{ "Event": { "analysis": "2", "date": "2018-05-22", "extends_uuid": "", "info": "Keylogger info via Twitter Feed", "publish_timestamp": "1589183975", "published": true, "threat_level_id": "3", "timestamp": "1621849728", "uuid": "5b043df6-f10c-4de2-a499-2f0d0acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00abd0", "local": "0", "name": "veris:action:malware:variety=\"Spyware/Keylogger\"", "relationship_type": "" }, { "colour": "#003860", "local": "0", "name": "osint:source-type=\"pastie-website\"", "relationship_type": "" }, { "colour": "#002642", "local": "0", "name": "osint:source-type=\"microblog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "On port 2127", "deleted": false, "disable_correlation": false, "timestamp": "1527004727", "to_ids": true, "type": "ip-dst|port", "uuid": "5b043e0b-9008-4287-a2b4-2c060acd0835", "value": "185.208.211.17|2127", "Tag": [ { "colour": "#00aad0", "local": "0", "name": "veris:action:malware:variety=\"C2\"", "relationship_type": "" } ] }, { "category": "Support Tool", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527004810", "to_ids": false, "type": "link", "uuid": "5b043e8a-c2e0-4592-a6ca-2c060acd0835", "value": "https://www.virustotal.com/#/file/32ece033477de21df61ece078da115bdc28286fedc33a7befcc46c64a9003ea1/details" }, { "category": "Support Tool", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527004882", "to_ids": false, "type": "link", "uuid": "5b043ed2-350c-455a-9a52-2ccd0acd0835", "value": "https://pastebin.com/7AxkMj66" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1527004793", "uuid": "5b043e79-94d0-4ee6-87b8-2ade0acd0835", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1527004793", "to_ids": true, "type": "md5", "uuid": "5b043e79-2f18-47de-b3af-2ade0acd0835", "value": "38b52f863541d387685f6c682993c28b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1527004793", "to_ids": true, "type": "sha256", "uuid": "5b043e79-c910-4a85-a678-2ade0acd0835", "value": "32ece033477de21df61ece078da115bdc28286fedc33a7befcc46c64a9003ea1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1527004793", "to_ids": true, "type": "filename", "uuid": "5b043e79-a90c-437c-8656-2ade0acd0835", "value": "Scan_03_pages on New order.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1527004793", "to_ids": true, "type": "sha1", "uuid": "5b043e79-67c4-49c9-9944-2ade0acd0835", "value": "26a48c304412cff3bceb4e470e2395704460af57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1527004793", "to_ids": true, "type": "ssdeep", "uuid": "5b043e79-eb38-4210-aa10-2ade0acd0835", "value": "12288:vFsEbGmmTYeh2luBIN5mPgBT79Hxf1cO8JxGioFm4auc5CU6aD9:vFbzmTYpl6BoBT9VKqm4JmlV9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1527004793", "to_ids": false, "type": "text", "uuid": "5b043e79-b964-4b56-a0ea-2ade0acd0835", "value": "Malicious" } ] } ] } }