misp-circl-feed/feeds/circl/misp/59d341f4-3ef0-4520-84dc-499c950d210f.json

259 lines
No EOL
7.5 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2017-10-03",
"extends_uuid": "",
"info": "Malspam 2017-10-03",
"publish_timestamp": "1507020276",
"published": true,
"threat_level_id": "3",
"timestamp": "1507020253",
"uuid": "59d341f4-3ef0-4520-84dc-499c950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:tool=\"Emotet\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": false,
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "md5",
"uuid": "59d342ac-fb40-4df8-b7fc-4412950d210f",
"value": "bb0ad0ef5d59e3122e040656ae9a40d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "sha1",
"uuid": "59d342ac-43b0-4115-ab28-4e0c950d210f",
"value": "b6e4330f10e18c66a0e6245ffa47baca2e1e614c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "sha256",
"uuid": "59d342ac-fb2c-48ef-8465-48eb950d210f",
"value": "e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": false,
"type": "link",
"uuid": "59d342ac-013c-4242-8ce3-49ff950d210f",
"value": "https://www.virustotal.com/file/e3d1e44da85f4057f168cef703e8bf9d85e4cbe74d7b68e197b399559b200076/analysis/1507015288/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "url",
"uuid": "59d342ac-fcdc-43b2-8d03-47f4950d210f",
"value": "http://opara.co.za/hlZWpwYFR/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "ip-dst",
"uuid": "59d342ac-bd1c-41a8-86bc-431b950d210f",
"value": "197.221.2.8"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "url",
"uuid": "59d342ac-8fdc-46ff-bb0f-42bc950d210f",
"value": "http://ctmket.com/FwdBho/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "ip-dst",
"uuid": "59d342ac-4550-4ff2-bc2f-4321950d210f",
"value": "208.91.199.145"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "url",
"uuid": "59d342ac-b4d0-42df-a139-4d6d950d210f",
"value": "http://q-productions.com/jkXHSKSGj/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "ip-dst",
"uuid": "59d342ac-00e8-4c81-84ed-4222950d210f",
"value": "216.117.177.69"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "domain",
"uuid": "59d342ac-af54-4b8b-a56d-4580950d210f",
"value": "toolgeeker.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "domain",
"uuid": "59d342ac-2b5c-4297-869a-4753950d210f",
"value": "goodmansbbq.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "md5",
"uuid": "59d342ac-fbc4-4e2d-9c18-4ec6950d210f",
"value": "e64d0353e023f76b16b386399b392b63"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "sha1",
"uuid": "59d342ac-c2a8-4617-9646-4992950d210f",
"value": "6cb27ac6691a210251a3f42c8a0912192b5446ad"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "sha256",
"uuid": "59d342ac-f5a4-4841-a73b-47c8950d210f",
"value": "8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": false,
"type": "link",
"uuid": "59d342ac-89f8-4f7d-8df9-4e80950d210f",
"value": "https://www.virustotal.com/file/8923cfddce118a3ca6652f1dc974ce74b57cc7bbadcd55e49703ed60f89e1cda/analysis/1507015564/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017580",
"to_ids": true,
"type": "link",
"uuid": "59d342ac-6698-4ff1-a57a-4c36950d210f",
"value": "https://en.wikipedia.org/wiki/Emotet"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "domain",
"uuid": "59d342ac-1b60-45f5-ab97-4e08950d210f",
"value": "tomax.hk"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017388",
"to_ids": true,
"type": "url",
"uuid": "59d342ac-7674-45c3-89ff-4e3e950d210f",
"value": "http://tomax.hk/SOLS-706827815-97560632-Neuer-RV/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1507017397",
"to_ids": true,
"type": "ip-dst",
"uuid": "59d342b5-c0fc-492f-9275-4a17950d210f",
"value": "203.135.130.135"
}
]
}
}