misp-circl-feed/feeds/circl/misp/5b1e9c95-75a8-4132-93e5-58ed0acd0835.json

{
  "Event": {
    "analysis": "2",
    "date": "2018-06-07",
    "extends_uuid": "",
    "info": "Trend Micro Blog: New KillDisk Variant Hits Latin American Financial Organizations Again",
    "publish_timestamp": "1589184029",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1621849776",
    "uuid": "5b1e9c95-75a8-4132-93e5-58ed0acd0835",
    "Orgc": {
      "name": "Synovus Financial",
      "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:tool=\"KillDisk Wiper\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528732831",
        "to_ids": false,
        "type": "link",
        "uuid": "5b1e9c9f-b7cc-4e7e-a82e-a34d0acd0835",
        "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-latin-american-financial-organizations-again/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528974652",
        "to_ids": false,
        "type": "link",
        "uuid": "5b224d3c-47c8-4350-ba6c-adb2950d210f",
        "value": "https://www.flashpoint-intel.com/blog/banco-de-chile-mbr-killler-reveals-hidden-nexus-buhtrap/"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "11",
        "timestamp": "1528734296",
        "uuid": "5b1e9ce9-3bdc-4c77-b177-ef180acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1528732905",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b1e9ce9-bcb0-4b28-af93-ef180acd0835",
            "value": "9e33143916f648ec338f209eb0bd4789"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1528732905",
            "to_ids": false,
            "type": "text",
            "uuid": "5b1e9ce9-fbfc-4d4a-8388-ef180acd0835",
            "value": "TROJ_KILLMBR.EE"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1528732905",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b1e9ce9-18f4-4b88-95d0-ef180acd0835",
            "value": "a3f2c60aa5af9d903a31ec3c1d02eeeb895c02fcf3094a049a3bdf3aa3d714c8"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1528732905",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b1e9ce9-9fec-493a-9f6d-ef180acd0835",
            "value": "2aa3803869edee7fa1ab7cf96d992ccfecc89e7b"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1528732905",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b1e9ce9-c4f4-493b-912a-ef180acd0835",
            "value": "24576:RFquItQkg9t8RLlwGcGZ7fgOUe9UEnc1ykkkVVqWyvLMekOc:RF3ItQz9pda7f35ncIsbHyIe"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1528732905",
            "to_ids": false,
            "type": "text",
            "uuid": "5b1e9ce9-ae6c-433e-bbf3-ef180acd0835",
            "value": "Malicious"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "11",
        "timestamp": "1528734313",
        "uuid": "5b1e9d13-fc1c-4e57-b621-7e220acd0835",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1528732947",
            "to_ids": true,
            "type": "md5",
            "uuid": "5b1e9d13-f870-4e95-a036-7e220acd0835",
            "value": "c1831baa5505f5a557380e0ab3f60f48"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1528732947",
            "to_ids": false,
            "type": "text",
            "uuid": "5b1e9d13-7330-44a8-b71b-7e220acd0835",
            "value": "TROJ_KILLDISK.IUE"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1528732947",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b1e9d13-2ff4-4b9e-9deb-7e220acd0835",
            "value": "1a09b182c63207aa6988b064ec0ee811c173724c33cf6dfe36437427a5c23446"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1528732947",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5b1e9d13-5eec-4052-8593-7e220acd0835",
            "value": "2766d7eaf2003f435f1a868b3687355823d34470"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ssdeep",
            "timestamp": "1528732947",
            "to_ids": true,
            "type": "ssdeep",
            "uuid": "5b1e9d13-abfc-4193-9062-7e220acd0835",
            "value": "12288:OKBvYh1y8HO4CckkbSsSqq1Z+yBBFBMekSflStF0hUHegbcyFS:fc1ykkkVVqWyvLMekYoS"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1528732947",
            "to_ids": false,
            "type": "text",
            "uuid": "5b1e9d13-0454-4b30-95ab-7e220acd0835",
            "value": "Malicious"
          }
        ]
      }
    ]
  }
}