adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5bb3b566-b054-436e-aabf-4bd902de0b81.json

1080 lines
517 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-10-02",
"extends_uuid": "",
"info": "OSINT - CIG Circular 66 \u00e2\u20ac\u201c FASTCash ATM Cash Out Campaign",
"publish_timestamp": "1538565940",
"published": true,
"threat_level_id": "3",
"timestamp": "1538565800",
"uuid": "5bb3b566-b054-436e-aabf-4bd902de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#6bd600",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "circl:topic=\"finance\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538504180",
"to_ids": false,
"type": "text",
"uuid": "5bb3b5f4-4388-4cd9-b681-4aa602de0b81",
"value": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs to steal cash equivalent to tens of millions of dollars"
},
{
"category": "External analysis",
"comment": "",
"data": "JVBERi0xLjUNJeLjz9MNCjUzNSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCAzNjA0ODkvTyA1MzcvRSAxNzYyNjYvTiAxMS9UIDM2MDAzNC9IIFsgNTI3IDM3NF0+Pg1lbmRvYmoNICAgICAgICAgICAgDQo1NTkgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDUvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzxENjYxMDdBNzczQjVEMTQ0ODIyNkUyMDMyOUEwNTkzND48NTk0OEIzRTdEMTk3RDc0NTg5RTEyNzVCNDE3RjE2RTM+XS9JbmRleFs1MzUgNDddL0luZm8gNTM0IDAgUi9MZW5ndGggMTE2L1ByZXYgMzYwMDM1L1Jvb3QgNTM2IDAgUi9TaXplIDU4Mi9UeXBlL1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmBgLgWRjDPA5BwQybERRDLJg2UrQCRLHJj8Cya1wCp1wWxWMPkUrF4GzL4NJjNAJCvYBEZlEMkVBSIZQkEk/2sQmdoAJBmrtoDZJ4Dk/5wFDEyMDEzLwCoZGAeA/M/A8PUNQIABAEwmEnENCmVuZHN0cmVhbQ1lbmRvYmoNc3RhcnR4cmVmDQowDQolJUVPRg0KICAgICAgICAgDQo1ODEgMCBvYmoNPDwvQyAzMDkvRmlsdGVyL0ZsYXRlRGVjb2RlL0kgMzMzL0xlbmd0aCAyODUvUyAyMjc+PnN0cmVhbQ0KaN5iYGBgAqLlDKwMDMKMDEIMCCDEwAIUZWHgWODG0KDAwbQsmsHna/Yd1nrG50BZfgNGPWZ9h78fZDhO15y8eb0Bpq2jwno+x6lEgTs/fZTk9MqdjOY2KT56VfzUOgDIfel3UOBj8c4PPcsT5jiXKGu2PJITeX7IaC6T4s5PM1xsLD/NYGCO6OjoYGCQ6OhoYAYyWFzBXDYwydHRwMBoAWYCpRkYNEBMkCAQ43QekCfLwMrCC6TFgFgS7MpQBkGGxY3XGSwdlAwUPPgWsK9iuMF4g+EJg8UDiwSFGfwajHO4gEHCvLSnNX3qZ+05uS29lxh3MinCvKnAwBr4EUgD1Uh/ZQAFIusBByCtzsBamwmkGYH4F0CAAQDaG1ztDQplbmRzdHJlYW0NZW5kb2JqDTUzNiAwIG9iag08PC9MYW5nKP7/AEUATgAtAFUAUykvTWFya0luZm88PC9NYXJrZWQgdHJ1ZT4+L01ldGFkYXRhIDM3IDAgUi9QYWdlTGF5b3V0L09uZUNvbHVtbi9QYWdlcyA1MzEgMCBSL1N0cnVjdFRyZWVSb290IDc1IDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNNTM3IDAgb2JqDTw8L0Fubm90cyA1NjAgMCBSL0NvbnRlbnRzWzU0MSAwIFIgNTQyIDAgUiA1NDMgMCBSIDU0NSAwIFIgNTQ2IDAgUiA1NDggMCBSIDU0OSAwIFIgNTUwIDAgUl0vQ3JvcEJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9NZWRpYUJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9QYXJlbnQgNTMyIDAgUi9SZXNvdXJjZXM8PC9Db2xvclNwYWNlPDwvQ1MwIDU2MiAwIFIvQ1MxIDU2MyAwIFI+Pi9FeHRHU3RhdGU8PC9HUzAgNTY0IDAgUj4+L0ZvbnQ8PC9DMl8wIDU2OSAwIFIvVFQwIDU3MSAwIFIvVFQxIDU3MyAwIFIvVFQyIDU3NSAwIFIvVFQzIDU3NyAwIFIvVFQ0IDU3OSAwIFI+Pi9YT2JqZWN0PDwvSW0wIDU1OCAwIFI+Pj4+L1JvdGF0ZSAwL1N0cnVjdFBhcmVudHMgMC9UYWJzL1MvVHlwZS9QYWdlPj4NZW5kb2JqDTUzOCAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMTc0L0xlbmd0aCAxODcwL04gMjEvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN7EWG1PGzkQ/iv+WFTB+t27pypSEkobqRRK4Lg7xIeFbGHVkKBke5R/fzPjl+yGBFqku1M0sdcez4w945ln11jOODNWsAL+JRPaQKuYsBpazUSuoDVMOpy3TCkBrWPGIV/OnMTngjkFUhxnOa53ggmegwAHAo3CDkh0Flk0k4W0tF4JA0IdCHUCpxxThcCpnBnusAPTSsBTDtO51OwCDeXs5PLdu6xPw/CQDcbwOIbf6eN9lQ3mi0m1yM4Z7/XCwwXy8cvsYzbKTqrr5gKs21OwK23yPSMEk7nak1wz7cReoYrLbNwsvl83x+WimjVMZOPvVw3K/lTPvnkt/dls3vR6F9loOByUy2rCjPGmdYZksnY0Zl/L6RLsO8w+zxd35TQb9pnY49nRcZg5Oj5EXX0GyqtsfFguvwHrrPIa3/9oPoybsqmy65LWze/9ul4P5B/hPuvZzZvRBEyum8cd2OlNvWwWj2/6k/lVtQObuL+fVne4I05r+str2h7nJhuO9sdVAxYrOtJhef+xqm9uG+Y4z/Yrz7krJc8OpuXNkunsYD5rBoP5DzhcHGdCCEWyLmnqoLyrp49vxo93V/Ppjh+qp5UEFZpU4Mjn8q7KzgeDwdmXt57z8JQm4Pyr5vo2nhQOnXt7NNgzasppfd2f3UwrxsFX1d3vzBl/TMiK9i7q+2a+yP4I2zDc7xkdgyxPtOIBPC5B1Gj2dU4hT+cw2j+dfxjtH5b3WTzZbP8c98nXVNH1wDUxWGAtcqBVcmVbdn4hJL/Qll9eQvzgXQohstU0f/yTEk4Qppd071DR+9n1fAI+T5btfkzKUR/PTudnsxqYKma0P/VkRzcCVNFyuVVy5XLFbXA5jCaf7xpR0BwTUnMS0HH7EBx0tai7fjddv48PhqMvf74NrLuD+XTygu/dFt+DDc86XzvZdf4m1ek0z+tZf7as0/NBvVg2w9tyEU+g7XPnU9CnMrAIKVc+gGtMZrXcoIquG0DbpLldXkiJwbPpJw16W1Kc+B8kx/QfW+m66y24BpOlkQX4kzOd55DtsO+ARJKnpWI5JGWLc5hzlaR6oODQgAoDM1ABCqgPKNGgxHULdQEZHuRqTNXQGq4gt1uQ4MelRts0ZGvs5ZAmiEsFbiAFsaGKgintn1G304YsRimqcJfdgNW8HbC2E7AuBqxuByxcGpxjkOctCegE7Gl9Vy3Z5+qBnczvytnOKkxpBiZo/Hj86gSV8+djVOfdGH2q9yci9GlScrIboNKYDQG6Ho4OavD/SdJwgBoQgByxACfK4RnnRO7nkGgOYErkx1a61ZqXCHmJP8AdJA2psgBY46SEyHJE1AegYIylPhLZkBdpLg99pMiHa7GP83GuAPmxj+NkN9hA+wUohXZRH/iw327Tntu2h77bsO9oY/tMyL7QR5l0Mbm/oEaDPSasDWca+bDmdQT7AWPpAXePK2hHZrU67oSsD5JpIU4U6EpciK7FIzVeFfZlS33HZS0LEFJi5othEMfIZBzTIBt5Az+CTW1UMozGRTgWsyLdctE64UYpLGCjbUoyA21bT8dvt8vHA02u2UCoe9N4DId2WGwlXbx0NdbyrbTbAYLbCBCgCFC+DQBB2pcBgu0ChI9nn87GZ7FK/0tp17pu2l1T+kpUoNdQgeHPogLNn0MFmosVGoDEpLC+chXQAUa3hRZuT24JDfwMSSiHknAkVXCo9zlWcXzjwnQD8WuFaaEGiHGpvBZAfogBNFAOddtCOYUCzIwgVKKVr9o53BAt6V0xL2Bc+DGddCJuwL5GndIQEqEWRhU3+C5GzxIQjATYpI3vu8LzG+lCC9gB73mBd9A/a7DTof2YfPC+F2YLuuJbURcnPINElj6HP5ywrfsgzab7YOGNAucwf/Gn+KO/qMtpC3XQ8+uxRv78y5AoukEftb0OYdhXIQzTTbn/NcU0idCTUi5QTO2iaKVzGDO5ThU6pdew5iVK/Pg9JJJBBArx2YYXCW4gVMByjjUw5PEII/JYV2Cc1gW+tC
"deleted": false,
"disable_correlation": false,
"timestamp": "1538504215",
"to_ids": false,
"type": "attachment",
"uuid": "5bb3b617-5ba0-4774-9507-43fd02de0b81",
"value": "CIG Circular 66 - FASTCash Campaign.pdf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538504582",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bb3b786-b320-4be2-974a-4a7a02de0b81",
"value": "75.99.63.27"
},
{
"category": "Network activity",
"comment": "In addition to the analysis of the artifacts above, t he below IP addresses may be associated with the FASTCash Camp aign . 3 Mail servers in the compromised network made reverse proxy connections to these IPs but we do not have specific date and time stamps or other information to associate them with malicious activity :",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538505033",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bb3b949-b1f4-415d-b4d3-4c1402de0b81",
"value": "167.114.33.205"
},
{
"category": "Network activity",
"comment": "In addition to the analysis of the artifacts above, t he below IP addresses may be associated with the FASTCash Camp aign . 3 Mail servers in the compromised network made reverse proxy connections to these IPs but we do not have specific date and time stamps or other information to associate them with malicious activity :",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538505033",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bb3b949-a6bc-4572-9e21-486302de0b81",
"value": "180.235.133.108"
},
{
"category": "Network activity",
"comment": "In addition to the analysis of the artifacts above, t he below IP addresses may be associated with the FASTCash Camp aign . 3 Mail servers in the compromised network made reverse proxy connections to these IPs but we do not have specific date and time stamps or other information to associate them with malicious activity :",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538505034",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bb3b94a-2574-4243-bf26-40f902de0b81",
"value": "219.255.99.9"
}
],
"Object": [
{
"comment": "Themida\r\npacked 32\r\n-\r\nbit Windows executable designed to unpack itself and run a service \r\nproxy module in memory. The proxy module accepts command line parameters and is \r\ndesigned to modify the Windows Firewall on the compromised system to allow \r\nincoming connections an\r\nd function as a backdoor. The malware listens on a specified \r\nport for incoming traffic containing instructions to perform any of the following \r\nfunctions: r\r\netrieve system information; \r\nexecute command\r\ns; execute \r\nand terminate \r\nprocess\r\nes; \r\nsearch for files\r\n; read, write, and delete files\r\n; download and upload files\r\n; and, \r\ncompress and decompress files\r\n. ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504510",
"uuid": "5bb3b67c-f634-4e0b-9364-48a202de0b81",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5bb3b67c-f634-4e0b-9364-48a202de0b81",
"referenced_uuid": "5bb3b727-276c-4fd5-a23f-436d02de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "signed-by",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538504506",
"uuid": "5bb3b73a-ae98-4741-9f4a-4b3d02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504316",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b67c-b8d0-4a55-bd11-45d102de0b81",
"value": "5cfa1c2cb430bec721063e3e2d144feb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504317",
"to_ids": false,
"type": "text",
"uuid": "5bb3b67d-3584-4e9c-8963-436e02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "Themida packed 64\r\n-\r\nbit Windows executable with the same functionality as \r\n5cfa1c2cb430bec721063e3e2d144feb\r\n and is signed with a valid X509 certificate issues \r\nto \u00e2\u20ac\u0153A\r\n-Z Hire Ltd\u00e2\u20ac\u009d with serial number:",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504375",
"uuid": "5bb3b6b7-914c-4958-9c8b-4a0502de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504375",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b6b7-d25c-4b7c-8c9e-4e2b02de0b81",
"value": "4f67f3e4a7509af1b2b1c6180a03b3e4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504376",
"to_ids": false,
"type": "text",
"uuid": "5bb3b6b8-5ae4-45a2-aba0-491e02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "x509 object describing a X.509 certificate",
"meta-category": "network",
"name": "x509",
"template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
"template_version": "7",
"timestamp": "1538504487",
"uuid": "5bb3b727-276c-4fd5-a23f-436d02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "x509-fingerprint-md5",
"timestamp": "1538504487",
"to_ids": true,
"type": "x509-fingerprint-md5",
"uuid": "5bb3b727-0b84-428e-b85c-407702de0b81",
"value": "ecafe723703614e0a4fb5c2a8f7da018"
}
]
},
{
"comment": "32\r\n-\r\nbit Windows \r\nexecutable designed to execute as a service named \u00e2\u20ac\u0153helpsvcs\u00e2\u20ac\u009d. The \r\nmalware binds and listens on port 443 for incoming connections, providing remote \r\ncommand and control capabilities through this connection. The malware uses the RC4 \r\nencryption algorithm to en\r\ncrypt and decrypt a portion of its communications and has \r\nthe ability to exfiltrate data, install and run secondary payloads, and provided proxy \r\nservices on the compromised system. This malware can perform the following \r\nfunctions based on specified command\r\ns from a remote operator: retrieve system \r\ninformation\r\n; execute command\r\ns; execute \r\nand terminate process\r\nes; \r\nsearch for files\r\n; \r\nread, write, and delete files\r\n; download and upload files\r\n; compress and decompress \r\nfiles\r\n; and, change the listening port for Remove Desktop via registry modification.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504618",
"uuid": "5bb3b771-2540-4c8f-b659-4cfe02de0b81",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5bb3b771-2540-4c8f-b659-4cfe02de0b81",
"referenced_uuid": "5bb3b786-b320-4be2-974a-4a7a02de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538504615",
"uuid": "5bb3b7a7-a584-491a-ba54-482302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504561",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b771-b234-43b9-ab64-42be02de0b81",
"value": "d0a8e0b685c2ea775a74389973fc92ca"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504561",
"to_ids": false,
"type": "text",
"uuid": "5bb3b771-2118-456a-92e4-448602de0b81",
"value": "Malicious"
}
]
},
{
"comment": "Malicious 64\r\n-\r\nbit Windows Dynamic Link Library designed to runs as a Windows services \r\nunder \u00e2\u20ac\u0153svchost.exe\u00e2\u20ac\u009d and load an RC4 decrypted payload into memory. ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504773",
"uuid": "5bb3b845-fac4-4dbf-8471-4a5e02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504774",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b846-1b48-4d2b-b264-463502de0b81",
"value": "8efaabb7b1700686efedadb7949eba49"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504776",
"to_ids": false,
"type": "text",
"uuid": "5bb3b848-e21c-41e4-b3ec-4dcf02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "AIX\r\nexecutable intended for a proprietary UNIX operating system developed by IBM. \r\nThis\r\n application injects a library into a currently running process. ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504825",
"uuid": "5bb3b879-d6e4-4962-a53c-457e02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1538504826",
"to_ids": true,
"type": "filename",
"uuid": "5bb3b87a-6674-45e0-bb57-445c02de0b81",
"value": "Injection_API_executable_e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504827",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b87b-2fe8-4358-a13e-4c2f02de0b81",
"value": "b3efec620885e6cf5b60f72e66d908a9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504827",
"to_ids": false,
"type": "text",
"uuid": "5bb3b87b-7fb4-4863-b9a2-41d302de0b81",
"value": "Malicious"
}
]
},
{
"comment": "AIX executable, intended for a proprietary UNIX operating system developed by IBM\r\nand is designed to update a proprietary data structure on a\r\n UNIX system known as \r\n\"PVPA.\"",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504872",
"uuid": "5bb3b8a8-4274-400b-8c6b-4fb502de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1538504872",
"to_ids": true,
"type": "filename",
"uuid": "5bb3b8a8-6cd8-4d54-b880-4bd002de0b81",
"value": "inject_api"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504872",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b8a8-f4b8-49e4-b485-4e7a02de0b81",
"value": "58bb2236e5aee39760d3e4fc6ee94a79"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504873",
"to_ids": false,
"type": "text",
"uuid": "5bb3b8a9-8660-443a-aec8-4c2502de0b81",
"value": "Malicious"
}
]
},
{
"comment": "AIX executable, intended for a proprietary UNIX operating system developed by IBM. \r\nThis file is a library application \r\ndesigned to provide export functions. These functions \r\nallow an application to perform transactions on financial systems using the\r\n ISO\r\n 8583 \r\nstandard.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504922",
"uuid": "5bb3b8da-0df8-4186-aeaa-497602de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1538504922",
"to_ids": true,
"type": "filename",
"uuid": "5bb3b8da-6d04-444e-9591-49d502de0b81",
"value": "Lost_File1_so_file"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504922",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b8da-d958-4516-91f6-481b02de0b81",
"value": "d790997dd950bb39229dc5bd3c2047ff"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504923",
"to_ids": false,
"type": "text",
"uuid": "5bb3b8db-d988-4446-9077-469502de0b81",
"value": "Malicious"
}
]
},
{
"comment": "AIX executable, intended for a proprietary UNIX operating system developed by IBM. \r\nThe application provides several\r\n exported \r\nmethods permitting the interaction with \r\nfinancial systems that utilize the ISO\r\n 8583 standard.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538504964",
"uuid": "5bb3b904-7f40-4c7d-bc43-494f02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1538504964",
"to_ids": true,
"type": "filename",
"uuid": "5bb3b904-4fa8-417b-a116-44be02de0b81",
"value": "2.so"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538504964",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b904-cc78-4c9e-b03c-4e5302de0b81",
"value": "b66be2f7c046205b01453951c161e6cc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538504965",
"to_ids": false,
"type": "text",
"uuid": "5bb3b905-0344-45b6-ab83-4fbc02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "COFF executable, a format for executable, object code, and shared libraries used on\r\nUNIX\r\n systems. The executable provides several exported methods that enable \r\ninteractions with financial systems utilizing the ISO \r\n8583 \r\nstandard.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1538505003",
"uuid": "5bb3b92b-6c04-4ccd-ae7e-48e502de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1538505003",
"to_ids": true,
"type": "filename",
"uuid": "5bb3b92b-ca38-497f-9031-461702de0b81",
"value": "Lost_File.so"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505003",
"to_ids": true,
"type": "md5",
"uuid": "5bb3b92b-bfcc-40b6-8e2b-406c02de0b81",
"value": "46b318bbb72ee68c9d9183d78e79fb5a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538505003",
"to_ids": false,
"type": "text",
"uuid": "5bb3b92b-d988-460e-9e6f-431702de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1538505125",
"uuid": "dc4223ad-358d-4e78-adc2-5a96853cc541",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dc4223ad-358d-4e78-adc2-5a96853cc541",
"referenced_uuid": "dee7180d-629e-45d4-a5ac-7662d0324e21",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538505134",
"uuid": "5bb3b9af-0810-49c1-93ec-44ae02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505122",
"to_ids": true,
"type": "md5",
"uuid": "cf970f74-c682-43aa-87ce-4b4860e9d025",
"value": "b66be2f7c046205b01453951c161e6cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538505122",
"to_ids": true,
"type": "sha1",
"uuid": "0a26da24-088b-4846-839b-31fdb04c432e",
"value": "ec5784548ffb33055d224c184ab2393f47566c7a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538505123",
"to_ids": true,
"type": "sha256",
"uuid": "750264bb-1819-4c56-ab33-87093e6e92a4",
"value": "ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1538505123",
"uuid": "dee7180d-629e-45d4-a5ac-7662d0324e21",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1538505123",
"to_ids": false,
"type": "datetime",
"uuid": "97fe9519-6d0d-4b4e-9711-2a1d84060aef",
"value": "2017-11-15T12:57:52"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1538505124",
"to_ids": false,
"type": "link",
"uuid": "33b603b2-e14e-4f14-975e-5c0cad9d3597",
"value": "https://www.virustotal.com/file/ca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86c/analysis/1510750672/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1538505124",
"to_ids": false,
"type": "text",
"uuid": "aef16d9b-5ae9-467f-9a8d-2d746fd44b72",
"value": "0/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1538505127",
"uuid": "96b33272-dac7-42f2-8ea4-4c699d8361a3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "96b33272-dac7-42f2-8ea4-4c699d8361a3",
"referenced_uuid": "98df9145-7b26-40e6-b7d7-f0352dd331e5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538505135",
"uuid": "5bb3b9af-d244-43a4-bd89-444302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505124",
"to_ids": true,
"type": "md5",
"uuid": "453d4ef7-d21b-4937-8d19-9ccecd23073b",
"value": "46b318bbb72ee68c9d9183d78e79fb5a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538505125",
"to_ids": true,
"type": "sha1",
"uuid": "646da333-d6b6-4c39-9a9c-fd92ccb44cd7",
"value": "5375ad3746ce42a6f262f55c4f1f0d273fb69c54"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538505125",
"to_ids": true,
"type": "sha256",
"uuid": "73b484f0-84f0-47ee-aa9c-293f9e8a8564",
"value": "10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1538505126",
"uuid": "98df9145-7b26-40e6-b7d7-f0352dd331e5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1538505126",
"to_ids": false,
"type": "datetime",
"uuid": "c46d73ba-b8b1-48a2-84cc-5b31bb2ae61f",
"value": "2018-10-01T18:10:22"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1538505126",
"to_ids": false,
"type": "link",
"uuid": "78d2846f-b7b8-4cb7-883c-eb8c6cbbd6e2",
"value": "https://www.virustotal.com/file/10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba/analysis/1538417422/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1538505127",
"to_ids": false,
"type": "text",
"uuid": "f81acdf2-8862-471a-86ad-96fedc156030",
"value": "0/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1538505130",
"uuid": "ce96db4c-7e5a-4b24-afec-83f8428772a5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ce96db4c-7e5a-4b24-afec-83f8428772a5",
"referenced_uuid": "ad0d0fc0-5058-4ba7-9138-5128409e0e0d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538505135",
"uuid": "5bb3b9af-8cb8-4255-ad95-413502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505127",
"to_ids": true,
"type": "md5",
"uuid": "c72e7c04-a458-4217-9a9f-6b03a6eecb35",
"value": "8efaabb7b1700686efedadb7949eba49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538505127",
"to_ids": true,
"type": "sha1",
"uuid": "36be672c-45b8-4832-8360-d5e6da41a87f",
"value": "7b17d63694eee51010bcad143bc72e355e17cb50"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538505128",
"to_ids": true,
"type": "sha256",
"uuid": "bef8d2fb-b9d2-46f8-aa62-76c182362b71",
"value": "a9bc09a17d55fc790568ac864e3885434a43c33834551e027adb1896a463aafc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1538505128",
"uuid": "ad0d0fc0-5058-4ba7-9138-5128409e0e0d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1538505128",
"to_ids": false,
"type": "datetime",
"uuid": "2bf73c7b-221d-4d4d-97b8-6a9a884b33e6",
"value": "2018-09-05T03:11:47"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1538505129",
"to_ids": false,
"type": "link",
"uuid": "279cf9ad-5611-4cd0-8e89-c8871950c187",
"value": "https://www.virustotal.com/file/a9bc09a17d55fc790568ac864e3885434a43c33834551e027adb1896a463aafc/analysis/1536117107/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1538505129",
"to_ids": false,
"type": "text",
"uuid": "5b2ebb6f-dd62-405f-b4d2-b3dfe7303c9f",
"value": "34/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1538505132",
"uuid": "10851b56-6ec9-4eef-825e-543c2bdc30c8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "10851b56-6ec9-4eef-825e-543c2bdc30c8",
"referenced_uuid": "e756ef0d-4237-40bf-912d-765fdde949c2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538505135",
"uuid": "5bb3b9af-9c0c-40fd-bb92-477402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505129",
"to_ids": true,
"type": "md5",
"uuid": "5805d9c4-adb2-4a9e-b85c-793cd420abb8",
"value": "5cfa1c2cb430bec721063e3e2d144feb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538505130",
"to_ids": true,
"type": "sha1",
"uuid": "fc50fe00-ba96-47c9-8292-82f351ed7e3c",
"value": "c1a9044f180dc7d0c87e256c4b9356463f2cb7c6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538505130",
"to_ids": true,
"type": "sha256",
"uuid": "0fab4c4f-b7f9-4b33-9638-d028cd587a76",
"value": "820ca1903a30516263d630c7c08f2b95f7b65dffceb21129c51c9e21cf9551c6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1538505131",
"uuid": "e756ef0d-4237-40bf-912d-765fdde949c2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1538505131",
"to_ids": false,
"type": "datetime",
"uuid": "8b285a5a-1f7a-4592-9f4c-fe81f31b0138",
"value": "2018-09-28T04:05:30"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1538505131",
"to_ids": false,
"type": "link",
"uuid": "a5725421-131c-4e35-9a87-6b654c71a416",
"value": "https://www.virustotal.com/file/820ca1903a30516263d630c7c08f2b95f7b65dffceb21129c51c9e21cf9551c6/analysis/1538107530/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1538505132",
"to_ids": false,
"type": "text",
"uuid": "9d7ecb97-c890-40c8-89e3-00baf51a40b8",
"value": "41/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1538505135",
"uuid": "413d8d43-fceb-4e3a-b94c-711ae4a2baaf",
"ObjectReference": [
{
"comment": "",
"object_uuid": "413d8d43-fceb-4e3a-b94c-711ae4a2baaf",
"referenced_uuid": "d31ed776-eddf-4bfa-93c3-3fe3531239ef",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1538505135",
"uuid": "5bb3b9af-24b8-484b-a3ab-438502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538505132",
"to_ids": true,
"type": "md5",
"uuid": "cbdd4aa9-53e3-43ac-8658-1eacd2001419",
"value": "4f67f3e4a7509af1b2b1c6180a03b3e4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538505132",
"to_ids": true,
"type": "sha1",
"uuid": "bf0829ac-7208-4c2c-8d28-933db24ce190",
"value": "1c9a437ed876a0ce0e5374bd93acdfd9e9023f1f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538505133",
"to_ids": true,
"type": "sha256",
"uuid": "fa9829a5-e50b-4db0-974d-c51c8450ed23",
"value": "4a740227eeb82c20286d9c112ef95f0c1380d0e90ffb39fc75c8456db4f60756"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1538505133",
"uuid": "d31ed776-eddf-4bfa-93c3-3fe3531239ef",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1538505133",
"to_ids": false,
"type": "datetime",
"uuid": "538d9de4-f10c-4b3f-b314-091a78c1aef0",
"value": "2018-09-28T04:06:38"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1538505134",
"to_ids": false,
"type": "link",
"uuid": "a0497fc0-f81d-4369-a48b-eed85e2b8721",
"value": "https://www.virustotal.com/file/4a740227eeb82c20286d9c112ef95f0c1380d0e90ffb39fc75c8456db4f60756/analysis/1538107598/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1538505134",
"to_ids": false,
"type": "text",
"uuid": "ba794a1f-cdc7-43c8-ae9f-56704a3e61b7",
"value": "36/69"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink