adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c1803a3-43cc-4be7-83bf-42f202de0b81.json

384 lines
No EOL
13 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2018-12-17",
"extends_uuid": "",
"info": "OSINT - Password Protected ZIP with Maldoc",
"publish_timestamp": "1545078072",
"published": true,
"threat_level_id": "3",
"timestamp": "1545078053",
"uuid": "5c1803a3-43cc-4be7-83bf-42f202de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Hexnet.zip",
"deleted": false,
"disable_correlation": false,
"timestamp": "1545077693",
"to_ids": true,
"type": "sha256",
"uuid": "5c1803bd-1860-469e-9889-4a0702de0b81",
"value": "ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82"
},
{
"category": "Payload delivery",
"comment": "information.doc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1545077715",
"to_ids": true,
"type": "sha256",
"uuid": "5c1803d3-5b94-4a90-875b-424202de0b81",
"value": "56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f"
},
{
"category": "Network activity",
"comment": "URL Download",
"deleted": false,
"disable_correlation": false,
"timestamp": "1545077731",
"to_ids": true,
"type": "url",
"uuid": "5c1803e3-8844-4020-b766-42ba02de0b81",
"value": "http://duenexacch.com/tyclam/fressr.php?l=kanc13.tkn"
},
{
"category": "Payload delivery",
"comment": "Exe downloaded",
"deleted": false,
"disable_correlation": false,
"timestamp": "1545077753",
"to_ids": true,
"type": "sha256",
"uuid": "5c1803f9-9350-4d2e-bc74-480902de0b81",
"value": "58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0"
},
{
"category": "Network activity",
"comment": "Compromised hosts - delivering active payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1545077982",
"to_ids": true,
"type": "domain",
"uuid": "5c1804de-8730-4f3f-80de-4c40950d210f",
"value": "duenexacch.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1545077863",
"uuid": "161bfb70-2599-4628-b0c4-246e07f6dac0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1545077863",
"to_ids": true,
"type": "md5",
"uuid": "98aa846f-38c8-4b4f-b996-41cd160bced1",
"value": "bebc7c2db047676069461fea3d949342"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1545077864",
"to_ids": true,
"type": "sha1",
"uuid": "9f41b480-0cdd-437e-b432-46ff034394b4",
"value": "cdad1bc046bfc48708e6c6057404e8e4946a0116"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1545077864",
"to_ids": true,
"type": "sha256",
"uuid": "7b55ed79-8660-4fe6-9c8e-23a2e30cbe20",
"value": "ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1545077865",
"uuid": "7a783349-9afa-457c-b336-5463ee420eb4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1545077865",
"to_ids": false,
"type": "datetime",
"uuid": "196ecce0-1667-4013-81af-e6aa6d52a071",
"value": "2018-12-16T14:09:59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1545077866",
"to_ids": false,
"type": "link",
"uuid": "4a087ad4-c4b1-4e0f-a739-ee92b5f5ad7f",
"value": "https://www.virustotal.com/file/ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82/analysis/1544969399/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1545077866",
"to_ids": false,
"type": "text",
"uuid": "30ddf8bc-d94a-42e4-8ac5-688aa1094401",
"value": "0/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1545077866",
"uuid": "8d2a9cad-bcd5-4083-8e39-6d0cdf7ca350",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1545077866",
"to_ids": true,
"type": "md5",
"uuid": "376616c3-4a7e-454e-ae96-2ce1335faede",
"value": "d7c488bb060946d88abcfe76a60e5900"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1545077867",
"to_ids": true,
"type": "sha1",
"uuid": "becfdb5b-419c-4cb1-aefd-d981e9196a2a",
"value": "a406c70269a0383c961571ecaf6868f8fe396e4c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1545077867",
"to_ids": true,
"type": "sha256",
"uuid": "17624b67-34cb-44cd-bc9a-d454110a448f",
"value": "58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1545077868",
"uuid": "d40df9c4-c23b-4d33-b946-a83d03b1ed8c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1545077868",
"to_ids": false,
"type": "datetime",
"uuid": "e97b2079-b298-44e8-ba34-41fc38fa2b1d",
"value": "2018-12-13T22:49:45"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1545077868",
"to_ids": false,
"type": "link",
"uuid": "2dcdfa7c-3e60-416b-ad43-8103061c7356",
"value": "https://www.virustotal.com/file/58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0/analysis/1544741385/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1545077869",
"to_ids": false,
"type": "text",
"uuid": "4a28b206-0367-440a-b534-3f83bdec369e",
"value": "3/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1545077869",
"uuid": "ab69f10d-ebab-44ce-a3aa-b4c367969a84",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1545077869",
"to_ids": true,
"type": "md5",
"uuid": "0083ddf6-ec6e-49c0-9ec2-afb1f9d93390",
"value": "32085e482ede71ee5b9e3cb2b264b71d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1545077869",
"to_ids": true,
"type": "sha1",
"uuid": "c4d391a5-1167-462c-aa94-54248adab2d8",
"value": "dfbfc78fd370bd5e984862c5369c2be0639b9e2b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1545077870",
"to_ids": true,
"type": "sha256",
"uuid": "49086846-f75f-4d73-b993-4f6364d8da0f",
"value": "56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1545077870",
"uuid": "050ae440-0b4d-40b4-be6c-049a08c3cccf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1545077870",
"to_ids": false,
"type": "datetime",
"uuid": "ddad9a62-5dda-450a-ba6a-e097d8e1973f",
"value": "2018-12-16T14:15:13"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1545077871",
"to_ids": false,
"type": "link",
"uuid": "fd4e3c7b-d81c-498b-b19c-b28fa44dd27f",
"value": "https://www.virustotal.com/file/56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f/analysis/1544969713/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1545077871",
"to_ids": false,
"type": "text",
"uuid": "75e365bb-ab56-44ed-a8ae-c0774bead7a7",
"value": "36/57"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink