misp-circl-feed/feeds/circl/misp/57595892-e5f4-4419-b6dc-48df950d210f.json

172 lines
183 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2016-06-09",
"extends_uuid": "",
"info": "OSINT - LinkedIn information used to spread banking malware in the Netherlands",
"publish_timestamp": "1465477834",
"published": true,
"threat_level_id": "3",
"timestamp": "1465477825",
"uuid": "57595892-e5f4-4419-b6dc-48df950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#3b7500",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Zeus Panda, in this case, always connects to the following domain & IP using SSL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473194",
"to_ids": true,
"type": "ip-dst",
"uuid": "575958aa-0250-4ce1-93b9-4346950d210f",
"value": "107.171.187.182"
},
{
"category": "Network activity",
"comment": "Zeus Panda, in this case, always connects to the following domain & IP using SSL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473218",
"to_ids": true,
"type": "domain",
"uuid": "575958c2-439c-45ee-ba76-41ff950d210f",
"value": "skorianial.com"
},
{
"category": "Network activity",
"comment": "The Macro retrieves a binary from the following (likely compromised) website",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473251",
"to_ids": true,
"type": "url",
"uuid": "575958e3-1e48-4b17-b606-407d950d210f",
"value": "ledpronto.com/app/office.bin"
},
{
"category": "Artifacts dropped",
"comment": "The Macro retrieves a binary from the following (likely compromised) website",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473759",
"to_ids": true,
"type": "sha256",
"uuid": "57595adf-0100-458e-b7c5-47d5950d210f",
"value": "c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d"
},
{
"category": "Artifacts dropped",
"comment": "The Macro retrieves a binary from the following (likely compromised) website - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473811",
"to_ids": true,
"type": "sha1",
"uuid": "57595b13-325c-4544-bfdc-4c7502de0b81",
"value": "b6d32b488e2b778bd8414a4241a74883f01452fe"
},
{
"category": "Artifacts dropped",
"comment": "The Macro retrieves a binary from the following (likely compromised) website - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473812",
"to_ids": true,
"type": "md5",
"uuid": "57595b14-9248-4eb6-b4c2-477302de0b81",
"value": "8582db69683290be0381bd1485013435"
},
{
"category": "External analysis",
"comment": "The Macro retrieves a binary from the following (likely compromised) website - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465473812",
"to_ids": false,
"type": "link",
"uuid": "57595b14-c6e8-47f5-8835-471a02de0b81",
"value": "https://www.virustotal.com/file/c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d/analysis/1465384661/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465474041",
"to_ids": false,
"type": "user-agent",
"uuid": "57595bf9-9468-43c7-8e9b-4f31950d210f",
"value": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)"
},
{
"category": "Payload delivery",
"comment": "downloaded malware",
"data": "UEsDBBQACQAIAABpyUgx/VOztRACAABgAwAgABwAODU4MmRiNjk2ODMyOTBiZTAzODFiZDE0ODUwMTM0MzVVVAkAAzBqWVcwallXdXgLAAEEIQAAAAQhAAAAdFANgyCZKp/EQCBp5REbAO0o75DP1DNPP6lrFSMVYQ8qlvivs3hjcDz5TrDU5t+60G9ggOsbe117QLSibgg6ks0JmVsHMt1Oj3coAA/gVxpdYyzgoOZ8Qcxn/phCfpml/Y0sDTTU1pcmTFx/UimwIQ340GYiwWVtkUIiShJWkd3zG74SAh+Uip/Jneril0ZN9LhyfGuTucOuVnVJIJvL4YNygEWe2Vu+xKfoHolj24XUJYPuoTbQ5s2Kf+2AxM6vdmbMVAvDVkQATkL+r+3Q0KUBN+BN4/Ca47zL5UMGbSlRFFmB47GVGDB1t/viON4VBsqgCLIYCynyHNcuBt3fNb3jVr9D29vdV2yO3XsUpeHzcC3zqZatvDjFlTegcIwwO+QMM7pKWTkKy95b2MMvnzY2cdXTER72gp2WI9OyEMTZBLk9iUDRr12mwhZDEmxeNrD3ELwz9H9OGAFI+YLhrOGihOT/oBpyvTEjsC2xaEhf8s7/9Ef7W9Un+MhRkZ615JqPkfooWXZxcdbYcgUmrjYqa/kAk/jh4SdGG7tgEq8+NI2lo8OdLtzXyoeGfJJjnKqrKJkpmvKgAoFcg/NSCwmVfTvqfw0Qlc3CsArMPk6IYMxkLPynZY4sg7zFyZGPPmHywCZ+GqBzmjssxnm+CKey1cWtLH2/lGOkMby5HQyEOlGTK1gQQgU7mjeBnpeIUZlwB3dkElrMNkq/7sjP4E1pA8tfNulFdk/WVmGZpYggOcdbUcE8aqiR6EmzvVXYLvzYwPphLzVcgszyS2pSOXRuXof4YGwAhb7lC6kAcaRYexmmIo5roFW2jaqncrQsy6RhFruEZzU42N8+bhicEKqYsND6wFlHXO2zh0iD+6RprjY/6bnE2VcqdtXzOunTPjmKAFGnxc/ZZvRskiEnW0DEk2PxmI5eLITU1NL2EI8FUjpasiXN5gEKTyYmriDQVYBlqthHbAtq+VG8mJzzNoXnshkf6uKzpskM4gPaX9cV7bENQOLubhfAppEP0gQ/l3bmRVtDsFnJKWGqBe8I7yL2403QFMHTFtae3VJdMKBX0E43ar8iNfkg+tYhf7+sNLj8+owPXGLGCJ1qOzkU8s3Qocwq0tMQxutfjONjX2rQMq50MdrZj2/E4vXuSFR+tgJatQThcKifMUcFFbI9sNZV+4Q5qA9n0ip2cpNNRaEDQcPD96zl/kXCae4OIqvc6D9Yqj6YhBSC531hfSHoi3JV0jl0nUO5Nvn6xSIrsjvnft0Yfc55/91OfecHvzDNN9pX0L0AsT4fSG7geD/walB1QgljTo1g0BQ3QyqYKXzVXoPQJLhSqand9qn+AbC8K0/tyjMkIM2onParAxYAWgt6DEyVVLhtOmar26baiaAe7peSoyegPWIr0BN3LjnmRwppRuOE8TehQWs/4W4Zp9swU8pn/MzQa2+VeO8Jus/jK/+/izirTY7NvQWveelypSRwk8OvGmEZWE34jMoTULsowN91QrBExmLs3OK1jlJgUoO+JMVMFdPjcyACY+I9xa0k5Ovo1LPzIJTnET8jVHpN1R8eNJqZw/imA9gYlqTLwpxM4f9D9VvOCb7tqtUAPWBi0irScFj2je5VNlUD2BM6wzIkgPEhhMPqhOxh48S6HlMVOu/LMNYvvKjBQ6Tpm6GNn/pyjwx7FY9ySsTq46/zpcLSxGbWzWxtnOFGcohA8N+onteGbid01lhdS6nKCMEozk9q00073wUMlnidYQAJRYE2Nid9Li3MdUdeQjFpXL9l2b60M/NshxTPITBozQJsrec5xUML7wWB4T9VLxDzc/aINTLdZSZyxiwt9V6YOBWjL83XmTfXIOU4IJMJP/oVLdD8inZ7b6U1G+AKOrCcfT2/+fmGWFv6k8gORAGvMr/2ny7DNHwH9KaKr8MBWVDx/GnmxAl12afaREQxIIp9T0b9ewiITAstE6CcIyiDrh63vFXRXTjFq2JM7qkFf2t0wq4bNf9fLCjkqF70iBsxyEPvanj/Yalrj01YPHaOAvUj7v3UjZwwJcWFtZ2JViE9b4ssaipicxLBH0Iu2aLehZtwqoeuITA+EZp5eW56z25eogUInZAeFi7hWrByTe3Uq1/BiBXgFSGL8zbBvOpq3E11AJlC+GsL7qeVKlMZ3Y6jSewySac7DRLUhJ2SfXUj8tgf3jf6EgG8tmNFSl5HxnQOygm/OwekOImS6wbw75iTB3KKGKR6PnnLTWuWpqqgJTpKdgnUFAvBftq1mfClMyHdz2rfDgzHh1NnY2k69rh1lafgNuaM8JoiJUjy/uiIma/HC8Sz3WTfj/RinXniZus1OR4zm1HMx8IIu9VsHB97sk41S0yKNf4Lnq6gzmRjcVHO0WE27PtCMGXwY1M9sFWJp4godvSlE0LZ1Xk/f9HWGLSZT/3zu13IEjDQNnBTg4W6YF1TEaz5+Gr775pBNogyXqGUETE23O35rP+B5VQSwAzFoIu0FdCNDw+0+X//75dvwHF2j2yovqjA9Yz7TMkK2a89yvIxTKuuB1Y/+b/DTsmktKmmjhpbfAd7ochnSIfK1iHa3iVFdw7AeEZqd/eRhhDpyM/BxiYJNif1FkUB96LBaKJbGtpzQMfULQ1IsaL3DR9NAba1PGql0HHn8+3uu96ZUOpkzqwC5LV1x7GdqHdNQjQ749uaCu0j4AUv2alc2LPcEaAon1qI5yr/CWgDpkkh5ndpB1ugGMQfXFMk7/o8L/LZ2ESiq8N9Wez9zNc4D1PmWakOTc+S5n5c3MS6pnhApoBvMMCPVNjriQxhhHFy74Z6ss8+EskkqKzNERFLGTKydx7EnEDdKVNxv/HINZSUFA2s4eKTNmD0IoGbxZ7y3AUjPtnjADfGT0zFNY/Xhk/8PqpoUBGxetkj/VdkBQpXOd9fsFXdSEfj8hPu+JrJiTZY4I92u+wifRWd7x1fyN5oi+Yl+JE5F3eg0vZs7ZIZ9PuHu5K1JdKRQ7x5ju2LJtD/kVZx9etkeAuAutuLsIaVf5JXlnetuOia/M8MMvDGwTYtasTk9pkejl12yk2NGsytShN7VvDFyXIC2mGt5ZG4zN1YCGvcPq1zXxBD2yWHkeDzr8tBF9VZhBHxbeO9to1NsV3fElYf4EcsSYXG1+Lgg1Bs2H2mQzTgxnEN0I1qFkZtF6yKv0MkNOGMvcEBchYPT6QqHWyyp1BkdBLr2FmDvmg3bBJnyWdGu3eJ37wKmMTGyPyIpYNvsAGIuRz3sD10XgtsSA9S0/ULNmqhcw1nV+GPDhdJ+kzKRj6A/PBSecl5msmjmOvLcf98YIBBXrRz7pydo7rnYQ+qWLJ8GlZn8k1SRwyjbW5lTPdIfzQl29aPHi9RlkdrmzrolKWGmFMNlDQM0dKjHAnkhU7FwaUvqKzYYgZLFL4EaZJVNs+yLDFk7Q+faKdDP78kNwPRcnHtPc8QnEtJ3z6K4eGxQlodH04ugiPBrgqo5eF4oGZz0t23GTUeGrj+e6zaMZo5ErzSelZQ3V6V6pjEnNU6TpoWIA5KhSJFsf8hn1B6Mg3ZtBH8qaXvt2WWkoabbht/HeTsVgDHMA5NJB/JuwHxYsTAfebr2hoYsDI5H9fyyXPt/RzJt1uw2ivzrTnMc+DTrso6LUuDQUfDitgxLT/VVnPp2y5bzcXCLfsh1pKrts3g/iQmujp7e5pzOzdiBWRX+tprkSOvWlUwlCBE4NMtPufzd++NcKJTP69IrzWWTYkrnCpk1+Ex8pzgKPQRyimj2RNwBug83b61OgUbkp3VL6hBgW4e5Qjx4fJQip8hXwcpZZxEMP/ACIWs0bH/wtsQG1at/49HodikgD9lMWMzGo66QhXLVxmj+zo7S7g2bntxoQxs/td48uSv6SsRjLzj5jthZjSz/01Esv7ngyahzfNrt9WwDDFmQXK5kxNx9Y+c2yRCfaDiWGwAQC6xa5S76H
"deleted": false,
"disable_correlation": false,
"timestamp": "1465477680",
"to_ids": true,
"type": "malware-sample",
"uuid": "57596a30-835c-498d-84b5-44c1950d210f",
"value": "office.bin|8582db69683290be0381bd1485013435"
},
{
"category": "Payload delivery",
"comment": "downloaded malware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465477681",
"to_ids": true,
"type": "filename|sha1",
"uuid": "57596a31-53c4-45de-a59e-4289950d210f",
"value": "office.bin|b6d32b488e2b778bd8414a4241a74883f01452fe"
},
{
"category": "Payload delivery",
"comment": "downloaded malware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465477682",
"to_ids": true,
"type": "filename|sha256",
"uuid": "57596a32-bcd4-46d2-b224-4409950d210f",
"value": "office.bin|c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d"
},
{
"category": "External analysis",
"comment": "downloaded malware - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1465477825",
"to_ids": false,
"type": "link",
"uuid": "57596ac1-3280-4256-8bfc-434502de0b81",
"value": "https://www.virustotal.com/file/c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d/analysis/1465474372/"
}
]
}
}