misp-circl-feed/feeds/circl/misp/5c47f54e-1cf4-48d1-b188-245768f8e8cf.json

326 lines
10 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2019-01-23",
"extends_uuid": "",
"info": "2019-01-22: Emotet->TrickBot",
"publish_timestamp": "1589183543",
"published": true,
"threat_level_id": "2",
"timestamp": "1621849996",
"uuid": "5c47f54e-1cf4-48d1-b188-245768f8e8cf",
"Orgc": {
"name": "VK-Intel",
"uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf"
},
"Tag": [
{
"colour": "#cdce6a",
"local": "0",
"name": "Banker: TrickBot",
"relationship_type": ""
},
{
"colour": "#3e9874",
"local": "0",
"name": "Version: 1057",
"relationship_type": ""
},
{
"colour": "#54cc21",
"local": "0",
"name": "core-parser.dll",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Trick Bot\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:banker=\"Trickbot\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Emotet\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548219726",
"to_ids": true,
"type": "md5",
"uuid": "5c47f54e-b264-446a-84d4-245768f8e8cf",
"value": "e6aab38ff1d7cf9edd1f9279875248fa"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548586998",
"to_ids": false,
"type": "link",
"uuid": "5c4d8fac-8190-44f5-9bf5-4abc02de0b81",
"value": "https://www.virustotal.com/en/file/8e4cc0539b4921b0222081a0948bd149f10a027f73983e9ade36d4045f69921f/analysis/1548422859/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548586997",
"to_ids": false,
"type": "link",
"uuid": "5c4d8fbf-a68c-4cd8-86ac-438702de0b81",
"value": "https://github.com/k-vitali/TrickBot-share/blob/master/2019-01-22-TrickBot-banker-client-1057_misp.json",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548219813",
"uuid": "3ffca240-fd85-4f51-910b-ad6932f4c23a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1548220136",
"to_ids": true,
"type": "filename",
"uuid": "52a4c62d-7611-4292-aa17-a08aec09d88b",
"value": "2019-01-22-trickbot-loader.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1548219813",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1c2008c7-f570-472a-8d82-e1be1eb79668",
"value": "232960"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1548219813",
"to_ids": false,
"type": "float",
"uuid": "c41cb7c1-e73e-4703-a44d-51a2a8fed74a",
"value": "7.682967694857"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548219813",
"to_ids": true,
"type": "md5",
"uuid": "85af8158-feb3-4e64-bf7e-3bdc60ce2cb5",
"value": "e6aab38ff1d7cf9edd1f9279875248fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548219813",
"to_ids": true,
"type": "sha1",
"uuid": "e26bbbcf-5096-497b-b326-967ef6ab312a",
"value": "fba09f81056ab943bb90e1500cb1d1317ae2e36e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548219813",
"to_ids": true,
"type": "sha256",
"uuid": "76d3e61f-90d5-4fed-b56c-8d6d4805ee31",
"value": "8e4cc0539b4921b0222081a0948bd149f10a027f73983e9ade36d4045f69921f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1548219813",
"to_ids": true,
"type": "sha512",
"uuid": "360df383-e053-49ae-b65d-20e693032e6c",
"value": "5e17b9ac8e65b072249d7aa40fceac7f169fd43ce26b2a590dbc124a7257a4a19bd68df9551643a666c8837ce1f38d40b27bf39eba5ebfadb2986e661bfc652e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548219850",
"uuid": "d135cc85-6672-4e0e-be10-90e91b894a9f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1548220126",
"to_ids": true,
"type": "filename",
"uuid": "aa47ca0c-52d3-4f33-a7af-2f2cc3d7b58b",
"value": "core-parser.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1548219850",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0201b616-8acf-4c84-a906-318966f19bf5",
"value": "217600"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1548219850",
"to_ids": false,
"type": "float",
"uuid": "20fbbad7-bc95-499d-99fc-e1572f0d4681",
"value": "6.5165485023488"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548219850",
"to_ids": true,
"type": "md5",
"uuid": "a68ad5bc-3ea3-41d3-b406-cf7879db34be",
"value": "4d0c97d8315be2c87c5b9ec855cad88d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548219850",
"to_ids": true,
"type": "sha1",
"uuid": "c284d6a7-6431-44cb-a08d-acb268b52bbb",
"value": "fb5d538084489a7b7b4c9be80cd221b338c6b39c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548219850",
"to_ids": true,
"type": "sha256",
"uuid": "0351e2ee-4691-4691-8cbf-02e89487707b",
"value": "40bbc0b76af2a2130c3ceaba8a2f1fa255bbbef138e2f37c995ee32c6bcccbf8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1548219850",
"to_ids": true,
"type": "sha512",
"uuid": "fbc17eeb-7a25-444e-abdb-6b7d179cd6a3",
"value": "b19d95f067e2adeda48554d33397ae16c296db6a4cf9eb66c7abb13ddd964d3c5a83cc7e6074168f512aeb8b64338d7c5cef93a629c8592d4b7ebb731d252d05"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}