misp-circl-feed/feeds/circl/misp/57062927-2a54-4d6a-89c4-37ea950d210f.json

{
  "Event": {
    "analysis": "0",
    "date": "2016-04-07",
    "extends_uuid": "",
    "info": "Information stealer: Fareit",
    "publish_timestamp": "1460042099",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1460040823",
    "uuid": "57062927-2a54-4d6a-89c4-37ea950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      },
      {
        "colour": "#3b7500",
        "name": "circl:incident-classification=\"malware\""
      },
      {
        "colour": "#3c6b00",
        "name": "malware_classification:malware-category=\"Spyware\""
      }
    ],
    "Attribute": [
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import.",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021570",
        "to_ids": true,
        "type": "md5",
        "uuid": "57062942-b8fc-4a12-8f5d-350b950d210f",
        "value": "ffba9e9013909451f23d7ea516ec80ff"
      },
      {
        "category": "Network activity",
        "comment": "POST to C&C",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021776",
        "to_ids": true,
        "type": "url",
        "uuid": "57062973-e488-4ed1-b3c6-350b950d210f",
        "value": "http://fifterax.com/2Ty8AT8522zaRo9R/r56.php"
      },
      {
        "category": "Network activity",
        "comment": "C&C",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021764",
        "to_ids": true,
        "type": "domain",
        "uuid": "57062973-bddc-47cd-854e-350b950d210f",
        "value": "fifterax.com"
      },
      {
        "category": "Network activity",
        "comment": "C&C",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021767",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "57062973-617c-4e3e-b1e8-350b950d210f",
        "value": "185.130.7.22"
      },
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import. - Xchecked via VT: ffba9e9013909451f23d7ea516ec80ff",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021669",
        "to_ids": true,
        "type": "sha256",
        "uuid": "570629a5-58a0-4f82-8749-37e902de0b81",
        "value": "a114ce56629d3ed70daba6ad3547d0b553dd35c36522095b3e5c00b93aa9f6fa"
      },
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import. - Xchecked via VT: ffba9e9013909451f23d7ea516ec80ff",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021669",
        "to_ids": true,
        "type": "sha1",
        "uuid": "570629a5-8178-4f37-a97f-37e902de0b81",
        "value": "31805888004757d7392aee4d4b9f31846acc0cb0"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021670",
        "to_ids": false,
        "type": "link",
        "uuid": "570629a6-f4e4-45fb-9577-37e902de0b81",
        "value": "https://www.virustotal.com/file/a114ce56629d3ed70daba6ad3547d0b553dd35c36522095b3e5c00b93aa9f6fa/analysis/1460012435/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460021971",
        "to_ids": false,
        "type": "url",
        "uuid": "57062ad3-36a4-42c1-b85b-8ef7950d210f",
        "value": "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fFareit"
      },
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import.",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460040784",
        "to_ids": true,
        "type": "sha1",
        "uuid": "57067450-99dc-4c1d-aa61-350c950d210f",
        "value": "7e607d0bca60d0d67ddb90f418300e93db4b69bc"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460040823",
        "to_ids": false,
        "type": "link",
        "uuid": "57067477-ad4c-4578-8559-351102de0b81",
        "value": "https://www.virustotal.com/file/a114ce56629d3ed70daba6ad3547d0b553dd35c36522095b3e5c00b93aa9f6fa/analysis/1460034082/"
      },
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import. - Xchecked via VT: 7e607d0bca60d0d67ddb90f418300e93db4b69bc",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460040824",
        "to_ids": true,
        "type": "sha256",
        "uuid": "57067478-6fa0-47e4-a9fd-351102de0b81",
        "value": "aad7d08ccd79f759700488e21a5b8f45b81171cc9d7dc7882692ce32bd8376a4"
      },
      {
        "category": "Payload delivery",
        "comment": "Imported via the freetext import. - Xchecked via VT: 7e607d0bca60d0d67ddb90f418300e93db4b69bc",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460040824",
        "to_ids": true,
        "type": "md5",
        "uuid": "57067478-9a00-48a9-9517-351102de0b81",
        "value": "1261e89e44ab25b60c77a3f69318c567"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1460040824",
        "to_ids": false,
        "type": "link",
        "uuid": "57067478-72d8-4065-887c-351102de0b81",
        "value": "https://www.virustotal.com/file/aad7d08ccd79f759700488e21a5b8f45b81171cc9d7dc7882692ce32bd8376a4/analysis/1460039250/"
      }
    ]
  }
}