{ "Event": { "analysis": "0", "date": "2017-10-03", "extends_uuid": "", "info": "Malspam 2017-10-03", "publish_timestamp": "1507020276", "published": true, "threat_level_id": "3", "timestamp": "1507020253", "uuid": "59d341f4-3ef0-4520-84dc-499c950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Emotet\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#3b7500", "local": "0", "name": "circl:incident-classification=\"malware\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "md5", "uuid": "59d342ac-fb40-4df8-b7fc-4412950d210f", "value": "bb0ad0ef5d59e3122e040656ae9a40d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "sha1", "uuid": "59d342ac-43b0-4115-ab28-4e0c950d210f", "value": "b6e4330f10e18c66a0e6245ffa47baca2e1e614c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "sha256", "uuid": "59d342ac-fb2c-48ef-8465-48eb950d210f", "value": "e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": false, "type": "link", "uuid": "59d342ac-013c-4242-8ce3-49ff950d210f", "value": "https://www.virustotal.com/file/e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076/analysis/1507015288/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "url", "uuid": "59d342ac-fcdc-43b2-8d03-47f4950d210f", "value": "http://opara.co.za/hlZWpwYFR/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "ip-dst", "uuid": "59d342ac-bd1c-41a8-86bc-431b950d210f", "value": "197.221.2.8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "url", "uuid": "59d342ac-8fdc-46ff-bb0f-42bc950d210f", "value": "http://ctmket.com/FwdBho/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "ip-dst", "uuid": "59d342ac-4550-4ff2-bc2f-4321950d210f", "value": "208.91.199.145" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "url", "uuid": "59d342ac-b4d0-42df-a139-4d6d950d210f", "value": "http://q-productions.com/jkXHSKSGj/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "ip-dst", "uuid": "59d342ac-00e8-4c81-84ed-4222950d210f", "value": "216.117.177.69" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "domain", "uuid": "59d342ac-af54-4b8b-a56d-4580950d210f", "value": "toolgeeker.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "domain", "uuid": "59d342ac-2b5c-4297-869a-4753950d210f", "value": "goodmansbbq.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "md5", "uuid": "59d342ac-fbc4-4e2d-9c18-4ec6950d210f", "value": "e64d0353e023f76b16b386399b392b63" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "sha1", "uuid": "59d342ac-c2a8-4617-9646-4992950d210f", "value": "6cb27ac6691a210251a3f42c8a0912192b5446ad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "sha256", "uuid": "59d342ac-f5a4-4841-a73b-47c8950d210f", "value": "8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": false, "type": "link", "uuid": "59d342ac-89f8-4f7d-8df9-4e80950d210f", "value": "https://www.virustotal.com/file/8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda/analysis/1507015564/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017580", "to_ids": true, "type": "link", "uuid": "59d342ac-6698-4ff1-a57a-4c36950d210f", "value": "https://en.wikipedia.org/wiki/Emotet" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "domain", "uuid": "59d342ac-1b60-45f5-ab97-4e08950d210f", "value": "tomax.hk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017388", "to_ids": true, "type": "url", "uuid": "59d342ac-7674-45c3-89ff-4e3e950d210f", "value": "http://tomax.hk/SOLS-706827815-97560632-Neuer-RV/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507017397", "to_ids": true, "type": "ip-dst", "uuid": "59d342b5-c0fc-492f-9275-4a17950d210f", "value": "203.135.130.135" } ] } }