misp-circl-feed/feeds/circl/misp/572efbbc-ba08-4a82-b879-400d02de0b81.json

245 lines
No EOL
8.3 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2016-05-08",
"extends_uuid": "",
"info": "Fake scan campaings (20160505 - 20160507) using docm - Dridex",
"publish_timestamp": "1462697526",
"published": true,
"threat_level_id": "3",
"timestamp": "1462697324",
"uuid": "572efbbc-ba08-4a82-b879-400d02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696943",
"to_ids": true,
"type": "url",
"uuid": "572efbef-6894-4dd0-a438-480602de0b81",
"value": "fm1.ntlweb.org/87hcnrewe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696943",
"to_ids": true,
"type": "url",
"uuid": "572efbef-28e4-487d-835b-4ecc02de0b81",
"value": "iconigram.com/87hcnrewe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696943",
"to_ids": true,
"type": "url",
"uuid": "572efbef-6b4c-485a-96b8-4c2402de0b81",
"value": "www.sammelarmband.de/87hcnrewe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696944",
"to_ids": true,
"type": "url",
"uuid": "572efbf0-65fc-41dc-9dd6-48d102de0b81",
"value": "hospice.psy.free.fr/87hcnrewe"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696973",
"to_ids": true,
"type": "ip-dst",
"uuid": "572efc0d-33dc-4c5a-86b2-424602de0b81",
"value": "192.241.252.152"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696973",
"to_ids": true,
"type": "ip-dst",
"uuid": "572efc0d-c538-47f4-9f65-477c02de0b81",
"value": "195.169.147.26"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462696974",
"to_ids": true,
"type": "ip-dst",
"uuid": "572efc0e-66ec-433d-a8aa-408d02de0b81",
"value": "70.164.127.132"
},
{
"category": "Payload delivery",
"comment": "Dropped binary",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697038",
"to_ids": true,
"type": "sha256",
"uuid": "572efc4e-cc64-4b0f-9b5f-427f02de0b81",
"value": "84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e"
},
{
"category": "Payload delivery",
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697062",
"to_ids": true,
"type": "sha1",
"uuid": "572efc66-9ccc-4e82-8172-41a202de0b81",
"value": "a835542d280eb8a3cc508cd57bcd94fd2393fc31"
},
{
"category": "Payload delivery",
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697063",
"to_ids": true,
"type": "md5",
"uuid": "572efc67-9714-4709-8f5f-49d302de0b81",
"value": "803358c128aae4faed24e194d6388e68"
},
{
"category": "External analysis",
"comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697063",
"to_ids": false,
"type": "link",
"uuid": "572efc67-a9ac-4e71-91f3-482302de0b81",
"value": "https://www.virustotal.com/file/84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e/analysis/1462526126/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697117",
"to_ids": true,
"type": "url",
"uuid": "572efc9d-79a4-4199-bde2-46cc02de0b81",
"value": "http://meregivo.com.ua/87hcnrewe"
},
{
"category": "Payload delivery",
"comment": "malicious docm",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697227",
"to_ids": true,
"type": "sha256",
"uuid": "572efd0b-677c-4f67-a705-4cb302de0b81",
"value": "af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab"
},
{
"category": "Payload delivery",
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697235",
"to_ids": true,
"type": "sha1",
"uuid": "572efd13-8974-4e7a-947f-465102de0b81",
"value": "f9cb0984f6fcc3e76070bd8f71c193f58000c1a7"
},
{
"category": "Payload delivery",
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697236",
"to_ids": true,
"type": "md5",
"uuid": "572efd14-e58c-42aa-865b-4e5d02de0b81",
"value": "a52fc2b17771577ee1e72a08f99fa432"
},
{
"category": "External analysis",
"comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697236",
"to_ids": false,
"type": "link",
"uuid": "572efd14-f9e8-4c6b-8e9c-4bb802de0b81",
"value": "https://www.virustotal.com/file/af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab/analysis/1462544836/"
},
{
"category": "Payload delivery",
"comment": "malicious docm",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697317",
"to_ids": true,
"type": "sha256",
"uuid": "572efd55-bef4-4d63-9929-46d002de0b81",
"value": "0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25"
},
{
"category": "Payload delivery",
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697324",
"to_ids": true,
"type": "sha1",
"uuid": "572efd6c-7f24-4459-9832-43d202de0b81",
"value": "892d09d04fa087df98fb0c2941b7a39c4c938822"
},
{
"category": "Payload delivery",
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697324",
"to_ids": true,
"type": "md5",
"uuid": "572efd6c-e894-4c0f-be22-4f2902de0b81",
"value": "22feec8b1b12603a6efc8d098817b99a"
},
{
"category": "External analysis",
"comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1462697324",
"to_ids": false,
"type": "link",
"uuid": "572efd6c-e2b4-44ed-9962-470b02de0b81",
"value": "https://www.virustotal.com/file/0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25/analysis/1462544863/"
}
]
}
}