misp-circl-feed/feeds/circl/misp/5b043df6-f10c-4de2-a499-2f0d0acd0835.json

{
  "Event": {
    "analysis": "2",
    "date": "2018-05-22",
    "extends_uuid": "",
    "info": "Keylogger info via Twitter Feed",
    "publish_timestamp": "1589183975",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1621849728",
    "uuid": "5b043df6-f10c-4de2-a499-2f0d0acd0835",
    "Orgc": {
      "name": "Synovus Financial",
      "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#00abd0",
        "local": false,
        "name": "veris:action:malware:variety=\"Spyware/Keylogger\"",
        "relationship_type": ""
      },
      {
        "colour": "#003860",
        "local": false,
        "name": "osint:source-type=\"pastie-website\"",
        "relationship_type": ""
      },
      {
        "colour": "#002642",
        "local": false,
        "name": "osint:source-type=\"microblog-post\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "On port 2127",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1527004727",
        "to_ids": true,
        "type": "ip-dst|port",
        "uuid": "5b043e0b-9008-4287-a2b4-2c060acd0835",
        "value": "185.208.211.17|2127",
        "Tag": [
          {
            "colour": "#00aad0",
            "local": false,
            "name": "veris:action:malware:variety=\"C2\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Support Tool",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1527004810",
        "to_ids": false,
        "type": "link",
        "uuid": "5b043e8a-c2e0-4592-a6ca-2c060acd0835",
        "value": "https://www.virustotal.com/#/file/32ece033477de21df61ece078da115bdc28286fedc33a7befcc46c64a9003ea1/details"
      },
      {
        "category": "Support Tool",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1527004882",
        "to_ids": false,
        "type": "link",
        "uuid": "5b043ed2-350c-455a-9a52-2ccd0acd0835",
        "value": "https://pastebin.com/7AxkMj66"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "11",
        "timestamp": "1527004793",
        "uuid": "5b043e79-94d0-4ee6-87b8-2ade0acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1527004793",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b043e79-2f18-47de-b3af-2ade0acd0835",
            "value": "38b52f863541d387685f6c682993c28b"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1527004793",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b043e79-c910-4a85-a678-2ade0acd0835",
            "value": "32ece033477de21df61ece078da115bdc28286fedc33a7befcc46c64a9003ea1"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "filename",
            "timestamp": "1527004793",
            "to_ids": true,
            "type": "filename",
            "uuid": "5b043e79-a90c-437c-8656-2ade0acd0835",
            "value": "Scan_03_pages on New order.exe"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1527004793",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b043e79-67c4-49c9-9944-2ade0acd0835",
            "value": "26a48c304412cff3bceb4e470e2395704460af57"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1527004793",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b043e79-eb38-4210-aa10-2ade0acd0835",
            "value": "12288:vFsEbGmmTYeh2luBIN5mPgBT79Hxf1cO8JxGioFm4auc5CU6aD9:vFbzmTYpl6BoBT9VKqm4JmlV9"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1527004793",
            "to_ids": false,
            "type": "text",
            "uuid": "5b043e79-b964-4b56-a0ea-2ade0acd0835",
            "value": "Malicious"
          }
        ]
      }
    ]
  }
}