adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59b23683-c180-4b81-87c5-4610950d210f.json

127 lines
4.3 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2017-08-24",
"extends_uuid": "",
"info": "OSINT - New multi platform malware/adware spreading via Facebook Messenger",
"publish_timestamp": "1504870931",
"published": true,
"threat_level_id": "3",
"timestamp": "1504870925",
"uuid": "59b23683-c180-4b81-87c5-4610950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": false,
"type": "link",
"uuid": "59b23694-301c-4273-a338-ec64950d210f",
"value": "https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": false,
"type": "comment",
"uuid": "59b236b2-bf84-4f5c-a073-4ccd950d210f",
"value": "One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on.\r\n\r\nAfter just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. The code is advanced and obfuscated.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": true,
"type": "filename|md5",
"uuid": "59b236f8-3d18-4582-9dca-4610950d210f",
"value": "injection.js|ebc117c0cf03ad4b13184d1253862586"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: ebc117c0cf03ad4b13184d1253862586",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": true,
"type": "sha256",
"uuid": "59b28207-30a0-4bf4-bb9d-416a02de0b81",
"value": "ad1b11cb053df4e8cb890872fa4a25057d514a8c2778b6b745c5aaf5b3f984cd"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: ebc117c0cf03ad4b13184d1253862586",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": true,
"type": "sha1",
"uuid": "59b28207-e048-4b59-9b17-4b4202de0b81",
"value": "a6f1d1e11c4399dd280fbdba3309357da94ec500"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: ebc117c0cf03ad4b13184d1253862586",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504870919",
"to_ids": false,
"type": "link",
"uuid": "59b28207-bd54-415b-ab47-4aff02de0b81",
"value": "https://www.virustotal.com/file/ad1b11cb053df4e8cb890872fa4a25057d514a8c2778b6b745c5aaf5b3f984cd/analysis/1504836659/"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink