misp-circl-feed/feeds/circl/misp/5d00a18b-fa28-4f72-bd72-4e6a950d210f.json

463 lines
539 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2019-06-12",
"extends_uuid": "",
"info": "OSINT - ThreatHunting/India/",
"publish_timestamp": "1560343443",
"published": true,
"threat_level_id": "3",
"timestamp": "1560343433",
"uuid": "5d00a18b-fa28-4f72-bd72-4e6a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560322636",
"to_ids": false,
"type": "link",
"uuid": "5d00a24c-d1c4-4149-84e4-beec950d210f",
"value": "https://github.com/jacobsoo/ThreatHunting/blob/master/India/d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c.md"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560323091",
"to_ids": false,
"type": "text",
"uuid": "5d00a413-fec0-4693-9d9f-7f9e950d210f",
"value": "The document seems to be targeting attendees to Islamic Microfinance Forum"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAAB0AAAAOxCAYAAABsdLR8AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAGdYAABnWARjRyu0AAP+lSURBVHhe7N35fxR1nvjxzn2fhCPch4joeM3ojOio431DIGcn6SRExdlxd2fn+O7Ozo474xzOoTOo44EHKh4oZ4BASAIBwhEgQIC/6P19v6tTpPzYUt1sRxt4/fB8VN7vVL27qj5VTTfvVFVk3Xsb5O13PpQ3162XN95eL/988z15/Y13Pa+98c5XvGr+ue5L1r4e8NrbAAAAAAAAAAAAAPCtiLy17gOv8fnGW+97Tc8LDU1/ptff/lKT89Vxlg8WWvvaW3GvTvjHq2/K39e+Kf8ISDVOlPs2akxGzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVzpqJkJNSajZqJcJtRMlMuEmolyl1LDlY6amVBjMmomymVCzUS5TKiZKHcpNVyp1Ij4V33a1Z1+49NmeGXtGx5rYnrNztfHG5zqVW+qeWO/H/ePV3V+XWbtuL8HWN6mVjMYu78PxsnMY9OL1UxHDTdOtsZkr1cw58Z+zqbp2DY3Zr0uXsONk10vP5coTsd6uTUme72COTf2czZNx7a5Met18RpunOx6+blEcTrWy60x2esVzLmxn7NpOrbNjVmvi9dw42TXy88litOxXm6NyV6vYM6N/ZxN07Ftbsx6XbyGGye7Xn4uUZyO9XJrTPZ6BXNu7Odsmo5tc2PW6+I13DjZ9fJzieJ0rJdbY7LXK5hzYz9n03RsmxuzXhev4cbJrpefSxSnY73Y51+t4cZ+zqasV/pquPFk1nDjy32fu7Gfsynrlb4abjyZNdz4ct/nbuznbMp6pa+GG09mDTe+3Pe5G/s5m7Je6avhxpNZw40v933uxn7OpherEfFveWtXef7zzXflnfc/kvUffSrrP/zE88GGT2XDxxvlo48/k482fCYbAj7S35kN49MPx8Xzn8iHH+nyyqb+z8E4US7VOJl5ko2TmSfZOJl5wuJk5kk1TmaesDiZeVKNk5knLE5mnlTjZOYJi5OZJ9k4mXmSjZOZJyxOZp5U42TmCYuTmSfVOJl5wuJk5kk1TmaesDiZeZKNk5kn2TiZecLiZOZJNU5mnrA4mXlSjZOZJyxOZp5U42TmCYuTmSfZOJl5ko2TmScsTmaeVONk5gmLk5kn1TiZecLiZOZJNU5mnrA4mXmSjZOZJ9k4mXnC4mTmSTVOZp6wOJl5Uo2TmScsTmaeVONk5gmLk5kn2TiZeZKNk5knLE5mnlTjZOYJi5OZJ9U4mXnC4mTmSTVOZp6wOJl5ko2TmSfZOJl5wuJk5kk1TmaesDiZeVKNk5knLE5mnlTjZOYJi5OZJ9k4mXmSjZOZJyxOZp5U42TmCYuTmSfVOJl5wuJk5kk1TmaesDiZeZKNk5kn2TiZecLiZOZJNU5mnrA4mXlSjZOZJyxOZp5U42TmCYuTmSfZOJl5ko2TmScsTmaeVONk5gmLk5kn1TiZecLiZOZJNU5mnrA4mXmSjZOZJ9k4mXnC4mTmSTVOZp6wOJl5Uo3dXCT4rM933t8g23f0ytChYRk6GHdAfz44POGQz/Lj7Odg7Ods6i0fEBYn8nXLJPsaiYQt83+pkanrlWycKHcpNVzpqJmOGq7JrMExmliqNRLVTEcNVzpqpqOGazJrcIwmlmqNRDXTUcOVjprpqOGazBoco4mlWiNRzXTUcKWjZjpquCazBsdoYqnWSFQzHTVc6aiZjhquyazBMZpYqjUS1UxHDVc6aqajhmsya3CMJpZqjUQ101HDlY6a6ajhmswaHKOJpVojUc101HClo2Y6argmswbHaGKp1khUMx01XOmomY4arsmswTGaWKo1EtVMRw1XOmqmo4ZrMmtwjCaWao1ENdNRw5VKjYg1Pu3qT5uu//BTGdh/QM6ePy9j5+Ls53MB5wPcXFjs58LiYM6N/VxYHMyFxX4uLA7m3NjPhcXBnBv7ubA4mAuL/VxYHMy5sZ8Li4O5sNjPhcXBnBv7ubA4mAuL/VxYHMy5sZ8Li4O5sNjPhcXBnBv7ubA4mHNjPxcWB3NhsZ8Li4M5N/ZzYXEwFxb7ubA4mHNjPxcWB3NhsZ8Li4M5N/ZzYXEwFxb7ubA4mHNjPxcWB3Nu7OfC4mAuLPZzYXEw58Z+LiwO5sJiPxcWB3Nu7OfC4mAuLPZzYXEw58Z+LiwO5sJiPxcWB3Nu7OfC4mDOjf1cWBzMhcV+LiwO5tzYz4XFwVxY7OfC4mDOjf1cWBzMhcV+LiwO5tzYz4XFwVxY7OfC4mDOjf1cWBzMubGfC4uDubDYz4XFwZwb+7mwOJgLi/1cWBzMubGfC4uDubDYz4XFwZwb+7mwOJgLi/1cWBzMubGfC4uDOTf2c2FxMBcW+7mwOJhzYz8XFgdzYbGfC4uDOTf2c2FxMBcW+7mwOJhzYz8XFgdzYbGfC4uDOTf2c2FxMOfGfi4sDubCYj8XFgdzbuznwuJgLiz2c2FxMOfGfi4sDubCYj8XFgdzbuznwuJgLiz2c2FxMOfGfi4sDubc2M+FxcFcWOznwuJgzo39XFgczIXFfi4sDubc2M+FxcFcWOznwuJgzo39XFgczIXFfi4sDubc2M+FxcGcG/u5sDiYC4v9XFgczLmxnwuLg7mw2M+FxcGcG/u5sDiYC4v9XFgczLmxnwuLg7mw2M+FxcGcG/u5sDiYc2M/FxYHc2GxnwuLgzk39nNhcTAXFvu5sDiYc2M/FxYHc2GxnwuLgzk39nNhcTAXFvu5sDiYc2M/FxYHc27s58LiYC4s9nNhcTDnxn4uLA7mwmI/93VxxJqfEw3QT2Rg/9BXGqDBhQEAAAAAAAAAAAAgU3kN0LWvx5ug739AAxQAAAAAAAAAAADA5Suy9rV1sva1t2mAAgAAAAAAAAAAALjsRf7x6lti7CrQ99Z/LP37aIACAAAAAAAAAAAAuDxF/r72TTF2Feh76zfQAAUAAAAAAAAAAABw2Yq8svYNMXYV6Ls0QAEAAAAAAAAAAABcxiIv//2fYuwq0Hfe3yD9g0MXmp80QAEAAAAAAAAAAABcTiJ/e+V1MXYV6Lr3PpK9AzRAAQAAAAAAAAAAAFyeIn99+TUxL//jDVn37oeyd2A/DVAAAAAAAAAAAAAAl6XIX15+VYzdBpcGKAAAAAAAAAAAAIDLWeTPf1srxm6D+/Y7H0hfPw1QAAAAAAAAAAAAAJenyEt/jTdA7Ta4fgP0zFkaoAAAAAAAAAAAAAAuP5GX/vIPsSaoNUDfWrde+vr3eQ1Qvwl6ViVaEAAAAAAAAAAAAAAyTeRPf/671wC154B+pQGqaIACAAAAAAAAAAAAuFxE/vjSK2JXgQZvgevf/pYrQAEAAAAAAAAAAABcTiJ/eOllsatA//bK67LuvQ+lf3C/99zPoEQLAgAAAAAAAAAAAECmifz+T8EG6EdfaYCeG58RAAAAAAAAAAAAADJd5Pd//JvYbXDtFriJrgClAQoAAAAAAAAAAADgchF5kQYoAAAAAAAAAAAAgCvExRug5+LTRAsCAAAAAAAAAAAAQKb5cgP03YkG6Ni5OBqgAAAAAAAAAAAAAC4XXgP0Dy+9TAMUAAAAAAAAAAAAwGUv8uIf/uo1QP/y8quy7t0PZO8ADVAAAAAAAAAAAAAAl6cvNUDffidBA1QlWhAAAAAAAAAAAAAAMs2FBuif/7b2Kw3QM2dpgAIAAAAAAAAAAAC4fHgN0N//iQYoAAAAAAAAAAAAgMtf5He//wsNUAAAAAAAAAAAAABXBKcBul72DuzzGqBnaIACAAAAAA
"deleted": false,
"disable_correlation": false,
"timestamp": "1560323145",
"to_ids": false,
"type": "attachment",
"uuid": "5d00a449-d428-48a1-801a-9d26950d210f",
"value": "d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c_0001.png"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560325703",
"to_ids": true,
"type": "url",
"uuid": "5d00ae11-0b5c-41ac-9833-4916950d210f",
"value": "http://185.82.202.240/ttryeJte76.php",
"Tag": [
{
"colour": "#e200a3",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560323064",
"uuid": "5d00a3f8-9638-4961-8a3d-7f9f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560323065",
"to_ids": true,
"type": "filename",
"uuid": "5d00a3f9-b264-4454-85b6-7f9f950d210f",
"value": "IMF Registration Form.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560323065",
"to_ids": true,
"type": "sha256",
"uuid": "5d00a3f9-7a98-40d4-a407-7f9f950d210f",
"value": "d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560325625",
"uuid": "5d00ab99-cac0-4996-88c5-45f2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560325625",
"to_ids": true,
"type": "filename",
"uuid": "5d00ab99-ad6c-4ae0-872f-49f6950d210f",
"value": "pKio.vbE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1560325625",
"to_ids": false,
"type": "text",
"uuid": "5d00ab99-2e7c-42c6-b359-4c48950d210f",
"value": "C:\\Users<username>\\AppData\\Roaming\\MicroSoft\\winDowS\\StArt mEnU\\pRogRaMS\\StaRtuP\\pKio.vbE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1560325625",
"to_ids": false,
"type": "text",
"uuid": "5d00ab99-621c-40f3-aab0-4029950d210f",
"value": "C:\\Users<username>\\AppData\\Roaming\\MicroSoft\\winDowS\\StArt mEnU\\pRogRaMS\\StaRtuP\\"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560325625",
"to_ids": true,
"type": "sha256",
"uuid": "5d00adf9-21c0-4324-be89-4f2c950d210f",
"value": "d26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560325217",
"uuid": "5d00ac61-6384-430f-9a79-7f59950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560325218",
"to_ids": true,
"type": "filename",
"uuid": "5d00ac62-61b8-445d-a14b-7f59950d210f",
"value": "p0pc0rn.tx"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1560325218",
"to_ids": false,
"type": "text",
"uuid": "5d00ac62-c354-4a0b-a045-7f59950d210f",
"value": "C:<username>\\Public\\p0pc0rn.tx"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1560325218",
"to_ids": false,
"type": "text",
"uuid": "5d00ac62-c804-4ab5-ad57-7f59950d210f",
"value": "C:<username>\\Public\\"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560343393",
"uuid": "de24d809-f7d2-43cb-834f-4cfdc17da71b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "de24d809-f7d2-43cb-834f-4cfdc17da71b",
"referenced_uuid": "8a7bf1e7-288c-4392-8334-d291846cd5df",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1560343393",
"uuid": "5d00f361-1700-409d-ae6c-45bd950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560323065",
"to_ids": true,
"type": "md5",
"uuid": "e8f2dac7-8fe4-4bf9-ae57-2e76776996ca",
"value": "3eb23bc84083e252549e47dbd65b1f8f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560323065",
"to_ids": true,
"type": "sha1",
"uuid": "c8dcb208-5bb8-41e9-91a2-4301cb4d1cb9",
"value": "8ffdd130ec61f31e04d29a87500f52e44236ee9c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560323065",
"to_ids": true,
"type": "sha256",
"uuid": "9f3e5629-ee23-4aed-934c-ed844d0d4101",
"value": "d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1560343393",
"uuid": "8a7bf1e7-288c-4392-8334-d291846cd5df",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1560323065",
"to_ids": false,
"type": "datetime",
"uuid": "d0f112fa-759b-4981-9f85-7114d0d4f9c4",
"value": "2019-06-12T01:59:03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1560323065",
"to_ids": false,
"type": "link",
"uuid": "0aedafa8-c70b-4b43-b904-02dbc336f702",
"value": "https://www.virustotal.com/file/d9bcf4c4d0e546333c43d367ffa9e442008e4c25c02e1a649fe731e3f722c19c/analysis/1560304743/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1560323065",
"to_ids": false,
"type": "text",
"uuid": "a334e3d0-99df-495a-9c08-6687e7eb56e9",
"value": "4/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560343393",
"uuid": "f961a3dc-041c-4443-b6d2-5777e128b264",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f961a3dc-041c-4443-b6d2-5777e128b264",
"referenced_uuid": "77f080dd-8ce0-4570-8bb4-cfd5cb678dbd",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1560343393",
"uuid": "5d00f361-f338-4bc3-9d14-42ec950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560325625",
"to_ids": true,
"type": "md5",
"uuid": "ca936a7a-3eca-481c-b9fe-107ccd773225",
"value": "d7b0eb2f80f415b3171651903ae74a03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560325625",
"to_ids": true,
"type": "sha1",
"uuid": "150dd5a3-f58f-4acb-9188-543bc5f805bd",
"value": "bf4fa31705bc0c9bad70def01f8fd3075046ef79"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560325625",
"to_ids": true,
"type": "sha256",
"uuid": "36ee1eb6-05ff-4609-8c8f-4981f8fae3cf",
"value": "d26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1560343393",
"uuid": "77f080dd-8ce0-4570-8bb4-cfd5cb678dbd",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1560325625",
"to_ids": false,
"type": "datetime",
"uuid": "2363404d-5f20-48f0-a0f2-dd6db63724b5",
"value": "2019-06-12T06:58:55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1560325625",
"to_ids": false,
"type": "link",
"uuid": "cef83eae-b455-4246-b57c-b95dc50228d5",
"value": "https://www.virustotal.com/file/d26333ce8c760e3122c1537ace5b4c9d28bfb71989601e5267a5a499356bbd53/analysis/1560322735/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1560325625",
"to_ids": false,
"type": "text",
"uuid": "09abaac7-4564-46bb-9fe7-bffb8f6ee976",
"value": "6/57"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}