{"Event":{"info":"OSINT - \u201cTick\u201d Group Continues Attacks","Tag":[{"colour":"#004646","exportable":true,"name":"type:OSINT"},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"publish_timestamp":"0","timestamp":"1503667632","analysis":"2","Attribute":[{"comment":"","category":"External analysis","uuid":"59a0221a-ef98-492f-a41f-7fe0950d210f","timestamp":"1503667624","to_ids":false,"value":"https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"link"},{"comment":"","category":"External analysis","uuid":"59a02236-ddb0-47c8-95b4-db90950d210f","timestamp":"1503667624","to_ids":false,"value":"The \u201cTick\u201d group has conducted cyber espionage attacks against organizations in the Republic of Korea and Japan for several years. The group focuses on companies that have intellectual property or sensitive information like those in the Defense and High-Tech industries. The group is known to use custom malware called Daserf, but also employs multiple commodity and custom tools, exploit vulnerabilities, and use social engineering techniques.\r\n\r\nRegarding the command and control (C2) infrastructure, Tick previously used domains registered through privacy protection services to keep their anonymity, but have moved to compromised websites in recent attacks. With multiple tools and anonymous infrastructure, they are running longstanding and persistent attack campaigns. We have observed that the adversary has repeatedly attacked a high-profile target in Japan using multiple malware families for the last three years.","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"comment"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-f024-4763-a91a-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-44e8-4d6f-8ffb-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-db5c-46a6-8d0d-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-3e08-487c-bf2e-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-c580-4a84-83a2-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Daserf","category":"Payload delivery","uuid":"59a02292-9a34-4d31-a50a-d9c4950d210f","timestamp":"1503667624","to_ids":true,"value":"01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46","disable_correlation":false,"object_relation":null,"type":"sha256"},{"comment":"Invader","category":"Payload delivery","uuid":"59a02342-c370-4577-a8ec-d9c2950d210f","timestamp":"1503667624","to_ids":true,"value":"0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287","disable_correlation":false,"object_relation"
