{ "Event": { "analysis": "2", "date": "2018-08-01", "extends_uuid": "", "info": "Ursnif, MALWAREMESSIAGH", "publish_timestamp": "1533306986", "published": true, "threat_level_id": "3", "timestamp": "1533306089", "uuid": "5b646415-7b48-40d5-86b4-c0070acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ab34e3", "local": "0", "name": "PasteBin: MALWAREMESSIAGH", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:banker=\"Gozi\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "Ursnif", "deleted": false, "disable_correlation": false, "timestamp": "1533306058", "to_ids": true, "type": "domain", "uuid": "5b6464ca-e73c-4707-9b8a-d0350acd0835", "value": "ooiasjdnqjwbeasdasd.com" }, { "category": "Network activity", "comment": "Ursnif", "deleted": false, "disable_correlation": false, "timestamp": "1533306058", "to_ids": true, "type": "domain", "uuid": "5b6464ca-45f8-43d0-8b78-d0350acd0835", "value": "eqowiesajenqweasd.com" }, { "category": "Network activity", "comment": "Ursnif", "deleted": false, "disable_correlation": false, "timestamp": "1533306058", "to_ids": true, "type": "domain", "uuid": "5b6464ca-8c84-4c2d-95d9-d0350acd0835", "value": "dquohwdihaewqdcas.com" }, { "category": "Network activity", "comment": "Ursnif", "deleted": false, "disable_correlation": false, "timestamp": "1533306058", "to_ids": true, "type": "domain", "uuid": "5b6464ca-e0a0-40e0-8e21-d0350acd0835", "value": "diqjwhebseqhbasdh.com" }, { "category": "Payload delivery", "comment": "Ursnif dropped file", "deleted": false, "disable_correlation": false, "timestamp": "1533306089", "to_ids": true, "type": "url", "uuid": "5b6464e9-e73c-484d-a0b3-c0070acd0835", "value": "http://sistemait.it/softaculous/backup/client.rar" } ] } }