1 line
46 KiB
JSON
1 line
46 KiB
JSON
|
{"Event": {"info": "OSINT - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware", "Tag": [{"colour": "#284800", "exportable": true, "name": "malware_classification:malware-category=\"Trojan\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#002f76", "exportable": true, "name": "ms-caro-malware-full:malware-family=\"Banker\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:banker=\"Kronos\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "1532552661", "timestamp": "1532589437", "Object": [{"comment": "containing SmokeLoader from /download.php on Nov 8", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b583628-807c-4168-843b-43eb950d210f", "sharing_group_id": "0", "timestamp": "1532507688", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b583629-0a98-4886-aba6-4489950d210f", "timestamp": "1532507689", "to_ids": true, "value": "4b5f4dbd93100bb7b87920f2f3066782a8449eb9e236efc02afe570c1ce70cf5", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5b583629-5e3c-4698-acd9-48af950d210f", "timestamp": "1532507689", "to_ids": true, "value": "EmployeeID-47267.zip", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b583629-12e0-4dda-bfb9-4821950d210f", "timestamp": "1532507689", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "containing ZeuS from /download.php on Nov 8", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b58365c-aa24-4e3d-a908-49e6950d210f", "sharing_group_id": "0", "timestamp": "1532507740", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b58365c-e28c-4eb6-903a-4f84950d210f", "timestamp": "1532507740", "to_ids": true, "value": "711431204071b1e6f5b5644e0f0b23464c6ef5c254d7a40c4e6fe7c8782cd55c", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5b58365c-2300-41fa-a979-4c7d950d210f", "timestamp": "1532507740", "to_ids": true, "value": "EmployeeID-47267.zip", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b58365c-c044-4165-8d87-4119950d210f", "timestamp": "1532507740", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "SmokeLoader", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b583698-e9f8-428f-8754-4eed950d210f", "sharing_group_id": "0", "timestamp": "1532507800", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b583699-ffd8-4c48-9374-43f5950d210f", "timestamp": "1532507801", "to_ids": true, "value": "EmployeeID-47267.pif", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b583699-ff74-4e92-9206-4492950d210f", "timestamp": "1532507801", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5b583698-d37c-4816-8fdc-4eb3950d210f", "timestamp": "1532507800", "to_ids": true, "value": "90063c40cb94277f39ca1b3818b36b4fa41b3a3091d42dfc21586ad1c461daa0", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "ZeuS"
|