2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2022-02-23" ,
"extends_uuid" : "" ,
"info" : "[NCSC-UK] Cyclops blink" ,
"publish_timestamp" : "1646300285" ,
"published" : true ,
"threat_level_id" : "4" ,
"timestamp" : "1664880653" ,
"uuid" : "62167543-c4e0-4f39-a23e-c09f0abe1822" ,
"Orgc" : {
"name" : "CERT-FR_1510" ,
"uuid" : "56bdf779-46f8-4353-bdf9-2bb95bce2212"
} ,
"Tag" : [
{
"colour" : "#ff1f00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cossi:TLP=\"white\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#008e63" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cossi:RechercheSourceOuverte=\"Autorisee\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#12e300" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Sandworm\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#6d35f2" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"IRIDIUM\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"TeleBots\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"ELECTRUM\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "dedf5650-c2db-4e8b-b2f1-1a6b57f5ac95" ,
"value" : "100.43.220.234"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "d13fda23-586d-4c3e-a45b-f3bd4590e0fc" ,
"value" : "96.80.68.193"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "de7f253e-bc37-4fb0-9a96-91fe3c29b80a" ,
"value" : "188.152.254.170"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "6f161edf-5aa7-4c40-98a0-d2d55059da3b" ,
"value" : "208.81.37.50"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "dae1a295-317c-48a2-a740-5888dd39d614" ,
"value" : "70.62.153.174"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "ea55aaf1-16f4-405c-b3d2-9d399151ea1b" ,
"value" : "2.230.110.137"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "03f888b6-7b10-40e4-91d4-4bbccad9e02c" ,
"value" : "90.63.245.175"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "a934e756-a436-4ec9-ab77-669d5289cff5" ,
"value" : "212.103.208.182"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7bb5d8f0-1edc-418d-8848-02a8b1d3059d" ,
"value" : "50.255.126.65"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5151e208-e848-4678-8210-3372d3289e30" ,
"value" : "78.134.89.167"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "29f5895d-d3c6-4a9f-a236-615881115df5" ,
"value" : "81.4.177.118"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5da89f24-d794-4317-84e4-60528a75b207" ,
"value" : "24.199.247.222"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "6f21cf3e-4420-4efe-9716-e5b53ab0f4a1" ,
"value" : "37.99.163.162"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "8b9a249c-4a99-4df2-91a3-f85bae52a594" ,
"value" : "37.71.147.186"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "9f9fa798-59ae-424c-9688-9629e647df7e" ,
"value" : "105.159.248.137"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "fa18fc05-f3ee-4bcb-9e29-bce9275af15a" ,
"value" : "80.155.38.210"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "fc594946-a050-4bf4-ad3f-c50b884252f9" ,
"value" : "217.57.80.18"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "c20e7d61-15fd-401a-97fc-78746b3e59e1" ,
"value" : "151.0.169.250"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "063bfd06-5392-467c-9844-d4d4c90777cd" ,
"value" : "212.202.147.10"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "0d9ae37c-c576-4f5f-a4f4-4bebc085367e" ,
"value" : "212.234.179.113"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "8d66da1b-0712-4407-9fc8-7f5cacae7dc5" ,
"value" : "185.82.169.99"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7df6296d-5af4-4d9a-bb00-3903d712bb3b" ,
"value" : "93.51.177.66"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "2a50158d-bffb-4a19-8106-56981fee7362" ,
"value" : "80.15.113.188"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "882c3256-0b44-4460-9881-3493dc47f88d" ,
"value" : "80.153.75.103"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "f68ca7aa-ea92-43bd-8f69-187daebf04a3" ,
"value" : "109.192.30.125"
}
] ,
"Object" : [
{
"comment" : "Cyclops Blink - Linux ELF PowerPC big-endian. The size corresponds to the complete file, but the hash values correspond to the executable code segment only." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1645638980" ,
"uuid" : "3f26d694-adbf-45a4-8165-3ffd48ab2191" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "e2dff851-c46f-4f48-8a7d-9f9ab77974ec" ,
"value" : "cpd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "34d39b20-68ed-427a-84f1-916d1cebfcf5" ,
"value" : "d01e2c2e8df92edeb8298c55211bc4b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f75c9134-e42c-4163-8ed2-dd04b7b3789e" ,
"value" : "3adf9a59743bc5d8399f67cab5eb2daf28b9b863"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b60f99ab-706b-4272-a0a3-cd9117515520" ,
"value" : "50df5734dd0c6c5983c21278f119527f9fdf6ef1d7e808a29754ebc5253e9a86"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1645638980" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "e66f7615-542c-4287-870a-180668fd3f0a" ,
"value" : "2494940"
}
]
} ,
{
"comment" : "Cyclops Blink - Linux ELF PowerPC big-endian. The size corresponds to the complete file, but the hash values correspond to the executable code segment only." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1645638980" ,
"uuid" : "094a4f55-cdd9-4a4a-8b59-b51afae9a83d" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "69b0af0b-f92f-49d7-af9d-8e94bd606451" ,
"value" : "cpd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "79af9254-74b0-49fe-828d-d0f78e171727" ,
"value" : "bbb76de7654337fb6c2e851d106cebc7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fd1dbbfb-74b9-4f7b-80a1-b6df3fa78377" ,
"value" : "c59bc17659daca1b1ce65b6af077f86a648ad8a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b9f0ca9e-7fac-4ea5-b15a-f8516c9505c8" ,
"value" : "c082a9117294fa4880d75a2625cf80f63c8bb159b54a7151553969541ac35862"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1645638980" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "e8f8ea8c-7d4c-4284-b92b-e45e3e85586b" ,
"value" : "2494940"
}
]
} ,
{
"comment" : "Cyclops Blink embedded ELF - Linux ELF PowerPC big-endian" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1645638980" ,
"uuid" : "163da4e8-6efe-45cf-ba1d-bbef3a9b9e73" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "a795f02f-307c-4530-9b68-a3a14d857960" ,
"value" : "install_upgrade"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1da6642e-8a88-4b91-b4f9-3ede97cbbe6c" ,
"value" : "3c9d46dc4e664e20f1a7256e14a33766"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f612f51f-f639-4688-a4d1-ef304f1b580e" ,
"value" : "7d61c0dd0cd901221a9dff9df09bb90810754f10"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "0c045c01-02be-4a97-9fe6-95d7a68c853d" ,
"value" : "4e69bbb61329ace36fbe62f9fb6ca49c37e2e5a5293545c44d155641934e39d1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1645638980" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "01368ffa-4960-47b2-bba7-410bcf92be61" ,
"value" : "964556"
}
]
} ,
{
"comment" : "Cyclops Blink embedded ELF - Linux ELF PowerPC big-endian" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1645638980" ,
"uuid" : "7ec41302-a5b9-403a-9e0f-eb62be8e1884" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "d38d92de-564f-4f89-a12a-f922a777f304" ,
"value" : "install_upgrade"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a920c39-5380-48bf-a4bd-f2b76d9b7dd0" ,
"value" : "3f22c0aeb1eec4350868368ea1cc798c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "4505bebc-945c-411b-90aa-c2635b2ce49c" ,
"value" : "438cd40caca70cafe5ca436b36ef7d3a6321e858"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1645638980" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ec963ffb-ce56-4dc6-8fb4-c7a949c2899f" ,
"value" : "ff17ccd8c96059461710711fcc8372cfea5f0f9eb566ceb6ab709ea871190dc6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1645638980" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "3c59c142-abd1-4996-8178-c0ae727143b6" ,
"value" : "964556"
}
]
}
]
}
}