{ "Event": { "analysis": "2", "date": "2016-08-12", "extends_uuid": "", "info": "OSINT Bad News Bears - Panda Banker Starts Looking More Like a Grizzly by ProofPoint", "publish_timestamp": "1474835902", "published": true, "threat_level_id": "3", "timestamp": "1471529176", "uuid": "57b5b7eb-208c-4c32-ae59-4ec2950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "OSINT" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#6edb00", "name": "circl:topic=\"finance\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471526902", "to_ids": false, "type": "link", "uuid": "57b5b7f6-59c0-43f4-baf2-4fc2950d210f", "value": "https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-more-like-a-grizzly" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526961", "to_ids": true, "type": "domain", "uuid": "57b5b831-e9b4-4d0f-8320-4fe5950d210f", "value": "nederlandstest.com" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526961", "to_ids": true, "type": "domain", "uuid": "57b5b831-1e74-4c89-8e27-4e0e950d210f", "value": "test2222test.info" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526961", "to_ids": true, "type": "sha256", "uuid": "57b5b831-a3ac-4eef-961d-43a1950d210f", "value": "3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526962", "to_ids": true, "type": "sha256", "uuid": "57b5b832-e9d0-4aea-9913-44d3950d210f", "value": "b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526962", "to_ids": true, "type": "url", "uuid": "57b5b832-3940-457e-b45d-42b8950d210f", "value": "http://www.monparfum.it/payments/info.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526962", "to_ids": true, "type": "url", "uuid": "57b5b832-ec4c-45cb-85d3-4deb950d210f", "value": "http://www.monparfum.it/payments/history.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526962", "to_ids": true, "type": "url", "uuid": "57b5b832-2438-4826-953c-4d20950d210f", "value": "http://vividlightingandliving.com.au/bank-info/report.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526962", "to_ids": true, "type": "url", "uuid": "57b5b832-fa74-4d9b-92d1-4950950d210f", "value": "http://www.1800cloud.com/infos/payment.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526963", "to_ids": true, "type": "url", "uuid": "57b5b833-37d8-46e0-998a-4a57950d210f", "value": "http://88.119.179.160/1biycuhoqetzowaawneab.exe" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526963", "to_ids": true, "type": "url", "uuid": "57b5b833-1af8-4f5f-b10d-49ca950d210f", "value": "http://www.1800cloud.com/infos/report.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526963", "to_ids": true, "type": "url", "uuid": "57b5b833-1a6c-480e-928f-4e91950d210f", "value": "http://freebase.pw/vnc64.bin" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526963", "to_ids": true, "type": "url", "uuid": "57b5b833-42ac-45da-b0ed-4243950d210f", "value": "http://guestlistalamode.com/bank/report.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526963", "to_ids": true, "type": "url", "uuid": "57b5b833-10c4-49cb-a6dd-42ed950d210f", "value": "http://guestlistalamode.com/bank/payment.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526964", "to_ids": true, "type": "url", "uuid": "57b5b834-6a80-4bb1-98a3-42c9950d210f", "value": "http://freebase.pw/backsocks.bin" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526964", "to_ids": true, "type": "url", "uuid": "57b5b834-8b0c-4d92-8cb2-4f93950d210f", "value": "http://vividlightingandliving.com.au/bank-info/payment.doc" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526964", "to_ids": true, "type": "url", "uuid": "57b5b834-6b28-4531-ab4c-4026950d210f", "value": "http://freebase.pw/vnc32.bin" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526964", "to_ids": true, "type": "url", "uuid": "57b5b834-0a20-4511-b35b-4610950d210f", "value": "http://freebase.pw/1biycuhoqetzowaawneab.exe" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471526964", "to_ids": true, "type": "url", "uuid": "57b5b834-9c8c-4bfb-970e-4abf950d210f", "value": "http://freebase.pw/grabber.bin" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578", "deleted": false, "disable_correlation": false, "timestamp": "1471529176", "to_ids": true, "type": "sha1", "uuid": "57b5c0d8-50f4-4a3f-9f65-42f902de0b81", "value": "7039bee1b6918ce4ab9d999c3a6df023674b43f3" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578", "deleted": false, "disable_correlation": false, "timestamp": "1471529176", "to_ids": true, "type": "md5", "uuid": "57b5c0d8-4a98-440c-a46e-4a8602de0b81", "value": "81a50b5d0005b50a59d4779132703932" }, { "category": "External analysis", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578", "deleted": false, "disable_correlation": false, "timestamp": "1471529177", "to_ids": false, "type": "link", "uuid": "57b5c0d9-78e4-4d17-8b5a-424202de0b81", "value": "https://www.virustotal.com/file/b78afdedb28db1f5d7d9364f2a78e84a3d140dbc90dddd9cba461b41ba864578/analysis/1471270815/" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4", "deleted": false, "disable_correlation": false, "timestamp": "1471529177", "to_ids": true, "type": "sha1", "uuid": "57b5c0d9-3e14-417b-bc45-499202de0b81", "value": "575f0f7f672a66eba44455eb5efaefa6443e760c" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4", "deleted": false, "disable_correlation": false, "timestamp": "1471529177", "to_ids": true, "type": "md5", "uuid": "57b5c0d9-564c-4a05-b4b0-41da02de0b81", "value": "8783e267751086a09130de0b16de5dec" }, { "category": "External analysis", "comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4", "deleted": false, "disable_correlation": false, "timestamp": "1471529177", "to_ids": false, "type": "link", "uuid": "57b5c0d9-3778-47fb-9819-47f302de0b81", "value": "https://www.virustotal.com/file/3a56be53c1493e1bcfae1c22750a1511460a42984c0388fd7bf2b75e9ed041b4/analysis/1471418928/" } ] } }