2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2018-08-01",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Ursnif, MALWAREMESSIAGH",
|
|
|
|
"publish_timestamp": "1533306986",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1533306089",
|
|
|
|
"uuid": "5b646415-7b48-40d5-86b4-c0070acd0835",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "Synovus Financial",
|
|
|
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ab34e3",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "PasteBin: MALWAREMESSIAGH",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "misp-galaxy:banker=\"Gozi\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Ursnif",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1533306058",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835",
|
|
|
|
"value": "ooiasjdnqjwbeasdasd.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Ursnif",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1533306058",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835",
|
|
|
|
"value": "eqowiesajenqweasd.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Ursnif",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1533306058",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835",
|
|
|
|
"value": "dquohwdihaewqdcas.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Ursnif",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1533306058",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835",
|
|
|
|
"value": "diqjwhebseqhbasdh.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Ursnif dropped file",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1533306089",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835",
|
|
|
|
"value": "http://sistemait.it/softaculous/backup/client.rar"
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|