misp-circl-feed/feeds/circl/misp/5b28ffbe-0118-409f-8f26-4f0e950d210f.json

180 lines
114 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-06-19",
"extends_uuid": "",
"info": "OSINT - Malware That Hit Pyeongchang Olympics Deployed in New Attacks",
"publish_timestamp": "1529820182",
"published": true,
"threat_level_id": "3",
"timestamp": "1529820170",
"uuid": "5b28ffbe-0118-409f-8f26-4f0e950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"Olympic Destroyer\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "Malicious Spiez CONVERGENCE.doc",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAI2A0IDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAMEBgUCAQcI/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAIDBAEF/9oADAMBAAIQAxAAAAH9i8JiFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwilhmAIZoZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGaGU+vghngnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIZYpQCGeCcAAAAARVMTT6G2+ZW1DTqLP5xopV6U5l/ldNQrnXc7ydNx7Jfcn6dVQ9F1xvZ1nO+HScWY6jkSHTc76dBzoTrub8Om5cpfcS2dAAAAAAAABzYDsuLEd9Q5533OqnbceQ6jlQnbccdhypToOUOq4Ex2WdtnXcuE7QAAAAAAIZYpQCGeCcAAAAA5+T2eXz+v0rvueeXI9H7Yr3dyvYrafEil9iKOauTfJqxIk9EL77PHyWUg+SeyhW6XshTSlH1cFL7cFaDoCrHeFKacAAAAAAAAQePkR9RWD7BWtE8VewRe5KxZ+efp69fIiWTnWRYr/CnNY9xspe4vp89eZy1aJVnn0AAAAAQyRyAEU8E4AAAABXyesV6sp0eNXze23tDq3+WoX/l3nc+p2vRzq3a8HJr6HycqLuDmw9j4cq3bHIdfwcWz1Phw+6AAAAAAAAAAAAAFWP17KN+MefFusRebcJ7hpdMgsTVytYmkOfehFCez4Jfta0Uk1or/Pvk6Cv6PNivYAAAAAIZI5ACKevYAAAAHz6KlsPkcrnQ7xzelEVqnS8lKDs+ChT7XwoOlGV4r3o5rpiGr0oip56URS8XvRXg6sBaAAAAAAAAAAABya3bjM9800RyqOpjOd86I4kfenM10enGcG/0Phzamg8HCs9P6cWTsezNe9IM190gzFruiD1KAAAAAIZI/Z9fBFYr2AAAAAAAABTuVD74+QE8U9cng91y3LDWLqLyTS1LZ5QfRJUvHyzxuyAAAAAAAAAAAAAcuPsDNWO6KPB1gzc3eHF99cZeLWjiUdSMvLoxyubpxnOzaAAAAAAAAAEPvx7AIrFewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ+/HsAisV7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABD68+gCOxXsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEPrz6AIrNayAAAAAAAAAAAAAAAAAAAH5N2D9BgyWdP1ZgPh+gMXMa5+VfT9UfkXLP3F+c5g/bX5JIfq78dsH60/NeCftD8j7xvn4j+wl0AAAAAAAAAAAAAAAAAAEPrx7AIrNayAAAAAAAAAAAAAAAAAAAYzGfrccNGP5f6OMTV/QPRzuZrk8+CubEYq5qR+f+t8MZNrRga36OMtV2YwUm5GA21kAAAAAAAAAAAAAAAAAAAQe/HsAis1rIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABB78ej6+CK1VtAAAAAAAAAAAAAAAAAAHLrWsmdLW/l/wCgHQgymuM3U4uVP3TFaj8mP2B+RUj9o4+EtH6P7/nr9BN9yMDWP2Tx+ZYo/oOX87/QzHzZiY2DP886P6F/PH9DgAAAAAAAAAAAAAAAAAEHrz6AIrVW0AAAAAAAAAAAAAAAAAAVYegOR1wRyDl3pgoXxVz+qFX5bFGecVvNsVY7wg9yDkWroqw9Ac/oAAAAAAAAAAAAAAAAAABB68+gCK1VtAAAAABFnjTPHsPFA6RXLADm2C0AAAAgnCCcIJj6c86AABRLxzzoAAAK1kHMOmAViyAAAfD6o3gAAViyAo3gAr2A5/QADn9AAAAAAg+/PoBHaq2gAAAABj9gMT43IixO7H59b2w/O97OM1x96MJB+hDAWNuML93I/O+htBmbXcGA8foQ/P8Az+hDB9zQDNy98cDk7Ufn/wB34wUu4GAg/RoDj/NAPzvo7Mfnr9CFPi6Yfn1zajDUf0cYHm/qHIOvhN2MTqrgxEe7H51D+ljF/NqPzrqbEMDvhxa2jGQ4v6SMPDvh+fR/ooz3Q6I/M+zsxidsAAAAAEH359AI7VS2AAAAAUef0uGXfFOM7VOrnDaTcyqdqfxQL9T5yjvfefGdP7yPBruD3syd6hLzzzVvVTp2+T0iWlSmLnNr1jQ9LgaIyHc5I7tF6OfPWHc5E8HJI8B0I3br5+e9c2+f72fnnp3al8p+ZPhD5lmFd8PNutYINtiNYXcfuMydOXjWTpVvnCNBVck73UyWpOT2M13Th9Hj+ToeqXw7FFTOzQoyGp4vbzR2OjxO2AAAAAQffg+vgjt1LYAAAAAUuYaBk753XAiNIzlk7Tj2i85EB3mZ9GkZ+c7Lh/TtspqD25PLNU4tg6TK6oMxOaBn6Br2X6Z1XBqGpeOcdRwB3nChNGwfaNGgonVZHrHYcCqalwPZ3GcmO64NQ1Ll9M+uH7OyyemJmY7Bfc6sdpxfp2XG7B9cHqFpmZjQOR7OozHaLrL2jvOX1AAAAACAAEdupbAAAAAK1DsDhwaMcKbrjMfdN4Ml0u8M1BrByqOjGa86cY7udUZjuWhk7ugGf86KMz2lDJ8T9HGf9d4cODRxGel73s8cXsyGfpa0cinoxn/ne9kHO6khj7mkGYl0Qx93RjkcjXDh1tKOF2JRjux2RntB4kMz1eiOZw9PYOVW73gzegnGV6fU9nP5ekHN5emHB6F4c/l6Qc/oAAAAABAACO3UtgAAAAFLgarknAtXLpwZuvZLmG3PHORN2oD5wdBGVuZpYDk+NHWOkr3DCXdGM/q+b0jJ83UxnBtXrZyIu76M3pVs52a18ZfzWmpGR+6qA63B79Qz3nuRmfu6HnGd6/VhOT3OXoTg8zRxlDibWkcnWcvqGT7v2U4sfcqHQzmpqmQs9n0c7k7GsZnUR3CtltnROL60HgzlntxnG83eocGLSwHFaSidbKaykUe5WsgAAAAEHz78APFupbAAAAAFevmTbMT9NrHkPhtGA7ho2U651GEtGpZuQ0kmKGunxHw3DF986sGf5BupMN1Tuz4LehgrZsmH0pcnxlc3bI1jbxyYU3TEwmxt4W8ayPCXTZMaNlDwBoJckNbBBjzfMPoizNneMfoUGWqm6jxHs3FfNcg/RK9j8yP0r3g7hsGAuGzYq4amLi+Dtz5/mGzY2I27F0jeyYn0bRntCAAAAAQfPvwAjuU7gAAAAAoXuCdqpWkOhDQmJrMo51yXnkslHqlX3Pxy948dAq8zuwGf0z6RRw0TrRrZBOEEdscrquQdKteENa+EE9Y9czpzkEVzil77SmJZuVMWrEgp2JAp3BV9WBSmnFP5dGft9UUPV0IpRDU6I4922KM1gVZJhRlsiGO0KUlkVorwjkAAAAACD4AEdyncAAAAAOfl9xCYqp+jDNfNNAZvn7sfn/b0o/PJt6MzHqhgIP0YYNvBi6P6EOLnd4MF4/QB+XdLcTmBtbQZZqRgLW1GFofpIwV3YD88m3o4fA3cJwOB+iDL+9LAebIAAAAAAAAAAAAAAAAAAAAAAVwAR3KdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArnw+vgju0roAAAABVyuwzJP6mEdXr0iLxbtHM9W7Jnbs0Z3vz/wDROEU+j8
"deleted": false,
"disable_correlation": false,
"timestamp": "1529413752",
"to_ids": false,
"type": "attachment",
"uuid": "5b290062-dc94-4159-8b37-4332950d210f",
"value": "DgDJaCgWAAEIA01.jpg"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1529413786",
"to_ids": false,
"type": "link",
"uuid": "5b29008f-2b3c-481f-a4ed-4f3a950d210f",
"value": "https://www.bleepingcomputer.com/news/security/malware-that-hit-pyeongchang-olympics-deployed-in-new-attacks/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1529413922",
"to_ids": false,
"type": "text",
"uuid": "5b290112-f380-49b0-a09a-493d950d210f",
"value": "Olympic Destroyer, the malware that hit Pyeongchang 2018 Winter Olympics, is still alive and infecting new victims, according to a report published earlier today by Russian antivirus vendor Kaspersky Labs.\r\n\r\nThe company's security researchers say they've detected Olympic Destroyer infections across Europe in May and June 2018.\r\n\r\nNew victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "File Type: Microsoft Office Word",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1529413677",
"uuid": "5b29002d-92b8-468e-900d-4091950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1529413678",
"to_ids": true,
"type": "md5",
"uuid": "5b29002e-0478-4a8f-9346-4169950d210f",
"value": "0e7b32d23fbd6d62a593c234bafa2311"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1529413678",
"to_ids": true,
"type": "filename",
"uuid": "5b29002e-d038-4b06-a997-476e950d210f",
"value": "Spiez CONVERGENCE.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1529413678",
"to_ids": false,
"type": "text",
"uuid": "5b29002e-2768-4d23-8e9c-41b8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1529656990",
"uuid": "2cbbe4ff-7a38-45fc-ae72-577c6b2a0edf",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2cbbe4ff-7a38-45fc-ae72-577c6b2a0edf",
"referenced_uuid": "dac822e3-0527-46dd-99a9-2a16d8310d75",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1529656990",
"uuid": "5b2cb69e-0be4-4348-8ea7-48eb02de0b81"
}
],
"Attribute": []
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1529656989",
"uuid": "dac822e3-0527-46dd-99a9-2a16d8310d75",
"Attribute": []
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}