2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2017-10-03",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Malspam 2017-10-03",
|
|
|
|
"publish_timestamp": "1507020276",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1507020253",
|
|
|
|
"uuid": "59d341f4-3ef0-4520-84dc-499c950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:tool=\"Emotet\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#3b7500",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "59d342ac-fb40-4df8-b7fc-4412950d210f",
|
|
|
|
"value": "bb0ad0ef5d59e3122e040656ae9a40d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "59d342ac-43b0-4115-ab28-4e0c950d210f",
|
|
|
|
"value": "b6e4330f10e18c66a0e6245ffa47baca2e1e614c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "59d342ac-fb2c-48ef-8465-48eb950d210f",
|
|
|
|
"value": "e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59d342ac-013c-4242-8ce3-49ff950d210f",
|
|
|
|
"value": "https://www.virustotal.com/file/e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076/analysis/1507015288/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59d342ac-fcdc-43b2-8d03-47f4950d210f",
|
|
|
|
"value": "http://opara.co.za/hlZWpwYFR/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59d342ac-bd1c-41a8-86bc-431b950d210f",
|
|
|
|
"value": "197.221.2.8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59d342ac-8fdc-46ff-bb0f-42bc950d210f",
|
|
|
|
"value": "http://ctmket.com/FwdBho/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59d342ac-4550-4ff2-bc2f-4321950d210f",
|
|
|
|
"value": "208.91.199.145"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59d342ac-b4d0-42df-a139-4d6d950d210f",
|
|
|
|
"value": "http://q-productions.com/jkXHSKSGj/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59d342ac-00e8-4c81-84ed-4222950d210f",
|
|
|
|
"value": "216.117.177.69"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "59d342ac-af54-4b8b-a56d-4580950d210f",
|
|
|
|
"value": "toolgeeker.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "59d342ac-2b5c-4297-869a-4753950d210f",
|
|
|
|
"value": "goodmansbbq.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "59d342ac-fbc4-4e2d-9c18-4ec6950d210f",
|
|
|
|
"value": "e64d0353e023f76b16b386399b392b63"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "59d342ac-c2a8-4617-9646-4992950d210f",
|
|
|
|
"value": "6cb27ac6691a210251a3f42c8a0912192b5446ad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "59d342ac-f5a4-4841-a73b-47c8950d210f",
|
|
|
|
"value": "8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59d342ac-89f8-4f7d-8df9-4e80950d210f",
|
|
|
|
"value": "https://www.virustotal.com/file/8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda/analysis/1507015564/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017580",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59d342ac-6698-4ff1-a57a-4c36950d210f",
|
|
|
|
"value": "https://en.wikipedia.org/wiki/Emotet"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "59d342ac-1b60-45f5-ab97-4e08950d210f",
|
|
|
|
"value": "tomax.hk"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017388",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59d342ac-7674-45c3-89ff-4e3e950d210f",
|
|
|
|
"value": "http://tomax.hk/SOLS-706827815-97560632-Neuer-RV/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1507017397",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59d342b5-c0fc-492f-9275-4a17950d210f",
|
|
|
|
"value": "203.135.130.135"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|