1 line
539 KiB
JSON
1 line
539 KiB
JSON
|
{"Event": {"info": "OSINT - .sg domain used to host malware", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:banker=\"Geodo\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Emotet\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Geodo\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-malware=\"Emotet - S0367\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Emotet\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#006262", "exportable": true, "name": "ecsirt:malicious-code=\"malware\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#d6f264", "exportable": true, "name": "MALWARE"}], "publish_timestamp": "0", "timestamp": "1563276762", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5d2c2aa0-89a4-4db5-976f-4355950d210f", "sharing_group_id": "0", "timestamp": "1563175687", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "6", "ObjectReference": [{"comment": "", "object_uuid": "5d2c2aa0-89a4-4db5-976f-4355950d210f", "uuid": "5d2c2b07-a2e4-490d-85ab-4319950d210f", "timestamp": "1563175687", "referenced_uuid": "5d2c2adf-96a0-4b5a-8ebd-4c89950d210f", "relationship_type": "contains"}], "Attribute": [{"comment": "", "category": "Other", "uuid": "5d2c2aa0-ba00-499a-9af6-47cf950d210f", "timestamp": "1563175584", "to_ids": false, "value": "I was curious to see how many .SG domains have been used recently to host #malware. Turns out, quite a few were used to host and spread the #emotet #banking #trojan. \r\nIOCs here - (link: https://github.com/vicky-ray/IOCs/blob/master/SG_domains_hosting_Emotet_malware) github.com/vicky-ray/IOCs\u2026\r\n@CSAsingapore\r\n @douglasmun", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5d2c2aa0-9004-408e-8423-468e950d210f", "timestamp": "1563175584", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5d2c2aa0-83a4-474c-8262-401f950d210f", "timestamp": "1563175584", "to_ids": true, "value": "https://mobile.twitter.com/0xVK/status/1145602745560227841", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5d2c2aa0-3898-4891-9c83-4c0a950d210f", "timestamp": "1563175584", "to_ids": false, "value": "@douglasmun", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5d2c2aa0-3b88-4577-a1b7-462a950d210f", "timestamp": "1563175584", "to_ids": false, "value": "@CSAsingapore", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5d2c2aa0-a0a8-4f5c-9bed-41f6950d210f", "timestamp": "1563175584", "to_ids": true, "value": "https://github.com/vicky-ray/IOCs/blob/master/SG_domains_hosting_Emotet_malware", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5d2c2aa0-1678-4822-8407-4e08950d210f", "timestamp": "1563175584", "to_ids": true, "value": "https://t.co/WrQ5FobWem?amp=1", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5d2c2aa0-18a8-465c-aabe-4104950d210f", "timestamp": "1563175584", "to_ids": false, "value": "0xVK", "disable_correlation": false, "object_relation": "username", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5d2c2aa0-65d8-4101-8805-482f950d210f", "timestamp": "1563175584", "to_ids"
|