misp-circl-feed/feeds/circl/misp/5cf90c6c-b2f8-4cd0-afbc-49c7950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Ursnif malspam campaign", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:banker=\"Gozi\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Gozi\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Snifula\""}, {"colour": "#0b8c00", "exportable": true, "name": "misp-galaxy:tool=\"Snifula\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1560242502", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5cf910f8-b968-406e-8e57-4530950d210f", "sharing_group_id": "0", "timestamp": "1559829649", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "6", "Attribute": [{"comment": "", "category": "Other", "uuid": "5cf910f8-4fbc-473e-b78d-4041950d210f", "timestamp": "1559829649", "to_ids": false, "value": "#Signed #Ursnif malspam campaign, targets Italy IOC (link: https://pastebin.com/T0r3j92f) pastebin.com/T0r3j92f @JAMESWT_MHT\r\n @James_inthe_box\r\n @DissectMalware\r\n  @executemalware\r\n @JayTHL\r\n @NelsonSecurity\r\n @HazMalware\r\n @dvk01uk\r\n @malwrhunterteam\r\n @DynamicAnalysis\r\n @JRoosen\r\n @bad_packets\r\n @thlnk3r\r\n @luc4m", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5cf910f8-99a4-46b4-a3b2-4e29950d210f", "timestamp": "1559829649", "to_ids": true, "value": "https://mobile.twitter.com/Mesiagh/status/1136355140523266048", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-bc78-4d18-af35-46bd950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@JAMESWT_MHT", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-1278-4e8e-ab47-43b1950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@James_inthe_box", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-962c-4e2a-8c47-4bd2950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@DissectMalware", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-5008-4e2f-b262-4bb8950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@executemalware", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-7cf4-44d3-8a2b-4b6c950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@JayTHL", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-4314-45d1-b90a-4e3e950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@NelsonSecurity", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-df40-4d68-b42a-458f950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@HazMalware", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-48c8-4c02-a5ac-43ae950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@dvk01uk", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf910f9-8ca4-4d14-9977-49af950d210f", "timestamp": "1559829649", "to_ids": false, "value": "@malwrhunterteam", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-baec-4e44-ac69-4e1c950d210f", "timestamp": "1559829650", "to_ids": false, "value": "@DynamicAnalysis", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-1540-4a91-9981-4d27950d210f", "timestamp": "1559829650", "to_ids": false, "value": "@JRoosen", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-3da8-45fc-b238-413c950d210f", "timestamp": "1559829650", "to_ids": false, "value": "@bad_packets", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-bb9c-4f1e-a378-4f75950d210f", "timestamp": "1559829650", "to_ids": false, "value": "@thlnk3r", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-9f24-4d40-85bd-47d8950d210f", "timestamp": "1559829650", "to_ids": false, "value": "@luc4m", "disable_correlation": false, "object_relation": "username-quoted", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-c448-43f0-857c-4017950d210f", "timestamp": "1559829650", "to_ids": false, "value": "Mesiagh", "disable_correlation": false, "object_relation": "username", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5cf91c92-c854-4957-a2ba-40bf950d210f", "timestamp": "1559829650", "to_ids": false, "value": "Jun 5, 2019  9:32 PM", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}], "analysis": "0", "Attribute": [{"comment": "Example of dropping URLs", "category": "Network activity", "uuid": "5cf91ca8-d29c-4619-a397-4fc6950d210f", "timestamp": "1559829672", "to_ids": true, "value": "http://sea-tacselfstorage.com/rFSpmUulnF?Ojgw=5", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Example of dropping URLs", "category": "Network activity", "uuid": "5cf91ca8-c8f8-4108-b47f-49ba950d210f", "timestamp": "1559829672", "to_ids": true, "value": "http://searchstoragequote.com/gWOKhStwTf?kLx=1", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Example of dropping URLs", "category": "Network activity", "uuid": "5cf91ca8-14d0-4563-8da5-452e950d210f", "timestamp": "1559829672", "to_ids": true, "value": "http://usastoragenetwork.com/Mjp?sbKOG=1", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Example of dropping URLs", "category": "Network activity", "uuid": "5cf91ca8-c720-453b-97fb-4619950d210f", "timestamp": "1559829672", "to_ids": true, "value": "http://extrastoragesandiego.com/akpoAP?mng=2", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Example of dropping URLs", "category": "Network activity", "uuid": "5cf91ca8-4cf8-4b64-80a6-4f5d950d210f", "timestamp": "1559829672", "to_ids": true, "value": "http://allspanawaystorage.net/RlBH?ZnnP=6", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-592c-43d1-a859-44b7950d210f", "timestamp": "1559829732", "to_ids": true, "value": "allspanawayselfstorage.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-0f0c-4bba-bf10-44aa950d210f", "timestamp": "1559829732", "to_ids": true, "value": "allspanawaystorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-80b8-4366-9ce0-493c950d210f", "timestamp": "1559829732", "to_ids": true, "value": "allspanawaystorage.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-939c-4902-88d4-46ac950d210f", "timestamp": "1559829732", "to_ids": true, "value": "allspanawaystorage.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-2a5c-4503-8a4e-407a950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamboatstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-b964-4192-aa2c-4e89950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamboatstorage.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-de80-4efb-97e1-4a41950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamrvandboatstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-7f6c-485b-bdbf-4c9e950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamrvandboatstorage.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-0dc4-44df-897d-47ab950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamrvandboatstorage.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-e010-4fca-b5c5-466b950d210f", "timestamp": "1559829732", "to_ids": true, "value": "bellinghamrvstorage.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce4-cd10-4e89-9da8-4c11950d210f", "timestamp": "1559829732", "to_ids": true, "value": "cheapsilkscreenprinting.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-2e7c-4d1b-95a7-41ab950d210f", "timestamp": "1559829733", "to_ids": true, "value": "extrastorageoflemongrove.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-ec38-4c72-911c-4ca2950d210f", "timestamp": "1559829733", "to_ids": true, "value": "extrastoragesandiego.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-f264-408e-99a8-4a43950d210f", "timestamp": "1559829733", "to_ids": true, "value": "findstoragequote.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-8468-4739-b4e0-4a9e950d210f", "timestamp": "1559829733", "to_ids": true, "value": "freeselfstoragequote.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-6bf0-4f97-ae07-459b950d210f", "timestamp": "1559829733", "to_ids": true, "value": "freestoragequote.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-37fc-4acf-a3f1-4a6b950d210f", "timestamp": "1559829733", "to_ids": true, "value": "freewayselfstoragetacoma.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-f808-4aa8-b09f-4d9b950d210f", "timestamp": "1559829733", "to_ids": true, "value": "freewaystoragetacoma.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-b36c-4092-88e4-475a950d210f", "timestamp": "1559829733", "to_ids": true, "value": "goodchoicefoodservice.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-2834-4591-8c4d-40d9950d210f", "timestamp": "1559829733", "to_ids": true, "value": "intlblvdselfstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-ee2c-4b61-9112-4b2c950d210f", "timestamp": "1559829733", "to_ids": true, "value": "intlblvdselfstorage.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-f03c-403e-baa6-4c0c950d210f", "timestamp": "1559829733", "to_ids": true, "value": "intlblvdselfstorage.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-a2d0-47fc-a954-4c80950d210f", "timestamp": "1559829733", "to_ids": true, "value": "intlblvdstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-c76c-4f40-85c8-45a4950d210f", "timestamp": "1559829733", "to_ids": true, "value": "intlblvdstorage.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-a044-42da-802a-44e4950d210f", "timestamp": "1559829733", "to_ids": true, "value": "portorchardheatedstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-7024-4acc-9456-404a950d210f", "timestamp": "1559829733", "to_ids": true, "value": "portorchardss.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-e2cc-4938-9cb6-401f950d210f", "timestamp": "1559829733", "to_ids": true, "value": "quachieprinting.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-8328-4756-a407-4595950d210f", "timestamp": "1559829733", "to_ids": true, "value": "rayspizzabagelcafenyc.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-dfcc-4e06-aaf0-4ec8950d210f", "timestamp": "1559829733", "to_ids": true, "value": "riehmconstruction.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-14fc-46a2-bbd0-486d950d210f", "timestamp": "1559829733", "to_ids": true, "value": "salspizzeriacateringlowereast.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-5c88-4cc3-9f37-450f950d210f", "timestamp": "1559829733", "to_ids": true, "value": "sanlocowilliamsburg.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-c3b8-40f7-8af1-4678950d210f", "timestamp": "1559829733", "to_ids": true, "value": "searchselfstoragenetwork.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-ab08-42c8-aefc-47cc950d210f", "timestamp": "1559829733", "to_ids": true, "value": "searchselfstoragequote.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-bb08-4294-acc0-4309950d210f", "timestamp": "1559829733", "to_ids": true, "value": "searchstoragenetwork.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-300c-4c4d-897e-4c99950d210f", "timestamp": "1559829733", "to_ids": true, "value": "searchstoragequote.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-98f0-47b4-889b-4df1950d210f", "timestamp": "1559829733", "to_ids": true, "value": "seatacministorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-f788-4f6d-bf00-4506950d210f", "timestamp": "1559829733", "to_ids": true, "value": "sea-tacselfstorage.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-dd64-467d-a025-4f2d950d210f", "timestamp": "1559829733", "to_ids": true, "value": "shinerestaurantchicago.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-d454-4cb6-a3bb-4f1d950d210f", "timestamp": "1559829733", "to_ids": true, "value": "smokeyislandgrillebk.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-6a40-4239-9344-4cb3950d210f", "timestamp": "1559829733", "to_ids": true, "value": "sosasdeligrillbk.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-a3d0-4eeb-aab5-4810950d210f", "timestamp": "1559829733", "to_ids": true, "value": "starofsiamsantamonica.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-09d4-429f-82be-48a3950d210f", "timestamp": "1559829733", "to_ids": true, "value": "superdumplingnewyork.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-ea68-4652-a778-4b64950d210f", "timestamp": "1559829733", "to_ids": true, "value": "sushiakioforesthills.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-67a4-4093-a8b3-4ae3950d210f", "timestamp": "1559829733", "to_ids": true, "value": "usaselfstoragenetwork.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-a9c8-4bc0-a233-4c7f950d210f", "timestamp": "1559829733", "to_ids": true, "value": "usastoragenetwork.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-3420-459e-8e28-402f950d210f", "timestamp": "1559829733", "to_ids": true, "value": "westseattlenailsalon.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5cf91ce5-2748-42b1-976a-4ab1950d210f", "timestamp": "1559829733", "to_ids": true, "value": "54.39.25.194", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}], "extends_uuid": "", "published": false, "date": "2019-06-05", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5cf90c6c-b2f8-4cd0-afbc-49c7950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink