adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5cd4446a-b318-40d6-8120-473a950d210f.json

353 lines
No EOL
12 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2019-05-09",
"extends_uuid": "",
"info": "OSINT - keepass(dot)com spreading malware acting as the official site for KeePass password manager. Download for .dmg and .exe files are available on the site.",
"publish_timestamp": "1557415440",
"published": true,
"threat_level_id": "3",
"timestamp": "1557415377",
"uuid": "5cd4446a-b318-40d6-8120-473a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Unconditional client-side exploitation/Injected Website/Driveby - T1372\""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1557415099",
"to_ids": true,
"type": "sha256",
"uuid": "5cd444bb-5100-4607-ab39-4e98950d210f",
"value": "4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1557415099",
"to_ids": true,
"type": "sha256",
"uuid": "5cd444bb-b15c-4760-b152-4fda950d210f",
"value": "41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1557415149",
"to_ids": true,
"type": "domain",
"uuid": "5cd444ed-5814-49ff-a3f9-466a950d210f",
"value": "lifopp-sacoho.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1557415108",
"uuid": "9bc5279d-fa53-4c2f-92f1-9aac47fe4658",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9bc5279d-fa53-4c2f-92f1-9aac47fe4658",
"referenced_uuid": "b6903b23-45ff-4d75-ab0d-ebc19a94a7e6",
"relationship_type": "analysed-with",
"timestamp": "1557415108",
"uuid": "5cd444c4-dc64-44bb-b6bc-45ec950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1557415099",
"to_ids": true,
"type": "md5",
"uuid": "74f7c0dd-c91b-40c0-8f79-2a166f238326",
"value": "3590c4b2cfa63655dc14bef32659f675"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1557415099",
"to_ids": true,
"type": "sha1",
"uuid": "62f22eb0-6df4-4280-8141-68c00d1b25d8",
"value": "5b0825a4436e4908501667e1cfa91e9e39e82302"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1557415099",
"to_ids": true,
"type": "sha256",
"uuid": "1876d114-6aff-4578-bdb3-fb33a4177b40",
"value": "4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1557415108",
"uuid": "b6903b23-45ff-4d75-ab0d-ebc19a94a7e6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1557415099",
"to_ids": false,
"type": "datetime",
"uuid": "9268cd71-c418-4b6c-8ae7-b2755788dedc",
"value": "2019-05-08T10:03:22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1557415099",
"to_ids": false,
"type": "link",
"uuid": "fea2b397-1408-4777-ab45-308963ac7d8b",
"value": "https://www.virustotal.com/file/4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966/analysis/1557309802/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1557415099",
"to_ids": false,
"type": "text",
"uuid": "584d4279-982a-4ca3-bedf-933dd6a5b6bb",
"value": "31/72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1557415108",
"uuid": "2ec00d74-5d8a-4db5-9d43-1845fcfd8917",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2ec00d74-5d8a-4db5-9d43-1845fcfd8917",
"referenced_uuid": "b6b594cd-778d-4c19-a1e8-b04a78d6154d",
"relationship_type": "analysed-with",
"timestamp": "1557415108",
"uuid": "5cd444c4-2080-4e51-8579-47de950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1557415099",
"to_ids": true,
"type": "md5",
"uuid": "81add71e-e549-4b98-9afe-695b617f0642",
"value": "0211036d4f551610892d3da2f2377b95"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1557415099",
"to_ids": true,
"type": "sha1",
"uuid": "addec366-d1b1-446f-ba62-24d6bcfbb96f",
"value": "b4f5d93b0eb93812018646f6b358da9592ae6499"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1557415099",
"to_ids": true,
"type": "sha256",
"uuid": "3dc10670-ea31-4e41-984c-2bd669198b13",
"value": "41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1557415108",
"uuid": "b6b594cd-778d-4c19-a1e8-b04a78d6154d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1557415099",
"to_ids": false,
"type": "datetime",
"uuid": "a6d53689-a303-42fe-8c7f-def94d11e653",
"value": "2019-05-07T11:36:35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1557415099",
"to_ids": false,
"type": "link",
"uuid": "eceb9e59-eff8-433b-8169-b854da49308d",
"value": "https://www.virustotal.com/file/41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e/analysis/1557228995/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1557415099",
"to_ids": false,
"type": "text",
"uuid": "05cda147-431f-4496-807b-50aa24c3c031",
"value": "14/56"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "5",
"timestamp": "1557415316",
"uuid": "5cd44594-ead8-4e11-8ccb-4a0e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1557415317",
"to_ids": false,
"type": "text",
"uuid": "5cd44595-8944-400e-b668-4629950d210f",
"value": "keepass(dot)com spreading malware acting as the official site for KeePass password manager. Download for .dmg and .exe files are available on the site. @malwrhunterteam"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1557415317",
"to_ids": false,
"type": "text",
"uuid": "5cd44595-c004-4e7e-83c1-442b950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1557415317",
"to_ids": false,
"type": "url",
"uuid": "5cd44595-d14c-4a3d-bb69-4f53950d210f",
"value": "https://twitter.com/berkcgoksel/status/1125727590440931329"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1557415317",
"to_ids": false,
"type": "text",
"uuid": "5cd44595-720c-4b7b-9eb2-42a8950d210f",
"value": "berkcgoksel"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink