misp-circl-feed/feeds/circl/misp/599d5067-8168-43bf-971f-497a950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Malicious script dropping an executable signed by Avast?", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1503489623", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "599d5076-3860-4293-803d-4bd5950d210f", "timestamp": "1503489623", "to_ids": false, "value": "https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "599d508f-0070-49fe-82ad-474b950d210f", "timestamp": "1503489599", "to_ids": false, "value": "Yesterday, I found an interesting sample that I started to analyze\u2026 It reached my spam trap attached to an email in Portuguese with the subject: \"Venho por meio desta solicitar or\u00e7amento dos produtos\u201d (\"I hereby request the products budget\u201d). There was one attached ZIP archive: PanilhaOrcamento.zip (SHA1: 3c159f65ba88bb208df30822d2a88b6531e4d0a7) with a VT score of 0/58.", "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "", "category": "Payload delivery", "uuid": "599d50c1-3250-4e6c-887d-42b2950d210f", "timestamp": "1503489599", "to_ids": false, "value": "Venho por meio desta solicitar or\u00e7amento dos produtos", "disable_correlation": false, "object_relation": null, "type": "email-subject"}, {"comment": "", "category": "Payload delivery", "uuid": "599d512d-3dec-4480-ad56-45bb950d210f", "timestamp": "1503489599", "to_ids": true, "value": "PanilhaOrcamento.zip|3c159f65ba88bb208df30822d2a88b6531e4d0a7", "disable_correlation": false, "object_relation": null, "type": "filename|sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "599d5169-8bcc-47ae-b5f4-42e4950d210f", "timestamp": "1503489599", "to_ids": true, "value": "Panilha Orcamento Contabil 32f5.bat|c191821ddb1db46349afdb08789312ce418696d1", "disable_correlation": false, "object_relation": null, "type": "filename|sha1"}, {"comment": "", "category": "Network activity", "uuid": "599d521f-5cb8-40a6-ad5b-4eb9950d210f", "timestamp": "1503489599", "to_ids": true, "value": "https://1591523753.rsc.cdn77.org/p2r.php?", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "file signed by Avast", "category": "Payload delivery", "uuid": "599d52e1-1e84-4c24-9ee7-1992950d210f", "timestamp": "1503489599", "to_ids": true, "value": "C:\\rx hsdj\\o\\i\\x\\ffax bnzx\\fvenotify.exe|6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7", "disable_correlation": false, "object_relation": null, "type": "filename|sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "599d530d-27b4-424a-819a-426d950d210f", "timestamp": "1503489599", "to_ids": true, "value": "C:\\rx hsdj\\o\\i\\x\\ffax bnzx\\secur32.dll|2ee0c761a25310e34c9d3c9d3e810192d8bbd10d4051522e3eefdc1bd71a17bb", "disable_correlation": false, "object_relation": null, "type": "filename|sha256"}, {"comment": "", "category": "External analysis", "uuid": "599d5475-c4d4-4400-984a-4a96950d210f", "timestamp": "1503489599", "to_ids": false, "value": "https://www.virustotal.com/#/file/9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246/detection", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "599d5475-03a8-4fa8-b299-48de950d210f", "timestamp": "1503489599", "to_ids": false, "value": "https://www.virustotal.com/#/file/6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7/detection", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "file signed by Avast - Xchecked via VT: 6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7", "category": "Payload delivery", "uuid": "599d6e3f-5458-4c0b-94f0-904802de0b81", "timestamp": "1503489599", "to_ids": true, "value": "da7d5d84ec06da830330601077f5d01075de2ed5", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "file signed by Avast - Xchecked via VT: 6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7", "category": "Payload delivery", "uuid": "599d6e3f-540c-486e-83ab-904802de0b81", "timestamp": "1503489599", "to_ids": true, "value": "5fd9e7a51f49eae4d722cabd84999ef5", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "file signed by Avast - Xchecked via VT: 6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7", "category": "External analysis", "uuid": "599d6e3f-d8f4-4e01-a929-904802de0b81", "timestamp": "1503489599", "to_ids": false, "value": "https://www.virustotal.com/file/6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7/analysis/1503339647/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: 3c159f65ba88bb208df30822d2a88b6531e4d0a7", "category": "Payload delivery", "uuid": "599d6e3f-b368-4103-936e-904802de0b81", "timestamp": "1503489599", "to_ids": true, "value": "9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 3c159f65ba88bb208df30822d2a88b6531e4d0a7", "category": "Payload delivery", "uuid": "599d6e3f-24c8-4b3b-a62a-904802de0b81", "timestamp": "1503489599", "to_ids": true, "value": "6fcaa7422eceea72bff4e663e4ce708e", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "- Xchecked via VT: 3c159f65ba88bb208df30822d2a88b6531e4d0a7", "category": "External analysis", "uuid": "599d6e3f-35b4-4889-b8a8-904802de0b81", "timestamp": "1503489599", "to_ids": false, "value": "https://www.virustotal.com/file/9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246/analysis/1503343138/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": false, "date": "2017-08-23", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "599d5067-8168-43bf-971f-497a950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink