misp-circl-feed/feeds/circl/misp/55c9108c-43b4-4b9e-8cfb-4837950d210b.json

699 lines
21 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2015-08-10",
"extends_uuid": "",
"info": "OSINT Darkhotel\u00e2\u20ac\u2122s attacks in 2015 by Kaspersky",
"publish_timestamp": "1498162871",
"published": true,
"threat_level_id": "2",
"timestamp": "1498162829",
"uuid": "55c9108c-43b4-4b9e-8cfb-4837950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0fbf00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"darkhotel\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241077",
"to_ids": false,
"type": "link",
"uuid": "55c91375-73b4-4930-bd0a-40d6950d210b",
"value": "https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241120",
"to_ids": true,
"type": "md5",
"uuid": "55c913a0-1734-42af-bb25-80e8950d210b",
"value": "021685613fb739dec7303247212c3b09"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241121",
"to_ids": true,
"type": "md5",
"uuid": "55c913a1-a6e8-433c-a1ef-80e8950d210b",
"value": "1ee3dfce97ab318b416c1ba7463ee405"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241121",
"to_ids": true,
"type": "md5",
"uuid": "55c913a1-1954-413d-abe6-80e8950d210b",
"value": "2899f4099c76232d6362fd62ab730741"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241121",
"to_ids": true,
"type": "md5",
"uuid": "55c913a1-8264-46d8-9e5b-80e8950d210b",
"value": "2dee887b20a06b8e556e878c62e46e13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241121",
"to_ids": true,
"type": "md5",
"uuid": "55c913a1-9c28-4bcf-993a-80e8950d210b",
"value": "6b9e9b2dc97ff0b26a8a61ba95ca8ff6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241121",
"to_ids": true,
"type": "md5",
"uuid": "55c913a1-4ea4-4d99-89c8-80e8950d210b",
"value": "852a9411a949add69386a72805c8cb05"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241122",
"to_ids": true,
"type": "md5",
"uuid": "55c913a2-0f5c-43be-b081-80e8950d210b",
"value": "be59994b5008a0be48934a9c5771dfa5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241122",
"to_ids": true,
"type": "md5",
"uuid": "55c913a2-7f2c-4e41-855c-80e8950d210b",
"value": "e29693ce15acd552f1a0435e2d31d6df"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241122",
"to_ids": true,
"type": "md5",
"uuid": "55c913a2-1e40-4f4d-a5e7-80e8950d210b",
"value": "fa67142728e40a2a4e97ccc6db919f2b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241122",
"to_ids": true,
"type": "md5",
"uuid": "55c913a2-349c-4d44-bbf1-80e8950d210b",
"value": "fef8fda27deb3e950ba1a71968ec7466"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241122",
"to_ids": true,
"type": "md5",
"uuid": "55c913a2-a22c-4080-a9e5-80e8950d210b",
"value": "5c74db6f755555ea99b51e1c68e796f9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241123",
"to_ids": true,
"type": "md5",
"uuid": "55c913a3-c8c8-4200-82c1-80e8950d210b",
"value": "c3ae70b3012cc9b5c9ceb060a251715a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241123",
"to_ids": true,
"type": "md5",
"uuid": "55c913a3-0d68-4af8-9b8b-80e8950d210b",
"value": "560d68c31980c26d2adab7406b61c651"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241123",
"to_ids": true,
"type": "md5",
"uuid": "55c913a3-42ec-45e3-82e2-80e8950d210b",
"value": "da0717899e3ccc1ba0e8d32774566219"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241123",
"to_ids": true,
"type": "md5",
"uuid": "55c913a3-c8bc-49a1-8a8d-80e8950d210b",
"value": "d965a5b3548047da27b503029440e77f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241123",
"to_ids": true,
"type": "md5",
"uuid": "55c913a3-56e4-48c8-baa5-80e8950d210b",
"value": "dc0de14d9d36d13a6c8a34b2c583e70a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-6db4-47c5-8c12-80e8950d210b",
"value": "39562e410bc3fb5a30aca8162b20bdd0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-1088-4bdb-ae28-80e8950d210b",
"value": "e85e0365b6f77cc2e9862f987b152a89"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-0d74-40b4-92a4-80e8950d210b",
"value": "5e01b8bc78afc6ecb3376c06cbceb680"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-cda8-4138-b885-80e8950d210b",
"value": "61cc019c3141281073181c4ef1f4e524"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-78a0-47a3-8e73-80e8950d210b",
"value": "3d2e941ac48ae9d79380ca0f133f4a49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241124",
"to_ids": true,
"type": "md5",
"uuid": "55c913a4-9cb8-4fe6-83a2-80e8950d210b",
"value": "fc78b15507e920b3ee405f843f48a7b3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241125",
"to_ids": true,
"type": "md5",
"uuid": "55c913a5-39bc-409d-8659-80e8950d210b",
"value": "da360e94e60267dce08e6d47fc1fcecc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241125",
"to_ids": true,
"type": "md5",
"uuid": "55c913a5-645c-4492-b5a1-80e8950d210b",
"value": "33e278c5ba6bf1a545d45e17f7582512"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241125",
"to_ids": true,
"type": "md5",
"uuid": "55c913a5-20f8-420c-8699-80e8950d210b",
"value": "b1f56a54309147b07dda54623fecbb89"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241125",
"to_ids": true,
"type": "md5",
"uuid": "55c913a5-f1d0-4af7-9b7f-80e8950d210b",
"value": "009d85773d519a9a97129102d8116305"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241125",
"to_ids": true,
"type": "md5",
"uuid": "55c913a5-58e8-4fa9-ac73-80e8950d210b",
"value": "61637a0637fb25c53f396c305efa5dc5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241126",
"to_ids": true,
"type": "md5",
"uuid": "55c913a6-4bf0-4f4d-99cf-80e8950d210b",
"value": "a7e78fd4bf305509c2fc1b3706567acd"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241126",
"to_ids": true,
"type": "url",
"uuid": "55c913a6-3f24-4bea-813b-80e8950d210b",
"value": "tisone360.com/img_h/ims2/icon.swf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241126",
"to_ids": true,
"type": "url",
"uuid": "55c913a6-d320-4bbb-93f4-80e8950d210b",
"value": "tisone360.com/img_h/ims2/1.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241126",
"to_ids": true,
"type": "url",
"uuid": "55c913a6-24e0-42f6-8da7-80e8950d210b",
"value": "tisone360.com/img_h/ims2/icon.jpg"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241126",
"to_ids": true,
"type": "url",
"uuid": "55c913a6-34ac-4b63-998d-80e8950d210b",
"value": "tisone360.com/noname/img/movie.swf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-7ce0-46f1-a145-80e8950d210b",
"value": "tisone360.com/noname/minky/face.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-5e7c-45a1-8df9-80e8950d210b",
"value": "tisone360.com/htdoc/imageview.hta"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-4fd8-4d19-b7c1-80e8950d210b",
"value": "tisone360.com/htdoc/page1/page.html"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-55d8-4b84-9e93-80e8950d210b",
"value": "daily.enewsbank.net/wmpsrx64"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-8660-4c32-b7a0-80e8950d210b",
"value": "daily.enewsbank.net/newsviewer.hta"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241127",
"to_ids": true,
"type": "url",
"uuid": "55c913a7-3fe8-4cf8-a86a-80e8950d210b",
"value": "saytargetworld.net/season/nextpage.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241128",
"to_ids": true,
"type": "url",
"uuid": "55c913a8-a800-419b-b488-80e8950d210b",
"value": "sendspace.servermsys.com/wnctprx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241128",
"to_ids": true,
"type": "url",
"uuid": "55c913a8-b128-4465-a2c9-80e8950d210b",
"value": "error-page.net/update/load.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241128",
"to_ids": true,
"type": "url",
"uuid": "55c913a8-cca8-4a36-a11f-80e8950d210b",
"value": "photo.storyonboard.net/wmpsrx64"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241128",
"to_ids": true,
"type": "url",
"uuid": "55c913a8-1f84-4dc8-8c75-80e8950d210b",
"value": "photo.storyonboard.net/photoviewer.hta"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241128",
"to_ids": true,
"type": "url",
"uuid": "55c913a8-e548-4e4f-8c1d-80e8950d210b",
"value": "photo.storyonboard.net/readme.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241129",
"to_ids": true,
"type": "url",
"uuid": "55c913a9-3f60-491a-8976-80e8950d210b",
"value": "unionnewsreport.net/aeroflot_bonus/ticket.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241129",
"to_ids": true,
"type": "url",
"uuid": "55c913a9-4574-4206-94bf-80e8950d210b",
"value": "www.openofficev.info/xopen88/office2"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241129",
"to_ids": true,
"type": "url",
"uuid": "55c913a9-7f48-4e22-9f68-80e8950d210b",
"value": "www.openofficev.info/dec98/unzip.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241129",
"to_ids": true,
"type": "url",
"uuid": "55c913a9-619c-4130-adf3-80e8950d210b",
"value": "www.openofficev.info/open99/office32"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241129",
"to_ids": true,
"type": "url",
"uuid": "55c913a9-ed3c-4b88-8586-80e8950d210b",
"value": "www.openofficev.info/decod9/unzip.js"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439241173",
"to_ids": false,
"type": "text",
"uuid": "55c913d5-7290-4d28-8ddd-e8f5950d210b",
"value": "Dark Hotel"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857218",
"to_ids": true,
"type": "sha1",
"uuid": "56c69e42-9dd4-42c7-bd76-c654950d210f",
"value": "33911793dc1db6ea2f2271a3d4ef57a8f141abc1"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857222",
"to_ids": true,
"type": "sha1",
"uuid": "56c69e46-f08c-43a8-9d0d-c653950d210f",
"value": "a041c1ebd3851cd738ed8366feecb64ed180faa5"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857224",
"to_ids": true,
"type": "sha1",
"uuid": "56c69e48-cef4-4e4e-9296-c654950d210f",
"value": "cdaba7cea55bd490f9d152796db4c86d1d58d0da"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857226",
"to_ids": true,
"type": "sha1",
"uuid": "56c69e4a-26c8-4500-82ba-c650950d210f",
"value": "cfc9cf21598961be0a9598b61403e9206c24ea19"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via b1f56a54309147b07dda54623fecbb89)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857228",
"to_ids": true,
"type": "sha1",
"uuid": "56c69e4c-9778-4b87-af14-59a0950d210f",
"value": "c6e77cb10563d7c4dcb20d4c5a4ea16ef2f01ee8"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857220",
"to_ids": true,
"type": "sha256",
"uuid": "56c69e44-22ec-46fe-8fe9-5ca1950d210f",
"value": "7c3193439b8490403d3d5608bc7b85482b408c38cfcfbc4dcf4142eb32c8a7e0"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857223",
"to_ids": true,
"type": "sha256",
"uuid": "56c69e47-8ea4-4b1a-bdb7-4bea950d210f",
"value": "bfaa6490bee525a9ea6671e3a3e1b7041f4cbdc4f37e401587101d649d8db810"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857225",
"to_ids": true,
"type": "sha256",
"uuid": "56c69e49-804c-4755-9311-59a3950d210f",
"value": "03607dbb3b2d164ee2e1fb8a399a044fb1867e63cc6d64b7cfa06331ad1eb3cb"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857227",
"to_ids": true,
"type": "sha256",
"uuid": "56c69e4b-9a70-45c1-b63b-5ca1950d210f",
"value": "eca1437ededc3f8692516dc907a5bd4390bcc4be0ae65b5e261a1f5dd352d3ee"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via b1f56a54309147b07dda54623fecbb89)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455857229",
"to_ids": true,
"type": "sha256",
"uuid": "56c69e4d-35d4-485d-b591-599e950d210f",
"value": "9d480e8dd52b18dae237e48d88a621fa209b6c2ed43cc261de6a5b30d8c56b11"
}
]
}
}