1 line
128 KiB
JSON
1 line
128 KiB
JSON
|
{"Event": {"info": "Bulletin d\u2019actualit\u00e9 CERTFR-2019-ACT-005", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Ryuk\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"LockerGoga\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Ryuk ransomware\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-tool=\"Cobalt Strike\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:rat=\"Cobalt Strike\""}], "publish_timestamp": "0", "timestamp": "1554446032", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "sharing_group_id": "0", "timestamp": "1554375766", "description": "File object describing a file with meta-information", "template_version": "16", "ObjectReference": [{"comment": "", "object_uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "uuid": "5c9c8839-9dcc-4a9c-956a-ee7a950d210f", "timestamp": "1553762361", "referenced_uuid": "5c9c882a-a40c-46db-a3f5-f383950d210f", "relationship_type": "creator-of"}, {"comment": "", "object_uuid": "5c9c866a-b3b4-41e8-9594-f646950d210f", "uuid": "5ca5e45b-ec54-4654-b5a7-c89d950d210f", "timestamp": "1554375771", "referenced_uuid": "3ba890fa-43c6-4805-a7ab-2fba74c0ced0", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-7bac-4b33-853b-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "52340664fe59e030790c48b66924b5bd", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-b3f4-4075-bc7c-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5c9c866a-9e38-448e-8bfd-f646950d210f", "timestamp": "1553761898", "to_ids": true, "value": "73171ffa6dfee5f9264e3d20a1b6926ec1b60897", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Other", "uuid": "5c9c866a-0458-402e-bee4-f646950d210f", "timestamp": "1553761898", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9c866a-0750-43bf-8e6a-f646950d210f", "timestamp": "1553761898", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c9c882a-a40c-46db-a3f5-f383950d210f", "sharing_group_id": "0", "timestamp": "1553762346", "description": "File object describing a file with meta-information", "template_version": "16", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c9c882b-a1b0-45c1-9345-f383950d210f", "timestamp": "1553762347", "to_ids": true, "value": "README-NOW.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c9c882b-e844-4144-9c16-f383950d210f", "timestamp": "1553762347", "to_ids": false, "value": "Adobe-Standard-Encoding", "disable_correlation": true, "object_relation": "file-encoding", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c9c882b-f7a0-4714-8997-f383950d210f", "timestamp": "1553762347", "to_ids": false, "value": "Malicious", "disable_correlation":
|