{ "Event": { "analysis": "0", "date": "2019-01-23", "extends_uuid": "", "info": "2019-01-22: Emotet->TrickBot", "publish_timestamp": "1589183543", "published": true, "threat_level_id": "2", "timestamp": "1621849996", "uuid": "5c47f54e-1cf4-48d1-b188-245768f8e8cf", "Orgc": { "name": "VK-Intel", "uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf" }, "Tag": [ { "colour": "#cdce6a", "local": false, "name": "Banker: TrickBot", "relationship_type": "" }, { "colour": "#3e9874", "local": false, "name": "Version: 1057", "relationship_type": "" }, { "colour": "#54cc21", "local": false, "name": "core-parser.dll", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"Trick Bot\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:banker=\"Trickbot\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"Emotet\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1548219726", "to_ids": true, "type": "md5", "uuid": "5c47f54e-b264-446a-84d4-245768f8e8cf", "value": "e6aab38ff1d7cf9edd1f9279875248fa" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1548586998", "to_ids": false, "type": "link", "uuid": "5c4d8fac-8190-44f5-9bf5-4abc02de0b81", "value": "https://www.virustotal.com/en/file/8e4cc0539b4921b0222081a0948bd149f10a027f73983e9ade36d4045f69921f/analysis/1548422859/", "Tag": [ { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1548586997", "to_ids": false, "type": "link", "uuid": "5c4d8fbf-a68c-4cd8-86ac-438702de0b81", "value": "https://github.com/k-vitali/TrickBot-share/blob/master/2019-01-22-TrickBot-banker-client-1057_misp.json", "Tag": [ { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1548219813", "uuid": "3ffca240-fd85-4f51-910b-ad6932f4c23a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1548220136", "to_ids": true, "type": "filename", "uuid": "52a4c62d-7611-4292-aa17-a08aec09d88b", "value": "2019-01-22-trickbot-loader.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1548219813", "to_ids": false, "type": "size-in-bytes", "uuid": "1c2008c7-f570-472a-8d82-e1be1eb79668", "value": "232960" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "entropy", "timestamp": "1548219813", "to_ids": false, "type": "float", "uuid": "c41cb7c1-e73e-4703-a44d-51a2a8fed74a", "value": "7.682967694857" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548219813", "to_ids": true, "type": "md5", "uuid": "85af8158-feb3-4e64-bf7e-3bdc60ce2cb5", "value": "e6aab38ff1d7cf9edd1f9279875248fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548219813", "to_ids": true, "type": "sha1", "uuid": "e26bbbcf-5096-497b-b326-967ef6ab312a", "value": "fba09f81056ab943bb90e1500cb1d1317ae2e36e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548219813", "to_ids": true, "type": "sha256", "uuid": "76d3e61f-90d5-4fed-b56c-8d6d4805ee31", "value": "8e4cc0539b4921b0222081a0948bd149f10a027f73983e9ade36d4045f69921f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha512", "timestamp": "1548219813", "to_ids": true, "type": "sha512", "uuid": "360df383-e053-49ae-b65d-20e693032e6c", "value": "5e17b9ac8e65b072249d7aa40fceac7f169fd43ce26b2a590dbc124a7257a4a19bd68df9551643a666c8837ce1f38d40b27bf39eba5ebfadb2986e661bfc652e" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1548219850", "uuid": "d135cc85-6672-4e0e-be10-90e91b894a9f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1548220126", "to_ids": true, "type": "filename", "uuid": "aa47ca0c-52d3-4f33-a7af-2f2cc3d7b58b", "value": "core-parser.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1548219850", "to_ids": false, "type": "size-in-bytes", "uuid": "0201b616-8acf-4c84-a906-318966f19bf5", "value": "217600" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "entropy", "timestamp": "1548219850", "to_ids": false, "type": "float", "uuid": "20fbbad7-bc95-499d-99fc-e1572f0d4681", "value": "6.5165485023488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548219850", "to_ids": true, "type": "md5", "uuid": "a68ad5bc-3ea3-41d3-b406-cf7879db34be", "value": "4d0c97d8315be2c87c5b9ec855cad88d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548219850", "to_ids": true, "type": "sha1", "uuid": "c284d6a7-6431-44cb-a08d-acb268b52bbb", "value": "fb5d538084489a7b7b4c9be80cd221b338c6b39c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548219850", "to_ids": true, "type": "sha256", "uuid": "0351e2ee-4691-4691-8cbf-02e89487707b", "value": "40bbc0b76af2a2130c3ceaba8a2f1fa255bbbef138e2f37c995ee32c6bcccbf8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha512", "timestamp": "1548219850", "to_ids": true, "type": "sha512", "uuid": "fbc17eeb-7a25-444e-abdb-6b7d179cd6a3", "value": "b19d95f067e2adeda48554d33397ae16c296db6a4cf9eb66c7abb13ddd964d3c5a83cc7e6074168f512aeb8b64338d7c5cef93a629c8592d4b7ebb731d252d05" } ] } ] } }