misp-circl-feed/feeds/circl/misp/5aa63cdc-2e9c-4621-8499-4c47950d210f.json

{
  "Event": {
    "analysis": "1",
    "date": "2018-03-12",
    "extends_uuid": "",
    "info": "OSINT - Turla Nautilus Implant",
    "publish_timestamp": "1520844465",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1520844403",
    "uuid": "5aa63cdc-2e9c-4621-8499-4c47950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#0c9100",
        "local": false,
        "name": "admiralty-scale:source-reliability=\"f\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:mitre-entreprise-attack-intrusion-set=\"Turla\"",
        "relationship_type": ""
      },
      {
        "colour": "#065000",
        "local": false,
        "name": "misp-galaxy:tool=\"Wipbot\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1520844303",
        "to_ids": false,
        "type": "link",
        "uuid": "5aa63d2c-9dcc-40a0-95a7-4b0d950d210f",
        "value": "https://mobile.twitter.com/DrunkBinary/status/972946982141603841"
      },
      {
        "category": "Payload installation",
        "comment": "Turla Nautilus",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1520844094",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5aa63d3e-e47c-4856-9084-4e77950d210f",
        "value": "f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db"
      },
      {
        "category": "Network activity",
        "comment": "Appears to contact",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1520844303",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5aa63d54-b08c-49c6-a9ae-409c950d210f",
        "value": "2.20.189.34"
      },
      {
        "category": "External analysis",
        "comment": "Same sample, different name submitted",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1520844304",
        "to_ids": false,
        "type": "link",
        "uuid": "5aa63d6c-fa70-4259-b59c-4fcd950d210f",
        "value": "https://www.reverse.it/sample/f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db?environmentId=120"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
        "meta-category": "misc",
        "name": "microblog",
        "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
        "template_version": "4",
        "timestamp": "1520844242",
        "uuid": "5aa63dd2-e3dc-45d0-b0dc-4c65950d210f",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "post",
            "timestamp": "1520844242",
            "to_ids": false,
            "type": "text",
            "uuid": "5aa63dd2-2844-4794-8565-488f950d210f",
            "value": "What appears to be an actually new sample of the Turla Nautilus Implant\r\n f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "type",
            "timestamp": "1520844243",
            "to_ids": false,
            "type": "text",
            "uuid": "5aa63dd3-715c-400a-b730-43a3950d210f",
            "value": "Twitter"
          },
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "url",
            "timestamp": "1520844243",
            "to_ids": true,
            "type": "url",
            "uuid": "5aa63dd3-0f8c-49c5-bda3-4a94950d210f",
            "value": "https://mobile.twitter.com/DrunkBinary/status/972946982141603841"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "username",
            "timestamp": "1520844243",
            "to_ids": false,
            "type": "text",
            "uuid": "5aa63dd3-b8b0-410e-98d1-4787950d210f",
            "value": "DrunkBinary"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "7",
        "timestamp": "1520844307",
        "uuid": "ac04d932-cbe1-441e-82dc-9c9cb4703445",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "ac04d932-cbe1-441e-82dc-9c9cb4703445",
            "referenced_uuid": "8c91f218-7e54-4698-9338-efd8d3842a1b",
            "relationship_type": "analysed-with",
            "timestamp": "1520844306",
            "uuid": "5aa63e12-ba84-4450-8f9b-45d502de0b81"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1520844304",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5aa63e10-a24c-410d-99af-4dc502de0b81",
            "value": "04b0ed6e26b7ec4140cb9535771207802b0c0463"
          },
          {
            "category": "Payload delivery",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1520844305",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5aa63e11-365c-4ae3-98db-4c8602de0b81",
            "value": "f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db"
          },
          {
            "category": "Payload delivery",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1520844305",
            "to_ids": true,
            "type": "md5",
            "uuid": "5aa63e11-3bfc-45cf-b4e2-4d2102de0b81",
            "value": "f58bdc5edfa14e23164fd00569b3db3f"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "1",
        "timestamp": "1520844306",
        "uuid": "8c91f218-7e54-4698-9338-efd8d3842a1b",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1520844306",
            "to_ids": false,
            "type": "link",
            "uuid": "5aa63e12-8758-4399-96d9-485b02de0b81",
            "value": "https://www.virustotal.com/file/f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db/analysis/1520818696/"
          },
          {
            "category": "Other",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1520844306",
            "to_ids": false,
            "type": "text",
            "uuid": "5aa63e12-e6fc-4a8f-96d4-400502de0b81",
            "value": "13/63"
          },
          {
            "category": "Other",
            "comment": "Turla Nautilus",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1520844306",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5aa63e12-f7b8-4cf5-b48a-47e402de0b81",
            "value": "2018-03-12T01:38:16"
          }
        ]
      }
    ]
  }
}