2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2015-12-01" ,
"extends_uuid" : "" ,
"info" : "OSINT - PlugX-\u00d1\u201a \u00d3\u00a9\u00d1\u20ac\u00d1\u201a\u00d1\u0081\u00d3\u00a9\u00d0\u00bd \u00d1\u0081\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b5\u00d0\u00bc\u00d0\u00b8\u00d0\u00b9\u00d0\u00b3 \u00d1\u2020\u00d1\u008d\u00d0\u00b2\u00d1\u008d\u00d1\u20ac\u00d0\u00bb\u00d1\u008d\u00d1\u2026 \u00d0\u00bd\u00d1\u0152" ,
"publish_timestamp" : "1448956534" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1448956368" ,
"uuid" : "565d5025-a6bc-4a5f-b19b-a175950d210b" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956064" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "565d50a0-00c4-44a3-a0d7-ebbc950d210b" ,
"value" : "http://blog.safebit.mn/2015/11/plugx.html"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956109" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "565d50cd-7a1c-4ee9-90e3-c759950d210b" ,
"value" : "45.32.64.183"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956110" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "565d50ce-736c-44e8-8cd0-c759950d210b" ,
"value" : "104.207.152.11"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956110" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "565d50ce-3a40-4ad0-b0aa-c759950d210b" ,
"value" : "98.126.24.12"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956110" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "565d50ce-1e74-4ef6-8aca-c759950d210b" ,
"value" : "173.208.206.172"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956189" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "565d511d-256c-4ed1-a7a7-a18a950d210b" ,
"value" : "catologipdate.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956190" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "565d511e-0044-404a-af6e-a18a950d210b" ,
"value" : "google.lookipv6.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956245" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5155-d3e8-41e0-a5b5-ed8e950d210b" ,
"value" : "teever.mn"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956245" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5155-ad04-4be9-bf41-ed8e950d210b" ,
"value" : "goodmongol.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956245" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5155-f11c-4a5a-bb67-ed8e950d210b" ,
"value" : "baatarhuu.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956246" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5156-698c-46f3-873f-ed8e950d210b" ,
"value" : "mongolbaatar.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956246" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5156-0bc0-48e1-a9c8-ed8e950d210b" ,
"value" : "mol-government.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956247" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5157-875c-49f2-85d6-ed8e950d210b" ,
"value" : "molnews.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956247" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5157-9c84-455a-b1db-ed8e950d210b" ,
"value" : "heritageblog.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956247" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "565d5157-32fc-4263-a45e-ed8e950d210b" ,
"value" : "firefox-sync.com"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956312" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "565d5198-14d8-4147-aabe-ebed950d210b" ,
"value" : "http://labs.lastline.com/an-analysis-of-plugx"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1448956368" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "565d51d0-5414-4538-a2a9-a18a950d210b" ,
"value" : "PlugX\r\nPlugX (Korplug / Sogu / Gulpix / Thoper / Destroy RAT) used in attacks in several art Remote Access Trojan (RAT) is a type of harmful software. This program is expected to come from China and used in attacks directed mainly to Asian countries. In 2012, the first known to the world, and are registered in several versions since then.\r\nAccording to the researchers, the program has developed a high level of software projects. PlugX-configuration and security experts, Antivirus masking technologies are always updated with the \"hard parts\".\r\n\r\nPlugX attacks in Mongolia\r\nOur state of the harmful information on the program affected by several attacks\r\nexternal sites, the researchers cited in the story. In 2013, the \"Royal Quest\" international military maneuvers used to file to the Ministry of Defense in 2014 there was information about an attack aimed at a children's cancer diagnosis, and treatment-related attacks, according to the center. In addition, private companies are more likely to be attacked using the editor.\r\nIn this article, our experts based their analysis on the company\r\nPlugX prepared in general, information on how to clean the system under attack, is lead counsel."
}
]
}
}