1 line
18 KiB
JSON
1 line
18 KiB
JSON
|
{"Event": {"info": "OSINT - Felipe, a new infostealer Trojan", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#284800", "exportable": true, "name": "malware_classification:malware-category=\"Trojan\""}, {"colour": "#500064", "exportable": true, "name": "ms-caro-malware:malware-type=\"Trojan\""}, {"colour": "#00183c", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Trojan\""}, {"colour": "#004f4f", "exportable": true, "name": "ecsirt:malicious-code=\"trojan\""}, {"colour": "#5a0041", "exportable": true, "name": "CERT-XLM:malicious-code=\"trojan-malware\""}, {"colour": "#bd472d", "exportable": true, "name": "keylogger/infostealer"}, {"colour": "#e7007d", "exportable": true, "name": "workflow:state=\"incomplete\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}], "publish_timestamp": "0", "timestamp": "1563527786", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d109029-f448-4859-b7c3-acd8950d210f", "sharing_group_id": "0", "timestamp": "1563527779", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "5d109029-f448-4859-b7c3-acd8950d210f", "uuid": "5d318a64-ab70-46b3-a836-478802de0b81", "timestamp": "1563527780", "referenced_uuid": "ecc0c45a-2208-4171-a606-ccacbe28b955", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d109029-0080-4cca-aa98-acd8950d210f", "timestamp": "1561371771", "to_ids": true, "value": "vshost.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109034-4474-44fc-8b1a-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\vshost.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109036-d118-485b-b410-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\vshost.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109036-372c-462d-a643-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109037-0f64-4ced-80e0-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5d10a47b-08ec-4f3f-8f7c-429e950d210f", "timestamp": "1561371771", "to_ids": true, "value": "15ce8f849fff4cc8675900ec838a93f9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d1092e1-eb28-463b-83ec-47da950d210f", "sharing_group_id": "0", "timestamp": "1563527780", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "5d1092e1-eb28-463b-83ec-47da950d210f", "uuid": "5d318a64-760c-4068-8cd1-400e02de0b81", "timestamp": "1563527780", "referenced_uuid": "02aee86e-c588-4ea9-bd2e-aef1535846cd", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d1092e2-b6b4-47b7-856b-47b9950d210f", "timestamp": "1561369949", "to_ids": true, "value": "explorer32.exe", "disable_correlation"
|