misp-circl-feed/feeds/circl/misp/5c4adca6-8a80-4096-b289-47eb950d210f.json

1 line
479 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - Silence group targeting Russian Banks via Malicious CHM", "Tag": [{"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote File Copy - T1105\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Mshta - T1170\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Masquerading - T1036\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\""}, {"colour": "#e7007d", "exportable": true, "name": "workflow:state=\"incomplete\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1548432100", "Object": [{"comment": "one of the largest banking groups in the Middle East in terms of assets. Russia-based office.", "template_uuid": "a8806e40-39ad-435f-be02-ac2a13d6fc7d", "uuid": "5c4ae48a-3218-4d00-b1b8-4ea7950d210f", "sharing_group_id": "0", "timestamp": "1548412875", "description": "Victim object describes the target of an attack or abuse.", "template_version": "4", "Attribute": [{"comment": "", "category": "Other", "uuid": "5c4ae48a-cdc8-4489-a223-4186950d210f", "timestamp": "1548412875", "to_ids": false, "value": "financial services", "disable_correlation": false, "object_relation": "sectors", "type": "text"}, {"comment": "", "category": "Targeting data", "uuid": "5c4ae48a-c010-474c-84eb-4742950d210f", "timestamp": "1548412875", "to_ids": false, "value": "Emirates NBD Bank (National Bank of Dubai)", "disable_correlation": false, "object_relation": "name", "type": "target-org"}], "distribution": "5", "meta-category": "misc", "name": "victim"}, {"comment": "West Siberian Commercial Bank (WSCB). Russia.", "template_uuid": "a8806e40-39ad-435f-be02-ac2a13d6fc7d", "uuid": "5c4ae86b-8dfc-4f6c-91fe-4840950d210f", "sharing_group_id": "0", "timestamp": "1548413169", "description": "Victim object describes the target of an attack or abuse.", "template_version": "4", "Attribute": [{"comment": "", "category": "Other", "uuid": "5c4ae86b-05d8-4544-8b3f-4861950d210f", "timestamp": "1548413169", "to_ids": false, "value": "financial services", "disable_correlation": false, "object_relation": "sectors", "type": "text"}, {"comment": "", "category": "Targeting data", "uuid": "5c4ae86b-2570-434a-85b7-4cf3950d210f", "timestamp": "1548413169", "to_ids": false, "value": "Zapsibkombank (Zapadno-Sibirskiy Kommercheskiy Bank)", "disable_correlation": false, "object_relation": "name", "type": "target-org"}], "distribution": "5", "meta-category": "misc", "name": "victim"}, {"comment": "Russia", "template_uuid": "a8806e40-39ad-435f-be02