adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5e2c4c13-1f64-4e4e-8165-4801950d210f.json

266 lines
8.4 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "1",
"date": "2020-01-25",
"extends_uuid": "",
"info": "Emotet/Trickbot",
"publish_timestamp": "1580456162",
"published": true,
"threat_level_id": "3",
"timestamp": "1580456151",
"uuid": "5e2c4c13-1f64-4e4e-8165-4801950d210f",
"Orgc": {
"name": "wilbursecurity.com",
"uuid": "5e16d2bc-5c68-4ef1-bc80-47f5950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#cdce6a",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Banker: TrickBot",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ad00ff",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "malware:emotet",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579962769",
"to_ids": true,
"type": "url",
"uuid": "5e2c4de1-ac54-48d5-a37d-e9b4950d210f",
"value": "https://jomamba.best:80/adgvredgdz"
},
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579962762",
"to_ids": true,
"type": "url",
"uuid": "5e2c4de1-d8f0-4c26-a183-e9b4950d210f",
"value": "http://144.202.114.147:80/aascx"
},
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579962734",
"to_ids": true,
"type": "url",
"uuid": "5e2c4dfa-7538-4f47-bdec-e9b4950d210f",
"value": "http://149.28.106.230/adsfjasktmsttyoatopoyamfkytasrdltoiqrttmcvbmltpatp"
},
{
"category": "Network activity",
"comment": "C2 via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579962390",
"to_ids": true,
"type": "url",
"uuid": "5e2c5016-8b18-4d7a-9ec0-414b950d210f",
"value": "149.28.106.230.vultr.com"
},
{
"category": "Network activity",
"comment": "C2 via Emotet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579962489",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e2c5079-86ec-4f16-b647-75a9950d210f",
"value": "68.183.170.114"
},
{
"category": "Network activity",
"comment": "Trickbot connected to this domain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579963242",
"to_ids": true,
"type": "domain",
"uuid": "5e2c536a-4134-427d-98d1-4eaf950d210f",
"value": "2cdajlnnwxfylth4.onion"
},
{
"category": "Network activity",
"comment": "Trickbot connected to this domain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579963248",
"to_ids": true,
"type": "domain",
"uuid": "5e2c5370-3918-40ec-8c2f-4a0a950d210f",
"value": "myexternalip.com"
},
{
"category": "Network activity",
"comment": "Trickbot connected to this domain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579963254",
"to_ids": true,
"type": "domain",
"uuid": "5e2c5376-cd28-4e38-a0e7-48cc950d210f",
"value": "chekfast.zennolab.com"
},
{
"category": "Network activity",
"comment": "Trickbot connected to this domain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579963254",
"to_ids": true,
"type": "domain",
"uuid": "5e2c5376-8478-43fc-8eac-42b2950d210f",
"value": "api.ipify.org"
},
{
"category": "Network activity",
"comment": "PowerView.ps1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579965122",
"to_ids": true,
"type": "url",
"uuid": "5e2c5ac2-3588-439c-b693-43d8950d210f",
"value": "https://qwe4dse4.com/hcxUr9dg.ps1"
},
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580051493",
"to_ids": true,
"type": "url",
"uuid": "5e2dac25-eda0-44f4-93d4-48af950d210f",
"value": "http://207.148.30.186:80/asdkjbaskjnvscjshxhgbsxsanxrvsars"
},
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580051498",
"to_ids": true,
"type": "url",
"uuid": "5e2dac2a-0ae0-4120-a56e-4ea1950d210f",
"value": "http://155.138.202.17:80/aieutireuoitreuJHJksfhkjhewkkkqowJLKjswwoieuoepo"
},
{
"category": "Network activity",
"comment": "Trickbot potential c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580061584",
"to_ids": true,
"type": "url",
"uuid": "5e2dd390-a514-4790-8a1d-be6c950d210f",
"value": "https://updatewinlsass.com:80/afdgszfsbgrg"
},
{
"category": "Network activity",
"comment": "Trickbot PowerTrick",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580062002",
"to_ids": true,
"type": "domain",
"uuid": "5e2dd532-a644-43e8-b03d-418c950d210f",
"value": "updatewinlsass.com"
},
{
"category": "Network activity",
"comment": "Trickbot download and IEX via powershell",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580087835",
"to_ids": true,
"type": "url",
"uuid": "5e2e3a1b-b21c-419a-a86e-4b42950d210f",
"value": "https://koretycbeeb.com:80/lmjnbvgftyujkiu765678"
},
{
"category": "Network activity",
"comment": "Trickbot connecting to PowerShell Empire",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580087929",
"to_ids": false,
"type": "ip-dst",
"uuid": "5e2e3a79-d648-4d6f-8375-83e8950d210f",
"value": "155.138.142.157"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.",
"meta-category": "misc",
"name": "shell-commands",
"template_uuid": "fee65efa-eb64-4516-8611-1db76c589f79",
"template_version": "2",
"timestamp": "1579962888",
"uuid": "5e2c4ed1-e340-4765-a21f-75ba950d210f",
"Attribute": [
{
"category": "Other",
"comment": "Trickbot",
"deleted": false,
"disable_correlation": false,
"object_relation": "shell-command",
"timestamp": "1579962857",
"to_ids": false,
"type": "text",
"uuid": "5e2c4ed1-17f8-4e56-8dbb-75ba950d210f",
"value": "nltest /domain_trusts /all_trusts"
},
{
"category": "Other",
"comment": "Trickbot",
"deleted": false,
"disable_correlation": false,
"object_relation": "shell-command",
"timestamp": "1579962878",
"to_ids": false,
"type": "text",
"uuid": "5e2c4ed8-3fec-42f4-99b8-75ba950d210f",
"value": "net view /all /domain"
},
{
"category": "Other",
"comment": "Trickbot",
"deleted": false,
"disable_correlation": false,
"object_relation": "shell-command",
"timestamp": "1579962888",
"to_ids": false,
"type": "text",
"uuid": "5e2c4ede-6fc8-48fa-a7f7-75ba950d210f",
"value": "net config workstation"
}
]
}
]
}
}
Reference in a new issue Copy permalink