misp-circl-feed/feeds/circl/misp/5cd91555-359c-4dc4-8d30-5c7c950d210f.json

1 line
4.3 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - BR banker sample Bankerflux", "Tag": [{"colour": "#002642", "exportable": true, "name": "osint:source-type=\"microblog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1557734323", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5cd91962-0644-411a-8bf1-56a6950d210f", "sharing_group_id": "0", "timestamp": "1557731682", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "5", "Attribute": [{"comment": "", "category": "Other", "uuid": "5cd91962-60f0-4baf-9ea2-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "Interesting BR #banker sample, #bankerflux found by @malwrhunterteam drops a few binaries via @googledrive c2's: test.discoverthings[.]pw port2010kmjutre.camdvr[.]org hash f363206183d838911458139b45d0ac6d on @mal_share", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cd91962-305c-43b1-a44e-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5cd91962-904c-42cd-b5c6-56a6950d210f", "timestamp": "1557731682", "to_ids": true, "value": "https://twitter.com/James_inthe_box/status/1107613603144712192", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5cd91962-36e8-47e1-bafb-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "@malwrhunterteam", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cd91962-e624-4d47-83ae-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "@googledrive", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cd91962-3a54-4001-93d2-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "@mal_share", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cd91962-e0f0-4bb8-ad21-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "18 Mar 2019 5:03 AM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5cd91962-99a8-41dd-93af-56a6950d210f", "timestamp": "1557731682", "to_ids": false, "value": "James_inthe_box", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5cd923a2-d3dc-47c9-9404-47eb950d210f", "sharing_group_id": "0", "timestamp": "1557734306", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5cd923a3-d25c-4832-8e8f-4954950d210f", "timestamp": "1557734307", "to_ids": true, "value": "f363206183d838911458139b45d0ac6d", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5cd923a3-f898-4111-a931-41e1950d210f", "timestamp": "1557734307", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "C2", "category": "Network activity", "uuid": "5cd91978-e20c-4db1-aa46-5c80950d210f", "timestamp": "1557731704", "to_ids": true, "value": "test.discoverthings.pw", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "C2", "category": "Network activity", "uuid": "5cd91978-db5c-4411-9e7b-5c80950d210f", "timestamp": "1557731704", "to_ids": true, "value": "port2010kmjutre.camdvr.org", "disable