misp-circl-feed/feeds/circl/misp/5d108cdd-eae4-471e-b0ca-7ad4950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT -  Felipe, a new infostealer Trojan", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#284800", "exportable": true, "name": "malware_classification:malware-category=\"Trojan\""}, {"colour": "#500064", "exportable": true, "name": "ms-caro-malware:malware-type=\"Trojan\""}, {"colour": "#00183c", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Trojan\""}, {"colour": "#004f4f", "exportable": true, "name": "ecsirt:malicious-code=\"trojan\""}, {"colour": "#5a0041", "exportable": true, "name": "CERT-XLM:malicious-code=\"trojan-malware\""}, {"colour": "#bd472d", "exportable": true, "name": "keylogger/infostealer"}, {"colour": "#e7007d", "exportable": true, "name": "workflow:state=\"incomplete\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}], "publish_timestamp": "0", "timestamp": "1563527786", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d109029-f448-4859-b7c3-acd8950d210f", "sharing_group_id": "0", "timestamp": "1563527779", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "5d109029-f448-4859-b7c3-acd8950d210f", "uuid": "5d318a64-ab70-46b3-a836-478802de0b81", "timestamp": "1563527780", "referenced_uuid": "ecc0c45a-2208-4171-a606-ccacbe28b955", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d109029-0080-4cca-aa98-acd8950d210f", "timestamp": "1561371771", "to_ids": true, "value": "vshost.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109034-4474-44fc-8b1a-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\vshost.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109036-d118-485b-b410-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\vshost.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109036-372c-462d-a643-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109037-0f64-4ced-80e0-acd8950d210f", "timestamp": "1561371771", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5d10a47b-08ec-4f3f-8f7c-429e950d210f", "timestamp": "1561371771", "to_ids": true, "value": "15ce8f849fff4cc8675900ec838a93f9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d1092e1-eb28-463b-83ec-47da950d210f", "sharing_group_id": "0", "timestamp": "1563527780", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "5d1092e1-eb28-463b-83ec-47da950d210f", "uuid": "5d318a64-760c-4068-8cd1-400e02de0b81", "timestamp": "1563527780", "referenced_uuid": "02aee86e-c588-4ea9-bd2e-aef1535846cd", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d1092e2-b6b4-47b7-856b-47b9950d210f", "timestamp": "1561369949", "to_ids": true, "value": "explorer32.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "Win XP", "category": "Other", "uuid": "5d1092f0-0ba0-439a-8b71-4e50950d210f", "timestamp": "1561369949", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\explorer32.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d1092fa-3280-45e9-9b95-4a15950d210f", "timestamp": "1561369949", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\explorer32.exe", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109301-ba80-4f80-9f6f-4a7d950d210f", "timestamp": "1561369949", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109308-c858-4bdf-a23f-4aee950d210f", "timestamp": "1561369949", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5d109d62-2fe4-4e0a-83b7-13d5950d210f", "timestamp": "1561369954", "to_ids": true, "value": "d912771c8cd5720ad835e08eb80a77b6", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d10960d-6330-4179-8a72-34c0950d210f", "sharing_group_id": "0", "timestamp": "1561369802", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d10960d-9f08-4695-ae75-34c0950d210f", "timestamp": "1561369802", "to_ids": true, "value": "install2.bat", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109627-91a8-44b2-b04a-34c0950d210f", "timestamp": "1561369802", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\install2.bat", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109636-923c-4c27-8fb6-34c0950d210f", "timestamp": "1561369802", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\install2.bat", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109638-b3ec-4240-8101-34c0950d210f", "timestamp": "1561369802", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d109641-efc0-4598-bb35-34c0950d210f", "timestamp": "1561369802", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5d109cd8-0774-449c-b5d9-856d950d210f", "timestamp": "1561369816", "to_ids": true, "value": "7d016a3bb29904a6e00161694fc6ab4e", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d10968d-e280-472b-9a3f-55b2950d210f", "sharing_group_id": "0", "timestamp": "1561368205", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d10968d-4ac4-4863-84eb-55b2950d210f", "timestamp": "1561368205", "to_ids": true, "value": "infect.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "Win XP", "category": "Other", "uuid": "5d109698-4c14-4c50-92b5-55b2950d210f", "timestamp": "1561368216", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\infect.txt", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d10969b-4e24-43cc-94f9-55b2950d210f", "timestamp": "1561368219", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\infect.txt", "disable_correlation": false, "object_relation": "fullpath", "type": "text"}, {"comment": "Win XP", "category": "Other", "uuid": "5d1096a3-37a4-4f7f-8d6a-55b2950d210f", "timestamp": "1561368227", "to_ids": false, "value": "%UserProfile%\\Local Settings\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}, {"comment": "Win7/Win10", "category": "Other", "uuid": "5d1096a8-8b14-447b-bc8f-55b2950d210f", "timestamp": "1561368232", "to_ids": false, "value": "%UserProfile%\\AppData\\Local\\Temp\\", "disable_correlation": true, "object_relation": "path", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5d10a495-ca5c-4920-bb2d-4e7a950d210f", "sharing_group_id": "0", "timestamp": "1561371797", "description": "File object describing a file with meta-information", "template_version": "17", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5d10a495-0414-4641-b311-4ab2950d210f", "timestamp": "1561371797", "to_ids": true, "value": "down.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5d10a495-43d8-4a72-9e4c-45be950d210f", "timestamp": "1561371797", "to_ids": true, "value": "61b06e49d514f3dc5be4f4ef08f6b43c", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "88a609e6-3d3d-4325-bac6-6be3cd920d7b", "sharing_group_id": "0", "timestamp": "1563442899", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "88a609e6-3d3d-4325-bac6-6be3cd920d7b", "uuid": "5d303ed6-7514-414e-a8d3-41da950d210f", "timestamp": "1563442902", "referenced_uuid": "855e4596-70af-4ec9-8471-2efd8ba7ea66", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "1ba46b38-57cf-4a69-afe0-c28db8b258a9", "timestamp": "1561371771", "to_ids": true, "value": "15ce8f849fff4cc8675900ec838a93f9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "0ad05df2-58cb-4da1-a2d5-825366feaee4", "timestamp": "1561371771", "to_ids": true, "value": "5089aa7a2895e07a9f182a77407f8d7570c7ad56", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "c7683199-aca8-4b53-8967-5c1812f37a30", "timestamp": "1561371771", "to_ids": true, "value": "bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "855e4596-70af-4ec9-8471-2efd8ba7ea66", "sharing_group_id": "0", "timestamp": "1563442899", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "cbaec671-305f-4f57-aef0-4cd165490955", "timestamp": "1561371771", "to_ids": false, "value": "2019-06-19 21:05:11", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "05e95691-153a-4e2d-8120-a6da025b555a", "timestamp": "1561371771", "to_ids": false, "value": "https://www.virustotal.com/file/bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1/analysis/1560978311/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "e402f89d-c139-423b-90a9-9432114dd561", "timestamp": "1561371771", "to_ids": false, "value": "46/72", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "0b40b29f-6b71-4cfb-b529-2b30ea155b66", "sharing_group_id": "0", "timestamp": "1563442900", "description": "File object describing a file with meta-information", "template_version": "17", "ObjectReference": [{"comment": "", "object_uuid": "0b40b29f-6b71-4cfb-b529-2b30ea155b66", "uuid": "5d303ed6-b224-4463-8f20-494c950d210f", "timestamp": "1563442902", "referenced_uuid": "25782699-9e62-4a5c-a1d3-f6bbdcec04cb", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "ef7a7b50-8090-44f1-82ee-dabd43edf012", "timestamp": "1561369954", "to_ids": true, "value": "d912771c8cd5720ad835e08eb80a77b6", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "dc171c43-3279-42fd-93ee-2a1ee012896c", "timestamp": "1561369954", "to_ids": true, "value": "24767b14ab8ab53a3194ad16ba65cf9a5e2279e7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "3a2ebad6-0734-4a9d-ad91-93204dc08e9a", "timestamp": "1561369954", "to_ids": true, "value": "ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "25782699-9e62-4a5c-a1d3-f6bbdcec04cb", "sharing_group_id": "0", "timestamp": "1563442901", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "ee2f27a1-5677-47a6-8e25-ddc8113659fb", "timestamp": "1561369954", "to_ids": false, "value": "2019-06-20 22:19:40", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "ad6c4b04-e40b-4195-83ae-3320c5554afd", "timestamp": "1561369954", "to_ids": false, "value": "https://www.virustotal.com/file/ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d/analysis/1561069180/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "48eda93b-9a4a-4564-95b5-0bf61abfd7ff", "timestamp": "1561369954", "to_ids": false, "value": "48/72", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "02aee86e-c588-4ea9-bd2e-aef1535846cd", "sharing_group_id": "0", "timestamp": "1563527780", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "a34f65ae-9d55-4730-b4bc-d9743afa3bd9", "timestamp": "1561369954", "to_ids": false, "value": "2019-06-20 22:19:40", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "749ba503-e2a8-4491-8c9c-0e607d2cd3dc", "timestamp": "1561369954", "to_ids": false, "value": "https://www.virustotal.com/file/ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d/analysis/1561069180/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "c9a70846-ec1a-4716-85a2-18ae57937c17", "timestamp": "1561369954", "to_ids": false, "value": "48/72", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "ecc0c45a-2208-4171-a606-ccacbe28b955", "sharing_group_id": "0", "timestamp": "1563527780", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "7f93341a-29e0-4a52-b71a-15b07b632f4a", "timestamp": "1561371771", "to_ids": false, "value": "2019-06-19 21:05:11", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "Payload delivery", "uuid": "f3e93485-3178-490f-a77a-0412f6d09e1a", "timestamp": "1561371771", "to_ids": false, "value": "https://www.virustotal.com/file/bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1/analysis/1560978311/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "52fb0fb6-0dce-4d09-a876-820f06f4762d", "timestamp": "1561371771", "to_ids": false, "value": "46/72", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5d109aae-7258-4c36-82d2-349d950d210f", "timestamp": "1561369262", "to_ids": true, "value": "192.99.215.95", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "Download URLs", "category": "Network activity", "uuid": "5d10a4dd-9130-4c72-b3ec-482d950d210f", "timestamp": "1561371869", "to_ids": true, "value": "192.99.215.95/uploads", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Download URLs", "category": "Network activity", "uuid": "5d10a4dd-8900-4d2d-89a9-4b84950d210f", "timestamp": "1561371869", "to_ids": true, "value": "inmemory.tech", "disable_correlation": false, "object_relation": null, "type": "domain"}], "extends_uuid": "", "published": false, "date": "2019-06-20", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5d108cdd-eae4-471e-b0ca-7ad4950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink