misp-circl-feed/feeds/circl/misp/0733f160-8e52-4548-a4c8-19a1cfb41d0d.json

{
  "Event": {
    "analysis": "0",
    "date": "2020-06-24",
    "extends_uuid": "",
    "info": "zloader: VBA, R1C1 References, and Other Tomfoolery",
    "publish_timestamp": "1677075131",
    "published": true,
    "threat_level_id": "4",
    "timestamp": "1612475411",
    "uuid": "0733f160-8e52-4548-a4c8-19a1cfb41d0d",
    "Orgc": {
      "name": "Centre for Cyber security Belgium",
      "uuid": "5cf66e53-b5f8-43e7-be9a-49880a3b4631"
    },
    "Tag": [
      {
        "colour": "#f82378",
        "local": false,
        "name": "zloader",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#DADCF0",
        "local": false,
        "name": "inthreat:event-src=\"feed-osint\"",
        "relationship_type": ""
      },
      {
        "colour": "#0fc000",
        "local": false,
        "name": "admiralty-scale:information-credibility=\"2\"",
        "relationship_type": ""
      },
      {
        "colour": "#075200",
        "local": false,
        "name": "admiralty-scale:source-reliability=\"b\"",
        "relationship_type": ""
      },
      {
        "colour": "#e2007a",
        "local": false,
        "name": "workflow:state=\"complete\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1592995840",
        "to_ids": true,
        "type": "sha256",
        "uuid": "9c87b754-6bc2-414d-82e9-0d07f2130be7",
        "value": "b29c145d4b78daed34dea28a0a11bab857d5583dc6a00578a877511d0d01d3d2"
      }
    ],
    "Object": [
      {
        "comment": "External Analysis",
        "deleted": false,
        "description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",
        "meta-category": "misc",
        "name": "annotation",
        "template_uuid": "5d8dc046-15a1-4ca3-a09f-ed4ede7c4487",
        "template_version": "2",
        "timestamp": "1593003580",
        "uuid": "5ef34e3c-f70c-4526-9abb-44f6ac13a7a7",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "ref",
            "timestamp": "1593003580",
            "to_ids": false,
            "type": "link",
            "uuid": "5ef34e3c-3620-41b8-a096-44f6ac13a7a7",
            "value": "https://clickallthethings.wordpress.com/2020/06/19/zloader-vba-r1c1-references-and-other-tomfoolery/"
          },
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "ref",
            "timestamp": "1593003580",
            "to_ids": false,
            "type": "link",
            "uuid": "5ef34e3c-3110-40af-8f22-44f6ac13a7a7",
            "value": "https://twitter.com/abuse_ch"
          },
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1593003580",
            "to_ids": false,
            "type": "text",
            "uuid": "5ef34e3c-d9e4-4ca8-957b-44f6ac13a7a7",
            "value": "zloader: VBA, R1C1 References, and Other Tomfoolery\r\nJune 19, 2020 ~ Jamie\t\r\n\r\nThe other day, @reecDeep tweeted about new behavior from zloader documents. Another document from the same campaign crossed my path and I decided to take a crack at it."
          }
        ]
      },
      {
        "comment": "Domains",
        "deleted": false,
        "description": "Whois records information for a domain name or an IP address.",
        "meta-category": "network",
        "name": "whois",
        "template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
        "template_version": "10",
        "timestamp": "1593003610",
        "uuid": "5ef34e5a-b2a8-4ca8-8a0e-44f6ac13a7a7",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "domain",
            "timestamp": "1593003610",
            "to_ids": true,
            "type": "domain",
            "uuid": "5ef34e5a-6d34-4a50-87a8-44f6ac13a7a7",
            "value": "procacardenla.ga"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "domain",
            "timestamp": "1593003611",
            "to_ids": true,
            "type": "domain",
            "uuid": "5ef34e5b-ac9c-41e2-91a5-44f6ac13a7a7",
            "value": "datalibacbi.ml"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "domain",
            "timestamp": "1593003611",
            "to_ids": true,
            "type": "domain",
            "uuid": "5ef34e5b-a1b0-4af0-8636-44f6ac13a7a7",
            "value": "wireborg.com"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "domain",
            "timestamp": "1593003611",
            "to_ids": true,
            "type": "domain",
            "uuid": "5ef34e5b-6df8-49d5-9b09-44f6ac13a7a7",
            "value": "zmedia.shwetech.com"
          }
        ]
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"Event": {`
			`"analysis": "0",`
			`"date": "2020-06-24",`
			`"extends_uuid": "",`
			`"info": "zloader: VBA, R1C1 References, and Other Tomfoolery",`
			`"publish_timestamp": "1677075131",`
			`"published": true,`
			`"threat_level_id": "4",`
			`"timestamp": "1612475411",`
			`"uuid": "0733f160-8e52-4548-a4c8-19a1cfb41d0d",`
			`"Orgc": {`
			`"name": "Centre for Cyber security Belgium",`
			`"uuid": "5cf66e53-b5f8-43e7-be9a-49880a3b4631"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#f82378",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "zloader",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "tlp:white",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#DADCF0",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "inthreat:event-src=\"feed-osint\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0fc000",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "admiralty-scale:information-credibility=\"2\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#075200",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "admiralty-scale:source-reliability=\"b\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#e2007a",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "workflow:state=\"complete\"",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1592995840",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "9c87b754-6bc2-414d-82e9-0d07f2130be7",`
			`"value": "b29c145d4b78daed34dea28a0a11bab857d5583dc6a00578a877511d0d01d3d2"`
			`}`
			`],`
			`"Object": [`
			`{`
			`"comment": "External Analysis",`
			`"deleted": false,`
			`"description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",`
			`"meta-category": "misc",`
			`"name": "annotation",`
			`"template_uuid": "5d8dc046-15a1-4ca3-a09f-ed4ede7c4487",`
			`"template_version": "2",`
			`"timestamp": "1593003580",`
			`"uuid": "5ef34e3c-f70c-4526-9abb-44f6ac13a7a7",`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "ref",`
			`"timestamp": "1593003580",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5ef34e3c-3620-41b8-a096-44f6ac13a7a7",`
			`"value": "https://clickallthethings.wordpress.com/2020/06/19/zloader-vba-r1c1-references-and-other-tomfoolery/"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "ref",`
			`"timestamp": "1593003580",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5ef34e3c-3110-40af-8f22-44f6ac13a7a7",`
			`"value": "https://twitter.com/abuse_ch"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "text",`
			`"timestamp": "1593003580",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "5ef34e3c-d9e4-4ca8-957b-44f6ac13a7a7",`
			`"value": "zloader: VBA, R1C1 References, and Other Tomfoolery\r\nJune 19, 2020 ~ Jamie\t\r\n\r\nThe other day, @reecDeep tweeted about new behavior from zloader documents. Another document from the same campaign crossed my path and I decided to take a crack at it."`
			`}`
			`]`
			`},`
			`{`
			`"comment": "Domains",`
			`"deleted": false,`
			`"description": "Whois records information for a domain name or an IP address.",`
			`"meta-category": "network",`
			`"name": "whois",`
			`"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",`
			`"template_version": "10",`
			`"timestamp": "1593003610",`
			`"uuid": "5ef34e5a-b2a8-4ca8-8a0e-44f6ac13a7a7",`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "domain",`
			`"timestamp": "1593003610",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5ef34e5a-6d34-4a50-87a8-44f6ac13a7a7",`
			`"value": "procacardenla.ga"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "domain",`
			`"timestamp": "1593003611",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5ef34e5b-ac9c-41e2-91a5-44f6ac13a7a7",`
			`"value": "datalibacbi.ml"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "domain",`
			`"timestamp": "1593003611",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5ef34e5b-a1b0-4af0-8636-44f6ac13a7a7",`
			`"value": "wireborg.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "domain",`
			`"timestamp": "1593003611",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5ef34e5b-6df8-49d5-9b09-44f6ac13a7a7",`
			`"value": "zmedia.shwetech.com"`
			`}`
			`]`
			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`]`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`