misp-circl-feed/feeds/circl/misp/5991e185-1808-4a0a-8df5-c44402de0b81.json

494 lines
17 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2017-08-14",
"extends_uuid": "",
"info": "OSINT - The Blockbuster Saga Continues",
"publish_timestamp": "1502733046",
"published": true,
"threat_level_id": "3",
"timestamp": "1502733016",
"uuid": "5991e185-1808-4a0a-8df5-c44402de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "link",
"uuid": "5991e193-efc8-41e2-ba11-457902de0b81",
"value": "https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "text",
"uuid": "5991e1ac-9748-4213-8c8c-43a302de0b81",
"value": "Unit 42 researchers at Palo Alto Networks have discovered new attack activity targeting individuals involved with United States defense contractors. Through analysis of malicious code, files, and infrastructure it is clear the group behind this campaign is either directly responsible for or has cooperated with the group which conducted Operation Blockbuster Sequel and, ultimately, Operation Blockbuster (originally outlined by researchers from Novetta). The threat actors are reusing tools, techniques, and procedures which overlap throughout these operations with little variance. Attacks originating from this threat group have not ceased since our previous report (from April of 2017) and have continued through July of 2017.",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "url",
"uuid": "5991e1db-a100-4d93-8ea9-43e802de0b81",
"value": "http://210.202.40.35/CKRQST/event/careers/jobs/description/docs/NGC1398.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "url",
"uuid": "5991e1db-a54c-4a1a-aa45-424f02de0b81",
"value": "http://210.202.40.35/CKRQST/Company/HR/Position/lm/L1915.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "url",
"uuid": "5991e1db-2eb8-455e-96c6-4fc602de0b81",
"value": "http://104.192.193.149/Event/careers/jobs/description/docs/LJC077.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "url",
"uuid": "5991e1db-39ac-4838-8009-476402de0b81",
"value": "http://lansingturbo.org/docs/WebDAV.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-904c-4e34-8757-480b02de0b81",
"value": "104.192.193.149"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-2ee8-4650-b835-43e402de0b81",
"value": "176.35.250.93"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-cb88-40d2-a89f-470f02de0b81",
"value": "213.152.51.169"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-49b8-467e-b9b5-4b2602de0b81",
"value": "108.222.149.173"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-13d4-4131-a75f-4a3c02de0b81",
"value": "197.246.6.83"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-5600-4357-996d-428302de0b81",
"value": "118.140.97.6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-2e88-4fc1-bee3-49d802de0b81",
"value": "210.202.40.35"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-bca0-4130-89e2-482402de0b81",
"value": "59.90.93.97"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "ip-dst",
"uuid": "5991e1e7-f7c4-4234-a9be-4ff302de0b81",
"value": "107.6.12.135"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-f61c-46df-bdbf-480d02de0b81",
"value": "4d4465bd9a57c7a3c0b80fa3282697554a1419794afa36e544a4ae06d60c1615"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-a230-4e68-bcf7-41fc02de0b81",
"value": "f390ef86a4ad92dde125c983e6470f08344b9eaa14c17a1e6c4bb7ebfa7c4ec9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-62a4-4a41-8dac-427602de0b81",
"value": "acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-3940-4f00-9f46-4e0202de0b81",
"value": "7429a6b6e8518a1ec1d1c37a8786359885f2fd4abde560adaef331ca9deaeefd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-d738-41b9-8ba2-4f9c02de0b81",
"value": "e09224a24a14a08c6fcb79b00b4a7b3097c84f805f5f2adefe2f7d04d7b4a8ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-e264-424e-83e6-4b8802de0b81",
"value": "062aadf3eb69686f4881860d88ce472e6b1c07e1f586d840dd2ee1f7b76cabe7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-82b4-4493-8543-4ab102de0b81",
"value": "c63a415d23fc4ab10ad3acfdd47d42b5c7444604485ab45147277cca82fffb34"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-1c84-4131-a807-46a802de0b81",
"value": "16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-9584-4430-b291-47b102de0b81",
"value": "de2d458c8e4befcd478a0010789d80997793790b18a347d10a595d6e87d91f34"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-1714-4972-8a39-476502de0b81",
"value": "2f133525f76ab0ebb0b370601673361253074c337f0b0895d0f0cb5bc261cfcb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-9be8-43d4-8b9a-421f02de0b81",
"value": "e83a08bcb4353bfd6edcdedbc9ead9ab179a620e15155b60d18153bed9892f38"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-ba30-4d3c-b87f-496802de0b81",
"value": "6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-aa18-479c-a1f1-43af02de0b81",
"value": "ad075279d2ee6958105889d852e0d7f4266f746cb0078ac1b362f05a45b5828d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha256",
"uuid": "5991e1fa-1bb0-4184-a3e4-48b102de0b81",
"value": "1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha1",
"uuid": "5991e2c3-aa68-4032-84fe-c43b02de0b81",
"value": "67d2eceea179d3e0e3b99a4464cca82bec2236dc"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "md5",
"uuid": "5991e2c3-8b14-48ef-aa08-c43b02de0b81",
"value": "307866c7d98fc9a050c0d178d95b3e8f"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "link",
"uuid": "5991e2c3-8464-426c-b0da-c43b02de0b81",
"value": "https://www.virustotal.com/file/1288e105c83a6f4bbad8471a9b5bedafeea684a8d8b73a1a7518137d446c2e1e/analysis/1502714543/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha1",
"uuid": "5991e2c3-ba9c-4d0f-8d37-c43b02de0b81",
"value": "cbb56d1aff6ddd7c280c52fd03ca10529b1b2e36"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "md5",
"uuid": "5991e2c3-66dc-42fa-9886-c43b02de0b81",
"value": "766ec87da598965efc2fb7e5a5b60ee2"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "link",
"uuid": "5991e2c3-ae8c-46ce-acea-c43b02de0b81",
"value": "https://www.virustotal.com/file/6f673981892701d42159489c1b2614c098a04e4674b23e1cd0fd8911766e71a0/analysis/1502715759/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha1",
"uuid": "5991e2c3-381c-4078-82ea-c43b02de0b81",
"value": "9e2017128dd01108571b241f6c2b435d98d52d3c"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "md5",
"uuid": "5991e2c3-44ec-4848-932a-c43b02de0b81",
"value": "e8aa28ad79c9adcf9bb8629973fdfa24"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "link",
"uuid": "5991e2c3-6d14-4f2d-97e4-c43b02de0b81",
"value": "https://www.virustotal.com/file/16c3a7f143e831dd0481d2d57aae885090e22ec55cc8282009f641755d423fcd/analysis/1502724035/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "sha1",
"uuid": "5991e2c3-86c8-45bb-8eb6-c43b02de0b81",
"value": "e784d38b6e628357d93e0db926590c8ef5393d1a"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": true,
"type": "md5",
"uuid": "5991e2c3-c03c-4e9d-8e62-c43b02de0b81",
"value": "aa9548f3b03cc481c8c195fd458bc6dc"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897",
"deleted": false,
"disable_correlation": false,
"timestamp": "1502732995",
"to_ids": false,
"type": "link",
"uuid": "5991e2c3-ffac-4a61-9bd6-c43b02de0b81",
"value": "https://www.virustotal.com/file/acfae7e2fdda02e81b3e03f8c30741744d629cd672db424027f7caa59c975897/analysis/1502715852/"
}
]
}
}