misp-circl-feed/feeds/circl/misp/5c12139d-11a8-44d4-bb77-42b7950d210f.json

1 line
No EOL
4.9 KiB
JSON

{"Event": {"info": "New version of Shamoon, affecting the Italian arm of Saudi Aramco", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Shamoon\""}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}, {"colour": "#002642", "exportable": true, "name": "osint:source-type=\"microblog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}], "publish_timestamp": "0", "timestamp": "1544690107", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5c12164d-8334-4dc1-b675-6985950d210f", "sharing_group_id": "0", "timestamp": "1544689229", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "4", "Attribute": [{"comment": "", "category": "Other", "uuid": "5c12164d-be28-480f-ba62-6985950d210f", "timestamp": "1544689229", "to_ids": false, "value": "New version of Shamoon, affecting the Italian arm of Saudi Aramco. MD5: b41f586fc9c95c66f0967f1592641a85, 001d216ee755f0bc96125892e2fb3e3a, de07c4ac94a50663851e5dabe6e50d1f.", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5c12164e-684c-46f8-a983-6985950d210f", "timestamp": "1544689230", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5c12164e-4f00-4c8e-9ca4-6985950d210f", "timestamp": "1544689230", "to_ids": true, "value": "https://mobile.twitter.com/hexcapes/status/1072852775279751169", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5c12164e-6fb4-4474-9dd4-6985950d210f", "timestamp": "1544689230", "to_ids": false, "value": "Dec 12, 2018 2:56 PM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5c12164f-a554-4263-b0c3-6985950d210f", "timestamp": "1544689231", "to_ids": false, "value": "@hexcapes", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c1216a5-48fc-4394-90af-4c1c950d210f", "sharing_group_id": "0", "timestamp": "1544689317", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c1216a5-d2d4-4c4d-9d01-46f7950d210f", "timestamp": "1544689317", "to_ids": true, "value": "b41f586fc9c95c66f0967f1592641a85", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5c1216a6-b97c-45f7-a1c1-4a87950d210f", "timestamp": "1544689318", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c1216f3-6298-46e3-9ed9-0d1b950d210f", "sharing_group_id": "0", "timestamp": "1544689395", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c1216f3-fac0-4b1e-aed2-0d1b950d210f", "timestamp": "1544689395", "to_ids": true, "value": "001d216ee755f0bc96125892e2fb3e3a", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5c1216f4-4a58-46a0-995f-0d1b950d210f", "timestamp": "1544689396", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c121701-d5f4-4c11-b32a-0d1b950d210f", "sharing_group_id": "0", "timestamp": "1544689409", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c121702-6e3c-4c81-8ab3-0d1b950d210f", "timestamp": "1544689410", "to_ids": true, "value": "de07c4ac94a50663851e5dabe6e50d1f", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5c121702-30e8-4614-b950-0d1b950d210f", "timestamp": "1544689410", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "extends_uuid": "", "published": false, "date": "2018-12-12", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5c12139d-11a8-44d4-bb77-42b7950d210f"}}