{ "type": "bundle", "id": "bundle--5b646415-7b48-40d5-86b4-c0070acd0835", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:21:29.000Z", "modified": "2018-08-03T14:21:29.000Z", "name": "Synovus Financial", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b646415-7b48-40d5-86b4-c0070acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:21:29.000Z", "modified": "2018-08-03T14:21:29.000Z", "name": "Ursnif, MALWAREMESSIAGH", "published": "2018-08-03T14:36:26Z", "object_refs": [ "indicator--5b6464ca-e73c-4707-9b8a-d0350acd0835", "indicator--5b6464ca-45f8-43d0-8b78-d0350acd0835", "indicator--5b6464ca-8c84-4c2d-95d9-d0350acd0835", "indicator--5b6464ca-e0a0-40e0-8e21-d0350acd0835", "indicator--5b6464e9-e73c-484d-a0b3-c0070acd0835" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "PasteBin: MALWAREMESSIAGH", "misp-galaxy:banker=\"Gozi\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b6464ca-e73c-4707-9b8a-d0350acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:20:58.000Z", "modified": "2018-08-03T14:20:58.000Z", "description": "Ursnif", "pattern": "[domain-name:value = 'ooiasjdnqjwbeasdasd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-03T14:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b6464ca-45f8-43d0-8b78-d0350acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:20:58.000Z", "modified": "2018-08-03T14:20:58.000Z", "description": "Ursnif", "pattern": "[domain-name:value = 'eqowiesajenqweasd.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-03T14:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b6464ca-8c84-4c2d-95d9-d0350acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:20:58.000Z", "modified": "2018-08-03T14:20:58.000Z", "description": "Ursnif", "pattern": "[domain-name:value = 'dquohwdihaewqdcas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-03T14:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b6464ca-e0a0-40e0-8e21-d0350acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:20:58.000Z", "modified": "2018-08-03T14:20:58.000Z", "description": "Ursnif", "pattern": "[domain-name:value = 'diqjwhebseqhbasdh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-03T14:20:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b6464e9-e73c-484d-a0b3-c0070acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-08-03T14:21:29.000Z", "modified": "2018-08-03T14:21:29.000Z", "description": "Ursnif dropped file", "pattern": "[url:value = 'http://sistemait.it/softaculous/backup/client.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-03T14:21:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] } ] }