misp-circl-feed/feeds/circl/misp/5cc92e5a-c624-4343-8352-40fd02de0b81.json

247 lines
No EOL
7.7 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2019-05-01",
"extends_uuid": "",
"info": "OSINT - Kernel Mode Malicious Loader",
"publish_timestamp": "1556694084",
"published": true,
"threat_level_id": "3",
"timestamp": "1556694075",
"uuid": "5cc92e5a-c624-4343-8352-40fd02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556688489",
"to_ids": true,
"type": "url",
"uuid": "5cc92e69-74a8-4690-90f4-482d02de0b81",
"value": "http://45.227.252.54"
},
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556688522",
"to_ids": true,
"type": "sha1",
"uuid": "5cc92e8a-6df8-4361-ab1b-4d4002de0b81",
"value": "9cfced68abe4f2c0dc5c42f47652592077c26fd6"
},
{
"category": "Payload delivery",
"comment": "unpacked stage",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556688522",
"to_ids": true,
"type": "sha1",
"uuid": "5cc92e8a-a568-4e06-8c35-42c102de0b81",
"value": "e1111022deeeed0389ff01ebb02489c45fa2f71a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556688803",
"to_ids": false,
"type": "link",
"uuid": "5cc92fa3-f1cc-46c7-9084-48c902de0b81",
"value": "https://twitter.com/PRODAFT/status/1123241137710555136"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556694075",
"to_ids": true,
"type": "ip-dst",
"uuid": "5cc9443b-9b54-4abf-a421-1ba002de0b81",
"value": "45.227.252.54"
}
],
"Object": [
{
"comment": "Malicious kernel mode loader",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1556688878",
"uuid": "5cc92fee-df1c-4c88-837f-4d7a02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556688878",
"to_ids": true,
"type": "sha1",
"uuid": "5cc92fee-7418-4df1-af0a-415d02de0b81",
"value": "73f346da7642fae92677a71b01bfcd460f8604bc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1556688878",
"to_ids": false,
"type": "text",
"uuid": "5cc92fee-0ed8-466c-bbf5-4dd002de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556689366",
"uuid": "837ee41b-cf9d-4b16-8de6-383694cf6f5c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "837ee41b-cf9d-4b16-8de6-383694cf6f5c",
"referenced_uuid": "cd55b14c-14bc-4c8c-86e5-170d7444012a",
"relationship_type": "analysed-with",
"timestamp": "1556689367",
"uuid": "5cc931d7-3af0-43cc-8f7a-4f4502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556688522",
"to_ids": true,
"type": "md5",
"uuid": "59804e8e-6d94-4912-9cc0-a5c2bd1421c7",
"value": "3ae249513649876a34c60e04f385e156"
},
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556688522",
"to_ids": true,
"type": "sha1",
"uuid": "158a8aed-fdd7-45b8-ba6c-fc6a96ef5f67",
"value": "9cfced68abe4f2c0dc5c42f47652592077c26fd6"
},
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556688522",
"to_ids": true,
"type": "sha256",
"uuid": "bb6af612-a0ed-4c80-b890-971bdec595e1",
"value": "1284962d30eabb8e47261414350c01ec04555800a3866f4e6cf1e20816e25a2e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556689367",
"uuid": "cd55b14c-14bc-4c8c-86e5-170d7444012a",
"Attribute": [
{
"category": "Other",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556688522",
"to_ids": false,
"type": "datetime",
"uuid": "09a8c2c4-491f-4dab-b9ba-2d669878f830",
"value": "2019-02-23T10:47:04"
},
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556688522",
"to_ids": false,
"type": "link",
"uuid": "d63e7483-709b-4a33-9799-1109f24b823d",
"value": "https://www.virustotal.com/file/1284962d30eabb8e47261414350c01ec04555800a3866f4e6cf1e20816e25a2e/analysis/1550918824/"
},
{
"category": "Payload delivery",
"comment": "first stage",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556688522",
"to_ids": false,
"type": "text",
"uuid": "0f752f01-5f37-4c8a-8ad8-56622bfe8a6a",
"value": "33/66"
}
]
}
]
}
}