misp-circl-feed/feeds/circl/misp/5c687cb3-08c4-46d3-9981-093702de0b81.json

695 lines
No EOL
23 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2019-02-16",
"extends_uuid": "",
"info": "Fake amf-fr.org website delivering malicious Word document and binaries",
"publish_timestamp": "1550352334",
"published": true,
"threat_level_id": "3",
"timestamp": "1550352213",
"uuid": "5c687cb3-08c4-46d3-9981-093702de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"",
"relationship_type": ""
},
{
"colour": "#6edb00",
"local": "0",
"name": "circl:topic=\"finance\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "Warning issued",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351584",
"to_ids": false,
"type": "link",
"uuid": "5c687ce0-c8a8-403a-8182-0a7902de0b81",
"value": "https://www.amf-france.org/en_US/Actualites/Communiques-de-presse/AMF/annee-2018?docId=workspace%3A%2F%2FSpacesStore%2F3d58f35b-f448-438e-9923-cd6e8e903fc0"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351605",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c687cf5-6ed8-4a61-b92f-444d02de0b81",
"value": "51.38.150.171"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-6974-4753-90ef-4ca302de0b81",
"value": "http://amf-fr.org/d1.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-df04-49a6-bd7d-4de102de0b81",
"value": "http://amf-fr.org/files/litigations/complaint-96.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-b928-4705-aa8e-4c1e02de0b81",
"value": "http://amf-fr.org/litigations/complaint-201.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-7354-4f21-940d-4eb402de0b81",
"value": "http://amf-fr.org/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-0670-42ad-b4ba-4a1d02de0b81",
"value": "http://www.amf-fr.org/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-60e8-40ad-bba5-419602de0b81",
"value": "https://amf-fr.org/files/litigations/complaint-96.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-b814-49f9-a110-488102de0b81",
"value": "https://amf-fr.org/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-1480-41fb-9406-437002de0b81",
"value": "https://www.amf-fr.org/documents/document-a1657.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-f0cc-4229-87cc-49ec02de0b81",
"value": "https://www.amf-fr.org/litigations/compliant-201.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351676",
"to_ids": true,
"type": "url",
"uuid": "5c687d3c-89e8-4e4e-a36d-4f9f02de0b81",
"value": "https://www.amf-fr.org/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351743",
"to_ids": true,
"type": "md5",
"uuid": "5c687d7f-c2c4-40f2-aaf6-4ddf02de0b81",
"value": "efbcffc10763a287bdedfb6e892ae20c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351744",
"to_ids": true,
"type": "sha1",
"uuid": "5c687d80-4cc0-4ca7-875e-44a702de0b81",
"value": "0dfe75a01e525bc599dff0c17204129b7ac3a437"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351744",
"to_ids": true,
"type": "sha256",
"uuid": "5c687d80-c348-4494-8fc8-4d1502de0b81",
"value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351799",
"to_ids": true,
"type": "sha256",
"uuid": "5c687db7-0758-4215-ac9f-0a7902de0b81",
"value": "49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351799",
"to_ids": true,
"type": "sha256",
"uuid": "5c687db7-abdc-465d-b2a1-0a7902de0b81",
"value": "d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351799",
"to_ids": true,
"type": "sha256",
"uuid": "5c687db7-b9e0-4080-a8e6-0a7902de0b81",
"value": "1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1550352087",
"uuid": "06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "06d5a45f-c38b-432c-b5ed-ae6d4678d1b3",
"referenced_uuid": "4727229f-b670-4858-96fd-767498563eb3",
"relationship_type": "analysed-with",
"timestamp": "1550352088",
"uuid": "5c687ed8-c534-48b5-987d-41de02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1550352087",
"to_ids": true,
"type": "md5",
"uuid": "b87d66f4-c54c-4ec5-bade-dba4cc919c24",
"value": "efbcffc10763a287bdedfb6e892ae20c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1550352087",
"to_ids": true,
"type": "sha1",
"uuid": "74c5d71e-542d-4e1f-bc3e-610ee428c2e1",
"value": "0dfe75a01e525bc599dff0c17204129b7ac3a437"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1550352087",
"to_ids": true,
"type": "sha256",
"uuid": "4ee3d5a5-a7b8-4b6a-8628-fcf26d7a7ad8",
"value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1550352087",
"uuid": "4727229f-b670-4858-96fd-767498563eb3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1550352087",
"to_ids": false,
"type": "datetime",
"uuid": "9855c53c-9fa6-4ddc-8d31-1289c1de6275",
"value": "2019-02-15T11:14:58"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1550352087",
"to_ids": false,
"type": "link",
"uuid": "75ebbd07-bb66-4db7-af0b-5b506c6c3a3b",
"value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1550352087",
"to_ids": false,
"type": "text",
"uuid": "1c675ba2-05ca-4790-82bd-bdd2049c0914",
"value": "33/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1550352087",
"uuid": "eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
"ObjectReference": [
{
"comment": "",
"object_uuid": "eed1fbf3-e607-459f-acaa-2c6e95ed0b35",
"referenced_uuid": "dce07551-b2f6-465f-8974-3641d201f213",
"relationship_type": "analysed-with",
"timestamp": "1550352088",
"uuid": "5c687ed8-7c84-4037-9a6f-435602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1550352087",
"to_ids": true,
"type": "md5",
"uuid": "b03d3ee3-4ab2-4f95-b711-7af5638698bd",
"value": "28202ac7689aaef894840c773b7e1e56"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1550352087",
"to_ids": true,
"type": "sha1",
"uuid": "d327283e-a12a-43ae-89cc-489fbad5424f",
"value": "b0f4377953f59ba0d5b295861e2ab7fc5c6d03de"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1550352087",
"to_ids": true,
"type": "sha256",
"uuid": "50893ddf-96e2-4497-a719-854b843b8d84",
"value": "49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1550352087",
"uuid": "dce07551-b2f6-465f-8974-3641d201f213",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1550352087",
"to_ids": false,
"type": "datetime",
"uuid": "f9a9b973-ba12-4fc6-afff-200d07e7e703",
"value": "2019-02-14T09:56:32"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1550352087",
"to_ids": false,
"type": "link",
"uuid": "5e41e640-8995-4536-ab09-da2fc06c37b5",
"value": "https://www.virustotal.com/file/49103f5c7a5b78c32e56dea67259724c643611a05b49b02ff2653a7c77855eb0/analysis/1550138192/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1550352087",
"to_ids": false,
"type": "text",
"uuid": "455f9992-cfd2-43bc-a839-a9072fcaafc3",
"value": "0/54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1550352087",
"uuid": "87116905-ee45-4287-a160-b0a4394d7a72",
"ObjectReference": [
{
"comment": "",
"object_uuid": "87116905-ee45-4287-a160-b0a4394d7a72",
"referenced_uuid": "41e5f71c-fa1c-4134-b00b-02000993764b",
"relationship_type": "analysed-with",
"timestamp": "1550352088",
"uuid": "5c687ed8-0740-4293-a310-4bca02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1550352088",
"to_ids": true,
"type": "md5",
"uuid": "484684d4-9bb6-405b-a851-e2f82e95353f",
"value": "11df89bd965bbd85bed31b90f1481312"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1550352088",
"to_ids": true,
"type": "sha1",
"uuid": "38d05afb-c34a-46df-b841-5bbae3c49555",
"value": "79ee5019cebead10c6527e2531e7b0ee69322405"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1550352088",
"to_ids": true,
"type": "sha256",
"uuid": "184a57fe-d9c3-4d20-bfd5-82ce76f71327",
"value": "1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1550352088",
"uuid": "41e5f71c-fa1c-4134-b00b-02000993764b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1550352088",
"to_ids": false,
"type": "datetime",
"uuid": "5e121da8-35b8-43a9-a3c5-7e8775bcff8a",
"value": "2018-11-29T14:41:31"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1550352088",
"to_ids": false,
"type": "link",
"uuid": "b2067c10-5f14-4cf3-9588-c5027f9c3a62",
"value": "https://www.virustotal.com/file/1d8a807e9a64243de7f9f5171371b06abc5f056554c5fbfef7052bdbcd0f844a/analysis/1543502491/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1550352088",
"to_ids": false,
"type": "text",
"uuid": "a15b1066-3af7-4989-a398-7b6615d82931",
"value": "0/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1550352088",
"uuid": "fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fcef97bb-467e-4d5c-962b-9f328dc1f3e9",
"referenced_uuid": "3128ae45-b4ce-4757-8b61-047167aed701",
"relationship_type": "analysed-with",
"timestamp": "1550352088",
"uuid": "5c687ed8-c000-4810-98d3-427802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1550352088",
"to_ids": true,
"type": "md5",
"uuid": "244cf256-4250-4a0e-8be0-b128c471999e",
"value": "8ec83dba30c4f4d014899fbcc9a78171"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1550352088",
"to_ids": true,
"type": "sha1",
"uuid": "94fb8269-2e6a-40bd-9d8a-4c7d9267bc3d",
"value": "96a942174c55f5f3ab7236eb7e3ac549b67c88db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1550352088",
"to_ids": true,
"type": "sha256",
"uuid": "504edc20-740b-47ca-bc2e-6f051d7973b4",
"value": "d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1550352088",
"uuid": "3128ae45-b4ce-4757-8b61-047167aed701",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1550352088",
"to_ids": false,
"type": "datetime",
"uuid": "4930b271-4207-4c55-98ee-b2ad7aad0333",
"value": "2018-11-30T10:14:04"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1550352088",
"to_ids": false,
"type": "link",
"uuid": "69e9a82f-bfbd-401e-bd63-ae39bfcaab3e",
"value": "https://www.virustotal.com/file/d57f128afb4843b6f0072fadda8dd14046b31703098e365bc5a226e117090d44/analysis/1543572844/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1550352088",
"to_ids": false,
"type": "text",
"uuid": "95e48f3e-8da2-4521-b203-dbe94341995f",
"value": "30/59"
}
]
}
]
}
}