2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2016-05-08",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Fake scan campaings (20160505 - 20160507) using docm - Dridex",
|
|
|
|
"publish_timestamp": "1462697526",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1462697324",
|
|
|
|
"uuid": "572efbbc-ba08-4a82-b879-400d02de0b81",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696943",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "572efbef-6894-4dd0-a438-480602de0b81",
|
|
|
|
"value": "fm1.ntlweb.org/87hcnrewe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696943",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "572efbef-28e4-487d-835b-4ecc02de0b81",
|
|
|
|
"value": "iconigram.com/87hcnrewe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696943",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "572efbef-6b4c-485a-96b8-4c2402de0b81",
|
|
|
|
"value": "www.sammelarmband.de/87hcnrewe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696944",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "572efbf0-65fc-41dc-9dd6-48d102de0b81",
|
|
|
|
"value": "hospice.psy.free.fr/87hcnrewe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "C&C",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696973",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "572efc0d-33dc-4c5a-86b2-424602de0b81",
|
|
|
|
"value": "192.241.252.152"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "C&C",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696973",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "572efc0d-c538-47f4-9f65-477c02de0b81",
|
|
|
|
"value": "195.169.147.26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "C&C",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462696974",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "572efc0e-66ec-433d-a8aa-408d02de0b81",
|
|
|
|
"value": "70.164.127.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dropped binary",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697038",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "572efc4e-cc64-4b0f-9b5f-427f02de0b81",
|
|
|
|
"value": "84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697062",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "572efc66-9ccc-4e82-8172-41a202de0b81",
|
|
|
|
"value": "a835542d280eb8a3cc508cd57bcd94fd2393fc31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697063",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "572efc67-9714-4709-8f5f-49d302de0b81",
|
|
|
|
"value": "803358c128aae4faed24e194d6388e68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697063",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "572efc67-a9ac-4e71-91f3-482302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e/analysis/1462526126/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697117",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "572efc9d-79a4-4199-bde2-46cc02de0b81",
|
|
|
|
"value": "http://meregivo.com.ua/87hcnrewe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697227",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "572efd0b-677c-4f67-a705-4cb302de0b81",
|
|
|
|
"value": "af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697235",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "572efd13-8974-4e7a-947f-465102de0b81",
|
|
|
|
"value": "f9cb0984f6fcc3e76070bd8f71c193f58000c1a7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697236",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "572efd14-e58c-42aa-865b-4e5d02de0b81",
|
|
|
|
"value": "a52fc2b17771577ee1e72a08f99fa432"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697236",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "572efd14-f9e8-4c6b-8e9c-4bb802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab/analysis/1462544836/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697317",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "572efd55-bef4-4d63-9929-46d002de0b81",
|
|
|
|
"value": "0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697324",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "572efd6c-7f24-4459-9832-43d202de0b81",
|
|
|
|
"value": "892d09d04fa087df98fb0c2941b7a39c4c938822"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697324",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "572efd6c-e894-4c0f-be22-4f2902de0b81",
|
|
|
|
"value": "22feec8b1b12603a6efc8d098817b99a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1462697324",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "572efd6c-e2b4-44ed-9962-470b02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25/analysis/1462544863/"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|