yZyIsImJpbGxpbmcgY29udGFjdCBzdHJlZXQiLCJiaWxsaW5nIGNvbnRhY3QgY2l0eSIsImJpbGxpbmcgY29udGFjdCBzdGF0ZSIsImJpbGxpbmcgY29udGFjdCBwb3N0YWwiLCJiaWxsaW5nIGNvbnRhY3QgY291bnRyeSIsImJpbGxpbmcgY29udGFjdCBwaG9uZSIsImJpbGxpbmcgY29udGFjdCBmYXgiLCJiaWxsaW5nIGNvbnRhY3QgZW1haWwgMSIsImJpbGxpbmcgY29udGFjdCBlbWFpbCAyIiwiYmlsbGluZyBjb250YWN0IGVtYWlsIDMiLCJyZWdpc3RyYW50IGNvbnRhY3QgbmFtZSIsInJlZ2lzdHJhbnQgY29udGFjdCBvcmciLCJyZWdpc3RyYW50IGNvbnRhY3Qgc3RyZWV0IiwicmVnaXN0cmFudCBjb250YWN0IGNpdHkiLCJyZWdpc3RyYW50IGNvbnRhY3Qgc3RhdGUiLCJyZWdpc3RyYW50IGNvbnRhY3QgcG9zdGFsIiwicmVnaXN0cmFudCBjb250YWN0IGNvdW50cnkiLCJyZWdpc3RyYW50IGNvbnRhY3QgcGhvbmUiLCJyZWdpc3RyYW50IGNvbnRhY3QgZmF4IiwicmVnaXN0cmFudCBjb250YWN0IGVtYWlsIDEiLCJyZWdpc3RyYW50IGNvbnRhY3QgZW1haWwgMiIsInJlZ2lzdHJhbnQgY29udGFjdCBlbWFpbCAzIiwidGVjaG5pY2FsIGNvbnRhY3QgbmFtZSIsInRlY2huaWNhbCBjb250YWN0IG9yZyIsInRlY2huaWNhbCBjb250YWN0IHN0cmVldCIsInRlY2huaWNhbCBjb250YWN0IGNpdHkiLCJ0ZWNobmljYWwgY29udGFjdCBzdGF0ZSIsInRlY2huaWNhbCBjb250YWN0IHBvc3RhbCIsInRlY2huaWNhbCBjb250YWN0IGNvdW50cnkiLCJ0ZWNobmljYWwgY29udGFjdCBwaG9uZSIsInRlY2huaWNhbCBjb250YWN0IGZheCIsInRlY2huaWNhbCBjb250YWN0IGVtYWlsIDEiLCJ0ZWNobmljYWwgY29udGFjdCBlbWFpbCAyIiwidGVjaG5pY2FsIGNvbnRhY3QgZW1haWwgMyIsImNyZWF0ZSBkYXRlIiwiZXhwaXJhdGlvbiBkYXRlIiwiZW1haWwgZG9tYWluIDEiLCJlbWFpbCBkb21haW4gMiIsImVtYWlsIGRvbWFpbiAzIiwiZW1haWwgZG9tYWluIDQiLCJlbWFpbCBkb21haW4gNSIsImVtYWlsIGRvbWFpbiA2Iiwic29hIGVtYWlsIDEiLCJhZGRpdGlvbmFsIHdob2lzIGVtYWlsIDEiLCJhZGRpdGlvbmFsIHdob2lzIGVtYWlsIDIiLCJhZGRpdGlvbmFsIHdob2lzIGVtYWlsIDMiLCJpcCAxIC0gYWRkcmVzcyIsImlwIDEgLSBhc24gMSIsImlwIDEgLSBjb3VudHJ5X2NvZGUiLCJpcCAxIC0gaXNwIiwibXggMSAtIGhvc3QiLCJteCAxIC0gZG9tYWluIiwibXggMSAtIGlwIDEiLCJteCAxIC0gaXAgMiIsIm14IDEgLSBpcCAzIiwibXggMSAtIGlwIDQiLCJteCAxIC0gaXAgNSIsIm14IDEgLSBpcCA2IiwibXggMSAtIGlwIDciLCJteCAxIC0gaXAgOCIsIm14IDEgLSBpcCA5IiwibXggMSAtIHByaW9yaXR5IiwibXggMiAtIGhvc3QiLCJteCAyIC0gZG9tYWluIiwibXggMiAtIGlwIDEiLCJteCAyIC0gaXAgMiIsIm14IDIgLSBpcCAzIiwibXggMiAtIGlwIDQiLCJteCAyIC0gaXAgNSIsIm14IDIgLSBpcCA2IiwibXggMiAtIGlwIDciLCJteCAyIC0gaXAgOCIsIm14IDIgLSBpcCA5IiwibXggMiAtIHByaW9yaXR5IiwibXggMyAtIGhvc3QiLCJteCAzIC0gZG9tYWluIiwibXggMyAtIGlwIDEiLCJteCAzIC0gaXAgMiIsIm14IDMgLSBpcCAzIiwibXggMyAtIGlwIDQiLCJteCAzIC0gaXAgNSIsIm14IDMgLSBpcCA2IiwibXggMyAtIGlwIDciLCJteCAzIC0gaXAgOCIsIm14IDMgLSBpcCA5IiwibXggMyAtIHByaW9yaXR5IiwibXggNCAtIGhvc3QiLCJteCA0IC0gZG9tYWluIiwibXggNCAtIGlwIDEiLCJteCA0IC0gaXAgMiIsIm14IDQgLSBpcCAzIiwibXggNCAtIGlwIDQiLCJteCA0IC0gaXAgNSIsIm14IDQgLSBpcCA2IiwibXggNCAtIGlwIDciLCJteCA0IC0gaXAgOCIsIm14IDQgLSBpcCA5IiwibXggNCAtIHByaW9yaXR5IiwibXggNSAtIGhvc3QiLCJteCA1IC0gZG9tYWluIiwibXggNSAtIGlwIDEiLCJteCA1IC0gaXAgMiIsIm14IDUgLSBpcCAzIiwibXggNSAtIGlwIDQiLCJteCA1IC0gaXAgNSIsIm14IDUgLSBpcCA2IiwibXggNSAtIGlwIDciLCJteCA1IC0gaXAgOCIsIm14IDUgLSBpcCA5IiwibXggNSAtIHByaW9yaXR5IiwibXggNiAtIGhvc3QiLCJteCA2IC0gZG9tYWluIiwibXggNiAtIGlwIDEiLCJteCA2IC0gaXAgMiIsIm14IDYgLSBpcCAzIiwibXggNiAtIGlwIDQiLCJteCA2IC0gaXAgNSIsIm14IDYgLSBpcCA2IiwibXggNiAtIGlwIDciLCJteCA2IC0gaXAgOCIsIm14IDYgLSBpcCA5IiwibXggNiAtIHByaW9yaXR5IiwibXggNyAtIGhvc3QiLCJteCA3IC0gZG9tYWluIiwibXggNyAtIGlwIDEiLCJteCA3IC0gaXAgMiIsIm14IDcgLSBpcCAzIiwibXggNyAtIGlwIDQiLCJteCA3IC0gaXAgNSIsIm14IDcgLSBpcCA2IiwibXggNyAtIGlwIDciLCJteCA3IC0gaXAgOCIsIm14IDcgLSBpcCA5IiwibXggNyAtIHByaW9yaXR5Iiwic3NsIDEgLSBzdWJqZWN0Iiwic3NsIDEgLSBoYXNoIiwic3NsIDEgLSBvcmciLCJzc2wgMSAtIGVtYWlsIDEiLCJzc2wgMSAtIGVtYWlsIDIiLCJzc2wgMSAtIGVtYWlsIDMiLCJzc2wgMSAtIGVtYWlsIDQiLCJzc2wgMSAtIGVtYWlsIDUiLCJzc2wgMiAtIHN1YmplY3QiLCJzc2wgMiAtIGhhc2giLCJzc2wgMiAtIG9yZyIsInNzbCAyIC0gZW1haWwgMSIsInNzbCAyIC0gZW1haWwgMiIsInNzbCAyIC0gZW1haWwgMyIsInNzbCAyIC0gZW1haWwgNCIsInNzbCAyIC0gZW1haWwgNSI
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b072323-4fb0-4c02-a5bc-2a940acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:40:30.000Z",
"modified": "2018-05-24T20:40:30.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\"",
"misp:to_ids=\"True\"",
"diamond-model:Adversary"
],
"x_misp_category": "Attribution",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "emamdouh515@gmail.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b072335-1ff8-4921-b7e3-27d00acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:40:30.000Z",
"modified": "2018-05-24T20:40:30.000Z",
"labels": [
"misp:type=\"whois-registrant-name\"",
"misp:category=\"Attribution\"",
"diamond-model:Adversary"
],
"x_misp_category": "Attribution",
"x_misp_type": "whois-registrant-name",
"x_misp_value": "Brenda Baker"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b0724e4-a0d8-4e45-9096-2af10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-24T20:47:32.000Z",
"modified": "2018-05-24T20:47:32.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Phishing attempt came in that contained a link that had a google redirect to a mailer site that auto downloaded an HTML file. This html file took you to a Wells Fargo copy cat site that attempts to harvest your creds. \r\n\r\nI did a pivot off of the registrant and found the malicious domains attached in the spreadsheet. \r\n\r\nFile downloaded: 05AE25-EBILLS.PDF.htm\r\nMD5: 432e313e21fa3294358bcecfdf204dbc\r\nThe malicious link in the htm file we received was: hxxp://eooosskl[.]com/pint.php\r\nhttps://www.virustotal.com/en/file/f72eb7069a84b78aa539b9987357b98ae22aa7706885d21212f655dac2bb83f0/analysis/1527187313/\r\n\r\nLink in email: hxxps://www.google[.]com/url?hl=en&q=hxxp://email.veromailer[.]com/c/eJxdkFFPwyAUhX9N-7LYAIWVPvRhs11iMs2iDz42rNytKJQG2Bb_vbRGrSY8XO75OOeETphRqPOQsK2DTo0KhtBKa4SKq7r6mrLOmrT7JSEudesvxzfowoQ9g1SprETOUbkEr8IpEZSdve7tEJzVqaoIwhwxQnFBCpxnOCsoLTYNQzVveEGbdULRFdyUrcHN6X18dKQS5QwxsYYciKAcl2U0oYAF5qdl7qJaQvjBwVXBLSHlai6qqz6E0Sf5JiG7eMBa6_27noLiFbFNQ9hds33Y71-yQ73L-mBSV7mL96B17HazVp6sk8af_3_N6OyU3A7CwBT_GtHVLrKrx7NbguFjnIEnuHkNIcBfFcyoRYAfn6X4PbZKThItSsbJJ5k4lVo&source=gmail&ust=1527269237118000&usg=AFQjCNHRTJZyy2nGQxuHiHXQ-8ouH3wcwg"
}
]
}