misp-circl-feed/feeds/circl/misp/5a02c71a-9144-4f76-96c3-45ec950d210f.json

1 line
10 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - Sowbug: Cyber espionage group targets South American and Southeast Asian governments", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:rat=\"Felismus RAT\""}], "publish_timestamp": "0", "timestamp": "1510213600", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a02c783-a28c-4dd3-b432-44c7950d210f", "timestamp": "1510213581", "to_ids": false, "value": "Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "", "category": "External analysis", "uuid": "5a02c976-0e10-4345-be87-497a950d210f", "timestamp": "1510213581", "to_ids": false, "value": "https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "Backdoor.Felismus", "category": "Payload delivery", "uuid": "5a02cda9-90e0-4813-b94a-4dcd950d210f", "timestamp": "1510213581", "to_ids": true, "value": "514f85ebb05cad9e004eee89dde2ed07", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "Backdoor.Felismus", "category": "Payload delivery", "uuid": "5a02cda9-90e0-4f4e-9aab-4965950d210f", "timestamp": "1510213581", "to_ids": true, "value": "00d356a7cf9f67dd5bb8b2a88e289bc8", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "Backdoor.Felismus", "category": "Payload delivery", "uuid": "5a02cda9-5ac0-4772-b6f3-4963950d210f", "timestamp": "1510213581", "to_ids": true, "value": "c1f65ddabcc1f23d9ba1600789eb581b", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "Backdoor.Felismus", "category": "Payload delivery", "uuid": "5a02cda9-cdc4-4e6c-aa54-44aa950d210f", "timestamp": "1510213581", "to_ids": true, "value": "967d60c417d70a02030938a2ee8a0b74", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "Trojan.Starloader", "category": "Payload delivery", "uuid": "5a02ce42-3990-47bf-808f-49a7950d210f", "timestamp": "1510213581", "to_ids": true, "value": "4984e9e1a5d595c079cc490a22d67490", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "Hacktool.Mimikatz", "category": "Payload delivery", "uuid": "5a02ce42-f094-4100-b610-4219950d210f", "timestamp": "1510213581", "to_ids": true, "value": "e4e1c98feac9356dbfcac1d8c362ab22", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5a02ceb7-9b2c-4301-b86f-456b950d210f", "timestamp": "1510213581", "to_ids": false, "value": "%WINDOWS%\\debug", "disable_correlation": false, "object_relation": null, "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5a02ceb7-8abc-44fe-a221-4606950d210f", "timestamp": "1510213581", "to_ids": false, "value": "%APPDATA%\\microsoft\\security", "disable_correlation": false, "object_relation": null, "type": "regkey"}, {"comment": "Command and control infrastructure", "category": "Network activity", "uuid": "5a02ced2-9fbc-4ce4-b9e4-4b28950d210f", "timestamp": "1510213581", "to_ids": true, "value": "nasomember.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Comman