adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a54ca42-e9a0-4d71-a9e6-4f9b950d210f.json

355 lines
12 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2017-09-27",
"extends_uuid": "",
"info": "OSINT - Experts analyzed an Advanced \"all in memory\" CryptoWorm",
"publish_timestamp": "1518771036",
"published": true,
"threat_level_id": "3",
"timestamp": "1516071630",
"uuid": "5a54ca42-e9a0-4d71-a9e6-4f9b950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008849",
"to_ids": false,
"type": "link",
"uuid": "5a54ca53-f374-44ba-9475-455f950d210f",
"value": "http://securityaffairs.co/wordpress/63488/malware/advanced-memory-cryptoworm.html",
"Tag": [
{
"colour": "#00223b",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008850",
"to_ids": false,
"type": "comment",
"uuid": "5a5c5cdc-dd14-4415-8ce3-4ae3950d210f",
"value": "Today I want to share a nice Malware analysis having an interesting flow. The \u00e2\u20ac\u0153interesting\u00e2\u20ac\u009d adjective comes from the abilities the given sample owns. Capabilities of exploiting, hard obfuscations and usage of advanced techniques to steal credentials and run commands.\r\n\r\nThe analyzed sample has been provided by a colleague of mine (Alessandro) who received the first stage by eMail. A special thanks to Luca and Edoardo for having recognized XMRig during the last infection stage.",
"Tag": [
{
"colour": "#00223b",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008850",
"to_ids": true,
"type": "filename",
"uuid": "5a5c5d76-21e8-42fd-8b34-4d39950d210f",
"value": "info6.ps1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008850",
"to_ids": true,
"type": "url",
"uuid": "5a5c5d76-59e8-46ee-88b7-4240950d210f",
"value": "http://118.184.48.95:8000/"
},
{
"category": "Financial fraud",
"comment": "Monero Address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008851",
"to_ids": false,
"type": "other",
"uuid": "5a5c5dfd-aaac-4c47-9eff-417d950d210f",
"value": "46CJt5F7qiJiNhAFnSPN1G7BMTftxtpikUjt8QXRFwFH2c3e1h6QdJA5dFYpTXK27dEL9RN3H2vLc6eG2wGahxpBK5zmCuE"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516002831",
"to_ids": true,
"type": "sha256",
"uuid": "5a5c5e0f-4364-483b-98c3-4fad950d210f",
"value": "19e15a4288e109405f0181d921d3645e4622c87c4050004357355b7a9bf862cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516002831",
"to_ids": true,
"type": "sha256",
"uuid": "5a5c5e0f-0dac-46db-b486-4cbb950d210f",
"value": "038d4ef30a0bfebe3bfd48a5b6fed1b47d1e9b2ed737e8ca0447d6b1848ce309"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008851",
"to_ids": true,
"type": "filename",
"uuid": "5a5c5e62-827c-4ed3-94d6-4de0950d210f",
"value": "y1.bat"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1516008854",
"uuid": "ef15fe55-96db-4f8e-a563-90107aa04fd8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ef15fe55-96db-4f8e-a563-90107aa04fd8",
"referenced_uuid": "f12256d2-41cd-4eb1-bbd1-fb0128573238",
"relationship_type": "analysed-with",
"timestamp": "1518771036",
"uuid": "5a5c759a-d860-423d-b8e8-417702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516008852",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7594-c11c-4a83-bf8d-42f702de0b81",
"value": "8da156580747bf9ef8fa4d1c42ee112ab743da69"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1516008852",
"to_ids": true,
"type": "md5",
"uuid": "5a5c7594-fdd4-4116-ba61-4f5e02de0b81",
"value": "9ac3bdb9378cd1fafbb8e08def738481"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1516008852",
"to_ids": true,
"type": "sha256",
"uuid": "5a5c7594-dc68-4253-a790-454802de0b81",
"value": "038d4ef30a0bfebe3bfd48a5b6fed1b47d1e9b2ed737e8ca0447d6b1848ce309"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1516008853",
"uuid": "f12256d2-41cd-4eb1-bbd1-fb0128573238",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1516008853",
"to_ids": false,
"type": "link",
"uuid": "5a5c7595-db48-49f6-84da-459f02de0b81",
"value": "https://www.virustotal.com/file/038d4ef30a0bfebe3bfd48a5b6fed1b47d1e9b2ed737e8ca0447d6b1848ce309/analysis/1513112352/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1516008853",
"to_ids": false,
"type": "text",
"uuid": "5a5c7595-4a78-4b7d-b6d0-422f02de0b81",
"value": "47/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1516008854",
"to_ids": false,
"type": "datetime",
"uuid": "5a5c7596-3728-4530-b061-411f02de0b81",
"value": "2017-12-12T20:59:12"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1516008857",
"uuid": "d932fbce-6248-4955-bf1c-ddbd669a67b3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d932fbce-6248-4955-bf1c-ddbd669a67b3",
"referenced_uuid": "c46c80e3-a03a-497f-87ee-816333479203",
"relationship_type": "analysed-with",
"timestamp": "1518771036",
"uuid": "5a5c759a-3aac-478c-874d-482902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516008854",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7596-2d24-46fd-b61a-488802de0b81",
"value": "686761aff5e4efedbc5b2931c0f214d8ba7b9463"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1516008854",
"to_ids": true,
"type": "md5",
"uuid": "5a5c7596-ffec-4371-921c-4b1302de0b81",
"value": "8365158c74008879df00a9d49e61aaea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1516008855",
"to_ids": true,
"type": "sha256",
"uuid": "5a5c7597-0f38-4b34-865c-47fe02de0b81",
"value": "19e15a4288e109405f0181d921d3645e4622c87c4050004357355b7a9bf862cc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1516008855",
"uuid": "c46c80e3-a03a-497f-87ee-816333479203",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1516008856",
"to_ids": false,
"type": "link",
"uuid": "5a5c7598-efc4-400f-9451-4f2502de0b81",
"value": "https://www.virustotal.com/file/19e15a4288e109405f0181d921d3645e4622c87c4050004357355b7a9bf862cc/analysis/1513112312/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1516008857",
"to_ids": false,
"type": "text",
"uuid": "5a5c7599-bbfc-49f5-bf91-417d02de0b81",
"value": "30/65"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1516008857",
"to_ids": false,
"type": "datetime",
"uuid": "5a5c7599-ce88-4d2a-9ccd-446c02de0b81",
"value": "2017-12-12T20:58:32"
}
]
}
]
}
}
Reference in a new issue Copy permalink