{"Event": {"info": "OSINT - ATM Malware using CSCWCNG device handler", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:financial-fraud=\"ATM Black Box Attack\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}], "publish_timestamp": "0", "timestamp": "1558336246", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5ce24bd7-65d8-4ee8-a647-4a77950d210f", "sharing_group_id": "0", "timestamp": "1558334423", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "5", "Attribute": [{"comment": "", "category": "Other", "uuid": "5ce24bd7-9f24-48d2-b699-4e4f950d210f", "timestamp": "1558334423", "to_ids": false, "value": "Another shitty #ATM #Malware using CSCWCNG device handler. Uploaded to VT yesterday from Mexico. 0 detected rate by AV vendors currently. (link: https://www.virustotal.com/gui/file/4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f/summary) virustotal.com/gui/file/4a75b\u2026", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ce24bd7-b958-42cc-98e8-4e90950d210f", "timestamp": "1558334423", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5ce24bd7-f854-404d-8cbf-45b5950d210f", "timestamp": "1558334423", "to_ids": true, "value": "https://mobile.twitter.com/r3c0nst/status/1129641730813366274", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ce24bd7-d450-4e07-86af-44d2950d210f", "timestamp": "1558334423", "to_ids": true, "value": "https://t.co/ZSAQ5vmLko?amp=1", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ce24bd7-5f0c-4b9f-b88a-4be6950d210f", "timestamp": "1558334423", "to_ids": true, "value": "https://www.virustotal.com/gui/file/4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f/summary", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5ce24bd7-768c-4257-9aac-4173950d210f", "timestamp": "1558334423", "to_ids": false, "value": "May 18, 2019 8:55 AM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5ce24bd7-c840-4e40-ae93-46d7950d210f", "timestamp": "1558334423", "to_ids": false, "value": "r3c0nst", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5ce24d6e-33cc-4003-a107-23aa950d210f", "sharing_group_id": "0", "timestamp": "1558334830", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "5", "Attribute": [{"comment": "", "category": "Other", "uuid": "5ce24d6e-e85c-43bf-adbe-23aa950d210f", "timestamp": "1558334830", "to_ids": false, "value": "Another Sample, same origin -> (link: https://www.virustotal.com/gui/file/7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6/summary) virustotal.com/gui/file/7dde7\u2026", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5ce24d6e-d528-408f-b777-23aa950d210f", "timestamp": "1558334830", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5ce24d6e-3fb8-4347-8ef8-23aa950d210f", "timestamp": "1558334830", "to_ids": true, "value": "https://mobile.twitter.com/r3c0nst/status/1129651569006383104", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ce24d6e-67fc-49ee-8428-23aa950d210f", "timestamp": "1558334830", "to_ids": true, "value": "https://t.co/DCidfeiD8X?amp=1", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5ce24d6e-7b68-4a59-ac22-23aa950d210f", "timestamp": "1558334830", "to_ids": true, "value": "https://www.virustotal.com/gui/file/7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6/summary", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5ce24d6e-5c54-4370-90ca-23aa950d210f", "timestamp": "1558334830", "to_ids": false, "value": "May 18, 2019 9:34 AM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5ce24d6e-83d0-45d2-b22d-23aa950d210f", "timestamp": "1558334830", "to_ids": false, "value": "r3c0nst", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5ce24f13-93d0-498d-9257-6a67950d210f", "sharing_group_id": "0", "timestamp": "1558335541", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5ce24f13-1b98-4955-9cbc-6a67950d210f", "timestamp": "1558335541", "to_ids": true, "value": "4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Other", "uuid": "5ce24f13-2be8-4614-b8af-6a67950d210f", "timestamp": "1558335541", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce24fcd-1fe4-4a69-9b74-1e34950d210f", "timestamp": "1558335541", "to_ids": true, "value": "USBLOGGER.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce24fcd-57a4-437c-8fc4-1e34950d210f", "timestamp": "1558335541", "to_ids": true, "value": "c76d7cd7beac5573158b22a37fde1b5f", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce24fcd-59d4-43ff-b38d-1e34950d210f", "timestamp": "1558335541", "to_ids": true, "value": "93b54b23a28101a1d874f55d0cadb570c34abed1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce24fcd-499c-48f8-9f3c-1e34950d210f", "timestamp": "1558335541", "to_ids": true, "value": "b2e12a5c44e7e01965c971de559933cb95d64bbac245531fe7d057610b49b6c1", "disable_correlation": false, "object_relation": "authentihash", "type": "authentihash"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce24fcd-93c0-4e99-834a-1e34950d210f", "timestamp": "1558335541", "to_ids": true, "value": "384:ibfcYkg5ypJg5yHSYkg5yk9JYkg5yoWbfcYkg5yH9yckg5yo6Sd/gm0uAJ0KA1+m:ehgH+oqgkAJ0KAMt8j", "disable_correlation": false, "object_relation": "ssdeep", "type": "ssdeep"}, {"comment": "", "category": "Other", "uuid": "5ce25036-b524-49c1-b7f0-7049950d210f", "timestamp": "1558335542", "to_ids": false, "value": "15360", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5ce24f57-d3e4-49a1-94ac-6c8f950d210f", "sharing_group_id": "0", "timestamp": "1558335514", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5ce24f57-209c-445d-9c1b-6c8f950d210f", "timestamp": "1558335514", "to_ids": true, "value": "7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Other", "uuid": "5ce24f57-0c20-40e0-a448-6c8f950d210f", "timestamp": "1558335514", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce2501a-000c-4a4d-bd15-57fc950d210f", "timestamp": "1558335514", "to_ids": true, "value": "USBLOGGERzz.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce2501a-8d08-49dd-80fd-57fc950d210f", "timestamp": "1558335514", "to_ids": true, "value": "731ab0f17372aea499046b9719e22c4e", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce2501a-39b4-4bf4-b8a0-57fc950d210f", "timestamp": "1558335514", "to_ids": true, "value": "392023259d2aa32db16641d536b95f5d91a26276", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce2501a-ba28-4cf9-a5f1-57fc950d210f", "timestamp": "1558335514", "to_ids": true, "value": "74b65983fb079fd441233dcb3a46d51338292ab1cbec692e170234a43446b433", "disable_correlation": false, "object_relation": "authentihash", "type": "authentihash"}, {"comment": "", "category": "Payload delivery", "uuid": "5ce2501a-2564-4e54-aa99-57fc950d210f", "timestamp": "1558335514", "to_ids": true, "value": "384:rbfcYkg5yZJg5yZSYkg5y09JYkg5yoWbfcYkg5yW9yckg5yo60fqzN0uqC6jv1+a:xxuHuoBzyzbqC6DMts", "disable_correlation": false, "object_relation": "ssdeep", "type": "ssdeep"}, {"comment": "", "category": "Other", "uuid": "5ce2501a-8934-4b29-b2cc-57fc950d210f", "timestamp": "1558335514", "to_ids": false, "value": "15360", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "extends_uuid": "", "published": false, "date": "2019-05-18", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5ce24b65-40d0-4010-b7ec-2c28950d210f"}}