misp-circl-feed/feeds/circl/misp/5a587e74-2218-498e-ba91-4165950d210f.json

270 lines
No EOL
8.8 KiB
JSON

{
"Event": {
"analysis": "1",
"date": "2018-01-12",
"extends_uuid": "",
"info": "OSINT - Suspicious binary delivered as fake jpeg",
"publish_timestamp": "1518770853",
"published": true,
"threat_level_id": "3",
"timestamp": "1515812467",
"uuid": "5a587e74-2218-498e-ba91-4165950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#002642",
"name": "osint:source-type=\"microblog-post\""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1515748991",
"to_ids": true,
"type": "sha256",
"uuid": "5a587e7f-b82c-4292-b9c3-49b5950d210f",
"value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "4",
"timestamp": "1515749655",
"uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f",
"referenced_uuid": "5a588060-95f8-42ed-83aa-4484950d210f",
"relationship_type": "indicates",
"timestamp": "1518770853",
"uuid": "5a588114-6544-4ca9-9b89-41ac950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1515749187",
"to_ids": false,
"type": "text",
"uuid": "5a587f43-eedc-435f-b31f-4a21950d210f",
"value": "Don\u00e2\u20ac\u2122t panic! Stay zen! :) VT Score is only 5/67 btw"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1515749187",
"to_ids": false,
"type": "text",
"uuid": "5a587f44-8448-42b3-a221-4672950d210f",
"value": "Twitter"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1515749188",
"to_ids": true,
"type": "url",
"uuid": "5a587f44-19d8-430b-9fe1-49b7950d210f",
"value": "https://twitter.com/xme/status/951395985707675649"
}
]
},
{
"comment": "",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "5",
"timestamp": "1515749621",
"uuid": "5a588060-95f8-42ed-83aa-4484950d210f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1515749621",
"to_ids": true,
"type": "url",
"uuid": "5a588060-4014-4fe0-97f1-4178950d210f",
"value": "http://80.82.67.217/xanax.jpg"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1515749621",
"to_ids": true,
"type": "hostname",
"uuid": "5a588060-9c60-4493-a915-439e950d210f",
"value": "80.82.67.217"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "scheme",
"timestamp": "1515749621",
"to_ids": false,
"type": "text",
"uuid": "5a588060-50cc-4638-b4b6-4fcf950d210f",
"value": "http"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "resource_path",
"timestamp": "1515749621",
"to_ids": false,
"type": "text",
"uuid": "5a588060-6254-43ed-bb79-405e950d210f",
"value": "xanax.jpg"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1515749686",
"uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24",
"referenced_uuid": "5d071e50-add7-4859-ad1f-38657dee81ce",
"relationship_type": "analysed-with",
"timestamp": "1518770853",
"uuid": "5a588133-c258-4b12-bfa7-481402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1515749683",
"to_ids": true,
"type": "sha1",
"uuid": "5a588133-da20-485d-80ba-4c2702de0b81",
"value": "9fec9b390a304fb810a5f31644e8003016bf8b45"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1515749683",
"to_ids": true,
"type": "md5",
"uuid": "5a588133-a798-4d4d-8f11-4b2d02de0b81",
"value": "071d734036a4ce8a1913d48715f26001"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1515749683",
"to_ids": true,
"type": "sha256",
"uuid": "5a588133-1534-4d90-9f06-451102de0b81",
"value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1515749683",
"uuid": "5d071e50-add7-4859-ad1f-38657dee81ce",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1515749683",
"to_ids": false,
"type": "link",
"uuid": "5a588133-e654-4dae-95f5-48ff02de0b81",
"value": "https://www.virustotal.com/file/abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045/analysis/1515742614/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1515749683",
"to_ids": false,
"type": "text",
"uuid": "5a588133-1e18-4c55-87db-4db202de0b81",
"value": "24/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1515749683",
"to_ids": false,
"type": "datetime",
"uuid": "5a588133-f488-40d4-87e7-4c3102de0b81",
"value": "2018-01-12T07:36:54"
}
]
}
]
}
}