adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59ac43b3-d8a8-4fcf-9543-4a8f02de0b81.json

394 lines
No EOL
14 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-09-03",
"extends_uuid": "",
"info": "OSINT - Javascript malware hosted on US government site which launches powershell to connect to C2.",
"publish_timestamp": "1513594406",
"published": true,
"threat_level_id": "3",
"timestamp": "1513594323",
"uuid": "59ac43b3-d8a8-4fcf-9543-4a8f02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#003860",
"local": false,
"name": "osint:source-type=\"pastie-website\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "59ac43e1-dff8-46a7-9514-4f4702de0b81",
"value": "https://pastebin.com/0eAPV7Lc",
"Tag": [
{
"colour": "#003860",
"local": false,
"name": "osint:source-type=\"pastie-website\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": true,
"type": "sha256",
"uuid": "59ac43f8-6c28-48c0-99e0-453402de0b81",
"value": "1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": true,
"type": "sha1",
"uuid": "59ac4419-3df8-4eda-9312-421002de0b81",
"value": "898e4131496d0ae8eb3fd2a742a30830be3989f6"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504461849",
"to_ids": true,
"type": "md5",
"uuid": "59ac4419-4af4-416c-aa4f-4cb302de0b81",
"value": "c714ca63fc9fccce002941c171c07e4d"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "59ac4419-ddd0-47d5-a136-4ac002de0b81",
"value": "https://www.virustotal.com/file/1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd/analysis/1504118595/"
},
{
"category": "Network activity",
"comment": "Javascript malware hosted on US government site which launches powershell to connect to C2.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": true,
"type": "url",
"uuid": "59ac444f-e13c-4f0d-9ff7-aa5c02de0b81",
"value": "http://dms.nwcg.gov/pipermail/ross-suggestion/attachments/20170304/9ee8a89e/attachment.zip"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "59ac4475-de90-483c-81a6-492502de0b81",
"value": "https://blog.newskysecurity.com/us-government-site-unwittingly-hosting-malware-f1f4f11b6a1d",
"Tag": [
{
"colour": "#0c9100",
"local": false,
"name": "admiralty-scale:source-reliability=\"f\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513587291",
"to_ids": true,
"type": "sha256",
"uuid": "5a3781ac-e49c-4f47-a5c0-47a9950d210f",
"value": "1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6",
"Tag": [
{
"colour": "#3a001f",
"local": false,
"name": "workflow:todo=\"expansion\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "Configuration of Cerber hosted on US Gov website",
"deleted": false,
"disable_correlation": false,
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "5a37820a-a000-466c-bff1-44e1950d210f",
"value": "https://pastebin.com/HAiqH0Wq",
"Tag": [
{
"colour": "#003860",
"local": false,
"name": "osint:source-type=\"pastie-website\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1513594318",
"uuid": "7bbbd45c-82a1-44f6-ab72-7fdf191b8148",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7bbbd45c-82a1-44f6-ab72-7fdf191b8148",
"referenced_uuid": "8328c6e4-df62-4f8a-b9c4-309693e5d9f9",
"relationship_type": "analysed-with",
"timestamp": "1513594315",
"uuid": "5a379dcb-d7a8-4b2f-b46a-4a6602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1513594315",
"to_ids": true,
"type": "sha1",
"uuid": "5a379dcb-6f40-4694-8cc3-4b9502de0b81",
"value": "898e4131496d0ae8eb3fd2a742a30830be3989f6"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1513594315",
"to_ids": true,
"type": "md5",
"uuid": "5a379dcb-618c-415b-b981-43b602de0b81",
"value": "c714ca63fc9fccce002941c171c07e4d"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1513594315",
"to_ids": true,
"type": "sha256",
"uuid": "5a379dcb-d8d0-44f4-9542-4a8202de0b81",
"value": "1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1513594315",
"uuid": "8328c6e4-df62-4f8a-b9c4-309693e5d9f9",
"Attribute": [
{
"category": "External analysis",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "5a379dcb-1d74-48e4-8937-48b002de0b81",
"value": "https://www.virustotal.com/file/1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd/analysis/1504922776/"
},
{
"category": "Other",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1513594315",
"to_ids": false,
"type": "text",
"uuid": "5a379dcb-5f38-4007-a029-423d02de0b81",
"value": "36/60"
},
{
"category": "Other",
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1513594315",
"to_ids": false,
"type": "datetime",
"uuid": "5a379dcb-d190-49b0-adbe-42a502de0b81",
"value": "2017-09-09T02:06:16"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1513594318",
"uuid": "5e701ff1-51b4-4e2b-aacd-421636d9c852",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e701ff1-51b4-4e2b-aacd-421636d9c852",
"referenced_uuid": "801bce9a-1810-4811-a6e0-b8338414db9d",
"relationship_type": "analysed-with",
"timestamp": "1513594316",
"uuid": "5a379dcc-f874-4938-92df-4a4702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1513594315",
"to_ids": true,
"type": "sha1",
"uuid": "5a379dcb-dd7c-4776-8a74-436a02de0b81",
"value": "f996046fea268074d2edd430e628f23942d7b5b6"
},
{
"category": "Payload delivery",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1513594315",
"to_ids": true,
"type": "md5",
"uuid": "5a379dcb-71ac-4d71-b6b1-47b702de0b81",
"value": "61bcd1f3233b857be0aee9ceba6779f3"
},
{
"category": "Payload delivery",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1513594315",
"to_ids": true,
"type": "sha256",
"uuid": "5a379dcb-7954-4470-8c38-401d02de0b81",
"value": "1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1513594315",
"uuid": "801bce9a-1810-4811-a6e0-b8338414db9d",
"Attribute": [
{
"category": "External analysis",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1513594315",
"to_ids": false,
"type": "link",
"uuid": "5a379dcb-2534-458c-b5be-40a602de0b81",
"value": "https://www.virustotal.com/file/1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6/analysis/1504623436/"
},
{
"category": "Other",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1513594315",
"to_ids": false,
"type": "text",
"uuid": "5a379dcb-1b28-4489-b32e-4db702de0b81",
"value": "51/64"
},
{
"category": "Other",
"comment": "Cerber Ransomware",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1513594315",
"to_ids": false,
"type": "datetime",
"uuid": "5a379dcb-ab70-4d4e-8fba-4c1c02de0b81",
"value": "2017-09-05T14:57:16"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink