adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b337664-88a4-4764-a97f-205b0acd0835.json

2114 lines
4.6 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-06-27",
"extends_uuid": "",
"info": "Blog Post: EMOTET INFECTION WITH ICEDID",
"publish_timestamp": "1594043427",
"published": true,
"threat_level_id": "2",
"timestamp": "1621849804",
"uuid": "5b337664-88a4-4764-a97f-205b0acd0835",
"Orgc": {
"name": "Synovus Financial",
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:banker=\"IcedID\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Emotet\"",
"relationship_type": ""
},
{
"colour": "#16f5f5",
"local": "0",
"name": "IcedID",
"relationship_type": ""
},
{
"colour": "#002f76",
"local": "0",
"name": "ms-caro-malware-full:malware-family=\"Banker\"",
"relationship_type": ""
},
{
"colour": "#00b2d9",
"local": "0",
"name": "veris:action:social:variety=\"Phishing\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#00a8cd",
"local": "0",
"name": "veris:action:malware:vector=\"Web download\"",
"relationship_type": ""
},
{
"colour": "#00a9cf",
"local": "0",
"name": "veris:action:malware:variety=\"Downloader\"",
"relationship_type": ""
},
{
"colour": "#00acd1",
"local": "0",
"name": "veris:action:malware:variety=\"Export data\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530102867",
"to_ids": false,
"type": "link",
"uuid": "5b3376ba-1820-41de-aa23-0b5d0acd0835",
"value": "https://www.malware-traffic-analysis.net/2018/06/26/index.html",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103974",
"to_ids": true,
"type": "domain",
"uuid": "5b3376d3-2400-4353-a245-207d0acd0835",
"value": "sandearth.com",
"Tag": [
{
"colour": "#2d0048",
"local": "0",
"name": "adversary:infrastructure-status=\"compromised\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530099832",
"to_ids": true,
"type": "domain",
"uuid": "5b337841-99e4-435a-93d8-2d350acd0835",
"value": "percalabia.com",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530099832",
"to_ids": true,
"type": "domain",
"uuid": "5b337841-581c-4b8f-869a-0b5a0acd0835",
"value": "urnachay.com",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530099915",
"to_ids": true,
"type": "domain",
"uuid": "5b3378bc-e084-4c90-b51f-205b0acd0835",
"value": "thectrl24.com",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104100",
"to_ids": true,
"type": "url",
"uuid": "5b337f60-243c-4129-8a96-206a0acd0835",
"value": "http://thectrl24.com/gjogw/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002f76",
"local": "0",
"name": "ms-caro-malware-full:malware-family=\"Banker\"",
"relationship_type": ""
},
{
"colour": "#00acd1",
"local": "0",
"name": "veris:action:malware:variety=\"Export data\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "thectrl24[.]com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103400",
"to_ids": true,
"type": "ip-src",
"uuid": "5b337f80-e620-4ada-a557-0b5d0acd0835",
"value": "111.118.185.16",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#e82e45",
"local": "0",
"name": "VT:More than 10 URLs detected",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103003",
"to_ids": true,
"type": "url",
"uuid": "5b3380b2-fdd4-434e-9f71-39cb0acd0835",
"value": "http://69.193.199.50/whoami.php",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#993700",
"local": "0",
"name": "diamond-model:Capability",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "HTTP over port 443, C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103404",
"to_ids": true,
"type": "url",
"uuid": "5b338286-dda0-4603-a72e-0b5d0acd0835",
"value": "http://88.79.210.243:443/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#00aad0",
"local": "0",
"name": "veris:action:malware:variety=\"C2\"",
"relationship_type": ""
},
{
"colour": "#00acd1",
"local": "0",
"name": "veris:action:malware:variety=\"Export data\"",
"relationship_type": ""
},
{
"colour": "#009dbf",
"local": "0",
"name": "veris:attribute:confidentiality:state=\"Transmitted encrypted\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103407",
"to_ids": true,
"type": "url",
"uuid": "5b3382e3-d2b4-445b-99a2-0b5a0acd0835",
"value": "http://110.143.116.201/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#00aad0",
"local": "0",
"name": "veris:action:malware:variety=\"C2\"",
"relationship_type": ""
},
{
"colour": "#00acd1",
"local": "0",
"name": "veris:action:malware:variety=\"Export data\"",
"relationship_type": ""
},
{
"colour": "#009dbf",
"local": "0",
"name": "veris:attribute:confidentiality:state=\"Transmitted encrypted\"",
"relationship_type": ""
}
]
},
{
"category": "Support Tool",
"comment": "",
"data": "1MOyoQIABAAAAAAAAAAAAP//AAABAAAAC6EyWzHtAgB9AQAAfQEAAP///////wAIAhxHrggARQABbwABAACAETl+AAAAAP////8ARABDAVtTkgEBBgBS+gwnAAAAAAAAAAAAAAAAAAAAAAAAAAAACAIcR64AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY4JTYzUBAz0HAQAIAhxHrjIErBAFwzYErBAF/gwOU25vdy1QYXRyb2wtUENRIAAAAFNub3ctUGF0cm9sLVBDLnJhcHRvci1uYXYuY29tPAhNU0ZUIDUuMDcMAQ8DBiwuLx8hefkr/wuhMluKCgMAVgEAAFYBAAAACAIcR64g5Sq2k/EIAEUQAUgAAAAAEBGAAqwQBf6sEAXDAEMARAE0KbcCAQYAUvoMJwAAAAAAAAAArBAFw6wQBf4AAAAAAAgCHEeuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGOCU2M1AQU2BKwQBf4zBAAABwgBBP///wAPC2xvY2FsZG9tYWluAwSsEAUBBgSsEAUBLASsEAUB/wAAAAAAAAALoTJbci0DADwAAAA8AAAAAQBeAAAWAAgCHEeuCABGAAAoAAIAAAECMCysEAXD4AAAFpQEAAAiAPoBAAAAAQMAAADgAAD8AAAAAAAAC6EyWys0AwA8AAAAPAAAAAEAXgAAFgAIAhxHrggARgAAKAADAAABAjArrBAFw+AAABaUBAAAIgD5AQAAAAEEAAAA4AAA/AAAAAAAAAuhMlv9OAMASgAAAEoAAAABAF4AAPwACAIcR64IAEUAADwABAAAARHEJawQBcPgAAD88LMU6wAoTAce7gAAAAEAAAAAAAAOU25vdy1QYXRyb2wtUEMAAP8AAQuhMlul7QMATgAAAE4AAACkH3LCCWoACAIcR64IAEUAAEAABQAAgBESEKwQBcOsEAUJz1sANQAsAdMrUwEAAAEAAAAAAAAGaXNhdGFwC2xvY2FsZG9tYWluAAABAAELoTJbw0oEAG4AAABuAAAAIOUqtpPxAAgCHEeuCABFAABgAAYAAIAREfCsEAXDrBAFAQCJAIkATLrajrkpAAABAAAAAAABIEZERU9FUEZIQ05GQUVCRkVGQ0VQRU1DTkZBRURDQUFBAAAgAAHADAAgAAEABJPgAAZgAKwQBcMLoTJbiEwEAG4AAABuAAAAIOUqtpPxAAgCHEeuCABFAABgAAcAAIAREe+sEAXDrBAFAQCJAIkATGbgjropAAABAAAAAAABIEZDRUJGQUZFRVBGQ0NORU9FQkZHQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAbgAKwQBcMLoTJbaU0EAG4AAABuAAAAIOUqtpPxAAgCHEeuCABFAABgAAgAAIAREe6sEAXDrBAFAQCJAIkATLrWjrspAAABAAAAAAABIEZERU9FUEZIQ05GQUVCRkVGQ0VQRU1DTkZBRURDQUNBAAAgAAHADAAgAAEABJPgAAZgAKwQBcMLoTJbuF0EAJkAAACZAAAAAAgCHEeupB9ywglqCABFAACLG0cAAIAR9oKsEAUJrBAFwwA1z1sAd+qfK1OBgwABAAAAAQAABmlzYXRhcAtsb2NhbGRvbWFpbgAAAQABAAAGAAEAAAOEAEABYQxyb290LXNlcnZlcnMDbmV0AAVuc3RsZAx2ZXJpc2lnbi1ncnMDY29tAHhJMKYAAAcIAAADhAAJOoAAAVGAC6EyW3zABABKAAAASgAAAAEAXgAA/AAIAhxHrggARQAAPAAJAAABEcQgrBAFw+AAAPzwsxTrAChMBx7uAAAAAQAAAAAAAA5Tbm93LVBhdHJvbC1QQwAA/wABC6EyW+pFCABfAAAAXwAAAKQfcsIJagAIAhxHrggARQAAUQAKAACAERH6rBAFw6wQBQn10gA1AD29l0ChAQAAAQAAAAAAAAVfbGRhcARfdGNwAmRjBl9tc2RjcwpyYXB0b3ItbmF2A2NvbQAAIQABC6EyW8tGCACfAAAAnwAAAAAIAhxHrqQfcsIJaggARQAAkRtIQACAEbZ7rBAFCawQBcMANfXSAH10SEChhYAAAQABAAAAAQVfbGRhcARfdGNwAmRjBl9tc2RjcwpyYXB0b3ItbmF2A2NvbQAAIQABwAwAIQABAAACWAAkAAAAZAGFDXJhcHRvci1uYXYtZGMKcmFwdG9yLW5hdgNjb20AwEcAAQABAAAOEAAErBAFCQuhMlssSggAWAAAAFgAAACkH3LCCWoACAIcR64IAEUAAEoACwAAgBESAKwQBcOsEAUJ5kkANQA24WNoPgEAAAEAAAAAAAANcmFwdG9yLW5hdi1kYwpyYXB0b3ItbmF2A2NvbQAAAQABC6EyW9VKCABoAAAAaAAAAAAIAhxHrqQfcsIJaggARQAAWhtJQACAEbaxrBAFCawQBcMANeZJAEZ6kmg+hYAAAQABAAAAAA1yYXB0b3ItbmF2LWRjCnJhcHRvci1uYXYDY29tAAABAAHADAABAAEAAA4QAASsEAUJC6EyWyadCADVAAAA1QAAAKQfcsIJagAIAhxHrggARQAAxwAMAACAERGCrBAFw6wQBQnmSwGFALNydDCEAAAApQIBAWOEAAAAnAQACgEACgEAAgEAAgEAAQEAoIQAAAB1o4QAAAAcBAlEbnNEb21haW4ED3JhcHRvci1uYXYuY29tLqOEAAAAFgQESG9zdAQOU05PVy1QQVRST0wtUEOjhAAAAB4ECkRvbWFpbkd1aWQEEBK63d+iHnhDnYe31VhYE6ijhAAAAA0EBU50VmVyBAQWAAAgMIQAAAAKBAhOZXRsb2dvbguhMlsBnwgA6AAAAOgAAAAACAIcR66kH3LCCWoIAEUAANobSkAAgBG2MKwQBQmsEAXDAYXmSwDGL+gwhAAAAKICAQFkhAAAAJkEADCEAAAAkTCEAAAAiwQIbmV0bG9nb24xhAAAAHsEeRcAAAD9MwAAErrd36IeeEOdh7fVWFgTqApyYXB0b3ItbmF2A2NvbQDAGA1SQVBUT1ItTkFWLURDwBgKUkFQVE9SLU5BVgANUkFQVE9SLU5BVi1EQwAAF0RlZmF1bHQtRmlyc3QtU2l0ZS1OYW1lAMBWBQAAAP////8whAAAABACAQFlhAAAAAcKAQAEAAQAC6EyWwh6CQA8AAAAPAAAAAEAXgAAFgAIAhxHrggARgAAKAANAAABAjAhrBAFw+AAABaUBAAAIgD5AQAAAAEEAAAA4AAA/AAAAAAAAAuhMltVLQoAdAAAAHQAAACkH3LCCWoACAIcR64IAEUAAGYADgAAgBER4awQBcOsEAUJ/zYANQBSGlxNDgEAAAEAAAAAAAAFX2xkYXAEX3RjcBdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQZfc2l0ZXMKcmFwdG9yLW5hdgNjb20AACEAAQuhMlt3LgoAtAAAALQAAAAACAIcR66kH3LCCWoIAEUAAKYbSwAAgBH2Y6wQBQmsEAXDADX/NgCSSIBNDoWAAAEAAQAAAAEFX2xkYXAEX3RjcBdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQZfc2l0ZX
"deleted": false,
"disable_correlation": false,
"timestamp": "1530103974",
"to_ids": false,
"type": "attachment",
"uuid": "5b33885c-6c5c-4b29-9f13-55130acd0835",
"value": "2018-06-26-Emotet-infection-with-IcedID-in-AD-environment.pcap",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104281",
"to_ids": true,
"type": "url",
"uuid": "5b338896-dd80-41fc-9048-57290acd0835",
"value": "http://www.cycle-film.com/8TfTTH/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104279",
"to_ids": true,
"type": "url",
"uuid": "5b338896-4b00-461e-b415-57290acd0835",
"value": "http://thectrl24.com/gjOGw/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104283",
"to_ids": true,
"type": "url",
"uuid": "5b338896-1d48-4510-b1b0-57290acd0835",
"value": "http://amplajf.com.br/3YrZ/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104286",
"to_ids": true,
"type": "url",
"uuid": "5b338896-6efc-4c37-af55-57290acd0835",
"value": "http://hydrodom.org/WadY9E/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104293",
"to_ids": true,
"type": "url",
"uuid": "5b338896-6b60-4876-8b8c-57290acd0835",
"value": "http://iconholidays.com.bd/PHzC/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104295",
"to_ids": true,
"type": "url",
"uuid": "5b338896-31dc-48f7-842e-57290acd0835",
"value": "http://amplajf.com.br/3YrZ",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104297",
"to_ids": true,
"type": "url",
"uuid": "5b338896-3378-452f-a624-57290acd0835",
"value": "http://www.cycle-film.com/8TfTTH",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104299",
"to_ids": true,
"type": "url",
"uuid": "5b338896-0a64-48b2-b236-57290acd0835",
"value": "http://www.database.z-flooring.com/k70w",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104316",
"to_ids": true,
"type": "url",
"uuid": "5b338896-2e60-43a1-935f-57290acd0835",
"value": "http://www.trinityempire.org/pvYjZuR/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104318",
"to_ids": true,
"type": "url",
"uuid": "5b338896-bacc-4ba3-94ac-57290acd0835",
"value": "https://ift.tt/2N22nAf",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104321",
"to_ids": true,
"type": "url",
"uuid": "5b338896-3f04-4aa3-acbf-57290acd0835",
"value": "http://gtechuae.com/3Dha4/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of 2e2887fca7eb5a2ca32ac7cbaaee12cd via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104324",
"to_ids": true,
"type": "url",
"uuid": "5b338896-be34-4fbf-91e3-57290acd0835",
"value": "http://gtechuae.com/3Dha4",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#c5008e",
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389af-8e1c-4672-9dcc-4c970acd0835",
"value": "http://csszsz.hu/Statement/Invoice-13058",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-cef0-4a2d-af83-4c970acd0835",
"value": "http://www.orderauto.es/OVERDUE-ACCOUNT/Invoice-06-25-18/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-da90-4642-86b3-4c970acd0835",
"value": "http://www.dotlenieni.pl/Client/INV153088091775668874/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-c1c4-45f7-8002-4c970acd0835",
"value": "http://alpinewebgroup.com/Client/INV73405012321656/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-3b48-4797-af77-4c970acd0835",
"value": "http://www.chalet12.de/Payment-and-address/Invoice-745407/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-3e9c-42f9-b51b-4c970acd0835",
"value": "http://www.earthlinks.co.in/STATUS/Invoice-06-26-18/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-75c0-461c-9007-4c970acd0835",
"value": "http://melondisc.co.th/doc/rechnungs-details-0541324/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-1788-401b-8005-4c970acd0835",
"value": "http://tomsnyder.net/Rechnungsanschrift/Rechnung-028-486/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-307c-4a97-9571-4c970acd0835",
"value": "http://www.cosmo-medica.pl/Statement/Invoice-766799/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-8058-44d3-a0a5-4c970acd0835",
"value": "http://www.cosmo-medica.pl/Statement/Invoice-766799",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-6b74-4d52-83c6-4c970acd0835",
"value": "http://carricusa.com/ssfm/OVERDUE-ACCOUNT/Invoice-92602/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-97f0-4bce-9846-4c970acd0835",
"value": "http://wolffy.net/STATUS/Auditor-of-State-Notification-of-EFT-Deposit/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-3954-4dcb-b163-4c970acd0835",
"value": "http://www.ambassade-de-russie.fr/Rechnungsanschrift/Rech-Nr028891/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-ba70-4001-8fdd-4c970acd0835",
"value": "http://ipsupportonline.com/STATUS/Services-06-26-18-New-Customer-ZM/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-04f8-47fa-ba75-4c970acd0835",
"value": "http://ipsupportonline.com/STATUS/Services-06-26-18-New-Customer-ZM",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-ebec-4bf4-bc17-4c970acd0835",
"value": "http://cosmo-medica.pl/Statement/Invoice-766799/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-6b14-4ab4-af1a-4c970acd0835",
"value": "http://cosmo-medica.pl/Statement/Invoice-766799",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-a878-43b9-b2c4-4c970acd0835",
"value": "http://turski.eu/OVERDUE-ACCOUNT/Payment/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-cb30-41a6-8b0e-4c970acd0835",
"value": "http://www.ar.mtcuae.com/Statement/Invoice/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-8344-412d-8eea-4c970acd0835",
"value": "http://tomsnyder.net/Rechnungsanschrift/Rechnung-028-486",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-3c60-4513-8513-4c970acd0835",
"value": "http://tasomedia.com/Zahlung/Rechnungszahlung-017-6797/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-81b8-4596-923d-4c970acd0835",
"value": "http://r2consulting.net/Purchase/Invoice-06-25-18/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-2710-4cd4-9dc6-4c970acd0835",
"value": "http://jitkla.com/images/ACCOUNT/Client/Auditor-of-State-Notification-of-EFT-Deposit",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104388",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-110c-433a-ac58-4c970acd0835",
"value": "http://www.afpols-seminaires.fr/wp-content/Statement/Invoice-06-26-18",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Additional sources of c4796308953017c9dc69d340689e8efe via VT",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530104389",
"to_ids": true,
"type": "url",
"uuid": "5b3389b0-02cc-4755-a16e-4c970acd0835",
"value": "http://www.chipsroofingloveland.com/STATUS/Services-06-26-18-New-Customer-VH/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002051",
"local": "0",
"name": "ms-caro-malware-full:malware-platform=\"VBA\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#cc4900",
"local": "0",
"name": "diamond-model:Infrastructure",
"relationship_type": ""
},
{
"colour": "#8a0064",
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1530103350",
"uuid": "5b338636-f300-4c0a-9272-4d0c0acd0835",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1530103974",
"to_ids": true,
"type": "md5",
"uuid": "5b338636-eaa0-453f-9f58-4d0c0acd0835",
"value": "c4796308953017c9dc69d340689e8efe",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1530103974",
"to_ids": false,
"type": "text",
"uuid": "5b338636-8130-4203-865a-4d0c0acd0835",
"value": "hxxp://www.sandearth[.]com/Client/Invoice-955175372-062618/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1530103974",
"to_ids": true,
"type": "sha256",
"uuid": "5b338636-73f8-4ce5-aa5d-4d0c0acd0835",
"value": "fcbe9f4e5a8cbb6f74e4408d871ace98282ffc840245abeae3e158cc034cd094",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1530103974",
"to_ids": true,
"type": "sha1",
"uuid": "5b338636-535c-49d9-8ff6-4d0c0acd0835",
"value": "754bbba270998733bec18a69b64e2c27cc17b7f1",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1530103974",
"to_ids": true,
"type": "ssdeep",
"uuid": "5b338636-6a70-4891-b558-4d0c0acd0835",
"value": "3072:pH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5xyXJm9YBmjDP7vlQsO:pFVeEsjdXRC3jexGG62YWofP 7PO",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1530103974",
"to_ids": false,
"type": "text",
"uuid": "5b338636-0568-41fb-9a9b-4d0c0acd0835",
"value": "Malicious",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1530103528",
"uuid": "5b3386e8-364c-4bcd-a24c-55110acd0835",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1530103974",
"to_ids": true,
"type": "md5",
"uuid": "5b3386e8-f810-45b2-a2e9-55110acd0835",
"value": "2e2887fca7eb5a2ca32ac7cbaaee12cd",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1530103974",
"to_ids": false,
"type": "text",
"uuid": "5b3386e8-2444-4edd-97f6-55110acd0835",
"value": "hxxp://thectrl24[.]com/gjOGw/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1530103974",
"to_ids": true,
"type": "sha256",
"uuid": "5b3386e8-e61c-4115-9973-55110acd0835",
"value": "263365202c3905ae95f8a138f22317bb1db30eee0ddee0fd6ecc70f785df9a91",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1530103974",
"to_ids": true,
"type": "sha1",
"uuid": "5b3386e8-9f78-4424-ba37-55110acd0835",
"value": "ac76fa40b2cf525fb13a09560b70093641929523",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1530103974",
"to_ids": true,
"type": "ssdeep",
"uuid": "5b3386e8-54d0-4459-b9a4-55110acd0835",
"value": "1536:Hl6gpZcT7DTf/4Vy/prGquF9EXXXWqjplt4w7Or+tgyC:Ygu7vwVy/pqDeXWQpl13mx",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1530103974",
"to_ids": false,
"type": "text",
"uuid": "5b3386e8-7c78-4f53-9397-55110acd0835",
"value": "Malicious",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink