adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b3e4d3d-0644-43ef-9ebd-30cd0acd0835.json

566 lines
No EOL
15 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2018-07-05",
"extends_uuid": "",
"info": "Talos Blog - Smoking Guns - Smoke Loader learned new tricks",
"publish_timestamp": "1535016125",
"published": true,
"threat_level_id": "2",
"timestamp": "1531208745",
"uuid": "5b3e4d3d-0644-43ef-9ebd-30cd0acd0835",
"Orgc": {
"name": "Synovus Financial",
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:tool=\"Smoke Loader\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:tool=\"Trick Bot\"",
"relationship_type": ""
},
{
"colour": "#0042a5",
"local": false,
"name": "ms-caro-malware-full:malware-family=\"ShellCode\"",
"relationship_type": ""
},
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
},
{
"colour": "#3d7a00",
"local": false,
"name": " Smoke Loader",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810407",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-decc-41e8-b689-6b620acd0835",
"value": "185.174.173.34",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-35dc-4390-9271-6b620acd0835",
"value": "162.247.155.114",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-e344-4204-a41e-6b620acd0835",
"value": "185.174.173.116",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-7f38-474b-9086-6b620acd0835",
"value": "185.174.173.241",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-d810-45b1-8964-6b620acd0835",
"value": "62.109.26.121",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-59d4-4c9e-ae60-6b620acd0835",
"value": "185.68.93.27",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-a2f8-4063-b8d4-6b620acd0835",
"value": "137.74.151.148",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-6a40-44b0-bad4-6b620acd0835",
"value": "185.223.95.66",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-5f84-4209-b81f-6b620acd0835",
"value": "85.143.221.60",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-729c-477b-bdd6-6b620acd0835",
"value": "195.123.216.115",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-0d64-4ef8-8b6c-6b620acd0835",
"value": "94.103.82.216",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810408",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-b574-4ff1-973a-6b620acd0835",
"value": "185.20.187.13",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-bc0c-4f44-9044-6b620acd0835",
"value": "185.242.179.118",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-7de4-4060-8fd3-6b620acd0835",
"value": "62.109.26.208",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-5298-4538-a277-6b620acd0835",
"value": "213.183.51.54",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810408",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-cf4c-45c9-8d53-6b620acd0835",
"value": "62.109.24.176",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810408",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-1eb0-4dd7-8019-6b620acd0835",
"value": "62.109.27.196",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810408",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-7110-4eb7-b035-6b620acd0835",
"value": "185.174.174.156",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810408",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-b308-4e81-8e09-6b620acd0835",
"value": "37.230.112.146",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Trickbot IPs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810409",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b3e4dd4-a870-4278-9e99-6b620acd0835",
"value": "185.174.174.72",
"Tag": [
{
"colour": "#991515",
"local": false,
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Smoke Loader domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810512",
"to_ids": true,
"type": "domain",
"uuid": "5b3e4dea-079c-459d-a60c-31250acd0835",
"value": "ukcompany.me",
"Tag": [
{
"colour": "#3d7a00",
"local": false,
"name": " Smoke Loader",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Smoke Loader domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810512",
"to_ids": true,
"type": "domain",
"uuid": "5b3e4dea-ee70-453a-8051-31250acd0835",
"value": "ukcompany.pw",
"Tag": [
{
"colour": "#3d7a00",
"local": false,
"name": " Smoke Loader",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Smoke Loader domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810513",
"to_ids": true,
"type": "domain",
"uuid": "5b3e4dea-fcb4-4148-b392-31250acd0835",
"value": "ukcompany.top",
"Tag": [
{
"colour": "#3d7a00",
"local": false,
"name": " Smoke Loader",
"relationship_type": ""
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530809911",
"to_ids": false,
"type": "mutex",
"uuid": "5b3e4e37-8a5c-44a6-9b1a-e7710acd0835",
"value": "opera_shared_counter"
},
{
"category": "Payload delivery",
"comment": "IO08784413.doc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810332",
"to_ids": true,
"type": "sha256",
"uuid": "5b3e4fdc-f53c-4242-8bd5-31250acd0835",
"value": "b98abdbdb85655c64617bb6515df23062ec184fe88d2d6a898b998276a906ebc"
},
{
"category": "Payload delivery",
"comment": "B98abdbdb85655c64617bb6515df23062ec184fe88d2d6a898b998276a906ebc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810332",
"to_ids": true,
"type": "filename",
"uuid": "5b3e4fdc-45cc-4115-baa5-31250acd0835",
"value": "IO08784413.doc"
},
{
"category": "Payload delivery",
"comment": "Trickbot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810332",
"to_ids": true,
"type": "sha256",
"uuid": "5b3e4fdc-4b40-450a-8c1a-31250acd0835",
"value": "0be63a01e2510d161ba9d11e327a55e82dcb5ea07ca1488096dac3e9d4733d41"
},
{
"category": "Payload delivery",
"comment": "Smoke Loader",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810333",
"to_ids": true,
"type": "sha256",
"uuid": "5b3e4fdd-76a0-469b-93f4-31250acd0835",
"value": "b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1530810537",
"to_ids": false,
"type": "link",
"uuid": "5b3e50a9-979c-4616-9d89-01690acd0835",
"value": "https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29"
}
]
}
}
Reference in a new issue View git blame Copy permalink