{ "Event": { "analysis": "0", "date": "2019-02-16", "extends_uuid": "", "info": "Fake amf-fr.org website delivering malicious Word document and binaries", "publish_timestamp": "1550352334", "published": true, "threat_level_id": "3", "timestamp": "1550352213", "uuid": "5c687cb3-08c4-46d3-9981-093702de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"", "relationship_type": "" }, { "colour": "#6bd600", "local": false, "name": "circl:topic=\"finance\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "Warning issued", "deleted": false, "disable_correlation": false, "timestamp": "1550351584", "to_ids": false, "type": "link", "uuid": "5c687ce0-c8a8-403a-8182-0a7902de0b81", "value": "https://www.amf-france.org/en_US/Actualites/Communiques-de-presse/AMF/annee-2018?docId=workspace%3A%2F%2FSpacesStore%2F3d58f35b-f448-438e-9923-cd6e8e903fc0" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351605", "to_ids": true, "type": "ip-dst", "uuid": "5c687cf5-6ed8-4a61-b92f-444d02de0b81", "value": "51.38.150.171" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-6974-4753-90ef-4ca302de0b81", "value": "http://amf-fr.org/d1.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-df04-49a6-bd7d-4de102de0b81", "value": "http://amf-fr.org/files/litigations/complaint-96.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-b928-4705-aa8e-4c1e02de0b81", "value": "http://amf-fr.org/litigations/complaint-201.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-7354-4f21-940d-4eb402de0b81", "value": "http://amf-fr.org/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-0670-42ad-b4ba-4a1d02de0b81", "value": "http://www.amf-fr.org/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-60e8-40ad-bba5-419602de0b81", "value": "https://amf-fr.org/files/litigations/complaint-96.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-b814-49f9-a110-488102de0b81", "value": "https://amf-fr.org/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-1480-41fb-9406-437002de0b81", "value": "https://www.amf-fr.org/documents/document-a1657.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-f0cc-4229-87cc-49ec02de0b81", "value": "https://www.amf-fr.org/litigations/compliant-201.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351676", "to_ids": true, "type": "url", "uuid": "5c687d3c-89e8-4e4e-a36d-4f9f02de0b81", "value": "https://www.amf-fr.org/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351743", "to_ids": true, "type": "md5", "uuid": "5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81", "value": "efbcffc10763a287bdedfb6e892ae20c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351744", "to_ids": true, "type": "sha1", "uuid": "5c687d80-4cc0-4ca7-875e-44a702de0b81", "value": "0dfe75a01e525bc599dff0c17204129b7ac3a437" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351744", "to_ids": true, "type": "sha256", "uuid": "5c687d80-c348-4494-8fc8-4d1502de0b81", "value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351799", "to_ids": true, "type": "sha256", "uuid": "5c687db7-0758-4215-ac9f-0a7902de0b81", "value": "49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351799", "to_ids": true, "type": "sha256", "uuid": "5c687db7-abdc-465d-b2a1-0a7902de0b81", "value": "d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1550351799", "to_ids": true, "type": "sha256", "uuid": "5c687db7-b9e0-4080-a8e6-0a7902de0b81", "value": "1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1550352087", "uuid": "06d5a45f-c38b-432c-b5ed-ae6d4678d1b3", "ObjectReference": [ { "comment": "", "object_uuid": "06d5a45f-c38b-432c-b5ed-ae6d4678d1b3", "referenced_uuid": "4727229f-b670-4858-96fd-767498563eb3", "relationship_type": "analysed-with", "timestamp": "1550352088", "uuid": "5c687ed8-c534-48b5-987d-41de02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1550352087", "to_ids": true, "type": "md5", "uuid": "b87d66f4-c54c-4ec5-bade-dba4cc919c24", "value": "efbcffc10763a287bdedfb6e892ae20c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1550352087", "to_ids": true, "type": "sha1", "uuid": "74c5d71e-542d-4e1f-bc3e-610ee428c2e1", "value": "0dfe75a01e525bc599dff0c17204129b7ac3a437" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1550352087", "to_ids": true, "type": "sha256", "uuid": "4ee3d5a5-a7b8-4b6a-8628-fcf26d7a7ad8", "value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1550352087", "uuid": "4727229f-b670-4858-96fd-767498563eb3", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1550352087", "to_ids": false, "type": "datetime", "uuid": "9855c53c-9fa6-4ddc-8d31-1289c1de6275", "value": "2019-02-15T11:14:58" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1550352087", "to_ids": false, "type": "link", "uuid": "75ebbd07-bb66-4db7-af0b-5b506c6c3a3b", "value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1550352087", "to_ids": false, "type": "text", "uuid": "1c675ba2-05ca-4790-82bd-bdd2049c0914", "value": "33/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1550352087", "uuid": "eed1fbf3-e607-459f-acaa-2c6e95ed0b35", "ObjectReference": [ { "comment": "", "object_uuid": "eed1fbf3-e607-459f-acaa-2c6e95ed0b35", "referenced_uuid": "dce07551-b2f6-465f-8974-3641d201f213", "relationship_type": "analysed-with", "timestamp": "1550352088", "uuid": "5c687ed8-7c84-4037-9a6f-435602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1550352087", "to_ids": true, "type": "md5", "uuid": "b03d3ee3-4ab2-4f95-b711-7af5638698bd", "value": "28202ac7689aaef894840c773b7e1e56" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1550352087", "to_ids": true, "type": "sha1", "uuid": "d327283e-a12a-43ae-89cc-489fbad5424f", "value": "b0f4377953f59ba0d5b295861e2ab7fc5c6d03de" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1550352087", "to_ids": true, "type": "sha256", "uuid": "50893ddf-96e2-4497-a719-854b843b8d84", "value": "49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1550352087", "uuid": "dce07551-b2f6-465f-8974-3641d201f213", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1550352087", "to_ids": false, "type": "datetime", "uuid": "f9a9b973-ba12-4fc6-afff-200d07e7e703", "value": "2019-02-14T09:56:32" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1550352087", "to_ids": false, "type": "link", "uuid": "5e41e640-8995-4536-ab09-da2fc06c37b5", "value": "https://www.virustotal.com/file/49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0/analysis/1550138192/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1550352087", "to_ids": false, "type": "text", "uuid": "455f9992-cfd2-43bc-a839-a9072fcaafc3", "value": "0/54" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1550352087", "uuid": "87116905-ee45-4287-a160-b0a4394d7a72", "ObjectReference": [ { "comment": "", "object_uuid": "87116905-ee45-4287-a160-b0a4394d7a72", "referenced_uuid": "41e5f71c-fa1c-4134-b00b-02000993764b", "relationship_type": "analysed-with", "timestamp": "1550352088", "uuid": "5c687ed8-0740-4293-a310-4bca02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1550352088", "to_ids": true, "type": "md5", "uuid": "484684d4-9bb6-405b-a851-e2f82e95353f", "value": "11df89bd965bbd85bed31b90f1481312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1550352088", "to_ids": true, "type": "sha1", "uuid": "38d05afb-c34a-46df-b841-5bbae3c49555", "value": "79ee5019cebead10c6527e2531e7b0ee69322405" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1550352088", "to_ids": true, "type": "sha256", "uuid": "184a57fe-d9c3-4d20-bfd5-82ce76f71327", "value": "1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1550352088", "uuid": "41e5f71c-fa1c-4134-b00b-02000993764b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1550352088", "to_ids": false, "type": "datetime", "uuid": "5e121da8-35b8-43a9-a3c5-7e8775bcff8a", "value": "2018-11-29T14:41:31" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1550352088", "to_ids": false, "type": "link", "uuid": "b2067c10-5f14-4cf3-9588-c5027f9c3a62", "value": "https://www.virustotal.com/file/1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a/analysis/1543502491/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1550352088", "to_ids": false, "type": "text", "uuid": "a15b1066-3af7-4989-a398-7b6615d82931", "value": "0/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1550352088", "uuid": "fcef97bb-467e-4d5c-962b-9f328dc1f3e9", "ObjectReference": [ { "comment": "", "object_uuid": "fcef97bb-467e-4d5c-962b-9f328dc1f3e9", "referenced_uuid": "3128ae45-b4ce-4757-8b61-047167aed701", "relationship_type": "analysed-with", "timestamp": "1550352088", "uuid": "5c687ed8-c000-4810-98d3-427802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1550352088", "to_ids": true, "type": "md5", "uuid": "244cf256-4250-4a0e-8be0-b128c471999e", "value": "8ec83dba30c4f4d014899fbcc9a78171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1550352088", "to_ids": true, "type": "sha1", "uuid": "94fb8269-2e6a-40bd-9d8a-4c7d9267bc3d", "value": "96a942174c55f5f3ab7236eb7e3ac549b67c88db" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1550352088", "to_ids": true, "type": "sha256", "uuid": "504edc20-740b-47ca-bc2e-6f051d7973b4", "value": "d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1550352088", "uuid": "3128ae45-b4ce-4757-8b61-047167aed701", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1550352088", "to_ids": false, "type": "datetime", "uuid": "4930b271-4207-4c55-98ee-b2ad7aad0333", "value": "2018-11-30T10:14:04" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1550352088", "to_ids": false, "type": "link", "uuid": "69e9a82f-bfbd-401e-bd63-ae39bfcaab3e", "value": "https://www.virustotal.com/file/d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44/analysis/1543572844/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1550352088", "to_ids": false, "type": "text", "uuid": "95e48f3e-8da2-4521-b203-dbe94341995f", "value": "30/59" } ] } ] } }