adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b194472-fbac-4d90-8504-c0f80acd0835.json

354 lines
80 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-06-07",
"extends_uuid": "",
"info": "Sofacy Group\u2019s Parallel Attacks",
"publish_timestamp": "1607665338",
"published": true,
"threat_level_id": "2",
"timestamp": "1607525062",
"uuid": "5b194472-fbac-4d90-8504-c0f80acd0835",
"Orgc": {
"name": "Synovus Financial",
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
},
"Tag": [
{
"colour": "#ffffff",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#12e000",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#f71212",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "APT",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382633",
"to_ids": false,
"type": "link",
"uuid": "5b1944a9-c720-4180-97a3-d9330acd0835",
"value": "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/"
},
{
"category": "Payload delivery",
"comment": "DDE Docs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382667",
"to_ids": true,
"type": "sha256",
"uuid": "5b1944cb-83b8-47b9-8804-d97a0acd0835",
"value": "85da72c7dbf5da543e10f3f806afd4ebf133f27b6af7859aded2c3a6eced2fd5"
},
{
"category": "Payload delivery",
"comment": "DDE Docs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382667",
"to_ids": true,
"type": "sha256",
"uuid": "5b1944cb-6b54-48b1-be9e-d97a0acd0835",
"value": "8cf3bc2bf36342e844e9c8108393562538a9af2a1011c80bb46416c0572c86ff"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b1944ea-7140-4d65-bf15-bee70acd0835",
"value": "185.25.51.198"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b1944ea-def8-493e-aadb-bee70acd0835",
"value": "185.25.50.93"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b1944ea-8b44-410a-ac94-bee70acd0835",
"value": "220.158.216.127"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b1944ea-f728-430b-92db-bee70acd0835",
"value": "92.114.92.102"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b1944ea-900c-45af-8b55-bee70acd0835",
"value": "86.106.131.177"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382721",
"to_ids": false,
"type": "user-agent",
"uuid": "5b194501-318c-4ba1-a019-c0520acd0835",
"value": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382721",
"to_ids": false,
"type": "user-agent",
"uuid": "5b194501-8690-4200-919c-c0520acd0835",
"value": "Mozilla/5.0 (Windows NT 6.1; WOW64) WinHttp/1.6.3.8 (WinHTTP/5.1) like Gecko"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382721",
"to_ids": false,
"type": "user-agent",
"uuid": "5b194501-b2f4-4fce-b597-c0520acd0835",
"value": "Mozilla v5.1 (Windows NT 6.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1"
},
{
"category": "Payload delivery",
"comment": "Koadic",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382758",
"to_ids": true,
"type": "sha256",
"uuid": "5b194527-b478-4cb4-9d60-d9710acd0835",
"value": "abbad7acd50754f096fdc6551e728aa6054dcf8e55946f90a02b17db552471ca"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382780",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453c-9168-4e25-b394-bfe30acd0835",
"value": "d697160aecf152a81a89a6b5a7d9e1b8b5e121724038c676157ac72f20364edc"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-5428-4f2e-a2f7-bfe30acd0835",
"value": "cba5ab65a24be52214736bc1a5bc984953a9c15d0a3826d5b15e94036e5497df"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-cef0-46f8-9eba-bfe30acd0835",
"value": "25f0d1cbcc53d8cfd6d848e12895ce376fbbfaf279be591774b28f70852a4fd8"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-bb00-4b77-994c-bfe30acd0835",
"value": "115fd8c619fa173622c7a1e84efdf6fed08a25d3ca3095404dcbd5ac3deb1f03"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-8f3c-4cad-8886-bfe30acd0835",
"value": "f27836430742c9e014e1b080d89c47e43db299c2e00d0c0801a2830b41b57bc1"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-e284-4d29-a633-bfe30acd0835",
"value": "5b5e80f63c04402d0b282e95e32155b2f86cf604a6837853ab467111d4ac15e2"
},
{
"category": "Payload delivery",
"comment": "Zebrocy",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382781",
"to_ids": true,
"type": "sha256",
"uuid": "5b19453d-305c-47cb-8301-bfe30acd0835",
"value": "dd7e69e14c88972ac173132b90b3f4bfb2d1faec15cca256a256dd3a12b6e75d"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382828",
"to_ids": true,
"type": "url",
"uuid": "5b19456c-8c64-4c9c-9c1d-c4870acd0835",
"value": "http://supservermgr.com/sys/upd/pageupd.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382828",
"to_ids": true,
"type": "domain",
"uuid": "5b19456c-dd4c-4535-acea-c4870acd0835",
"value": "supservermgr.com"
},
{
"category": "External analysis",
"comment": "Visualization of relationships",
"data": "iVBORw0KGgoAAAANSUhEUgAABAAAAAKsCAIAAAD9cVh7AAAgAElEQVR42uy9i3tb1Znvf/6H3+/8zu8ZKPQ+l54z0w7TzNBOpmnVUVCKWhV1BKaIqqhVMUWtp27dmKkHUbcC05iqKDFRaxAxCKJgUBDIsYKIE4MSlJiIOHGIEhERJTZxEFEiR3Zky8p57RUWG0l2LtZlX76fR4+f7a2tfVl7ve96v2u/e63/cQEAAAAAAACgGP4HigAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAEA1mDmXQSEAAAAEAAAAADmTz02xhcLs7MH1NhQIAABAAAAAAJAbR3vXXygU2PKetjunTo3Swnuvvbzrl3oUDgAAQAAAUAdOH/SdG92LcgCgSoxtf3HXf+omjsUmjh0OfufzAfVfkQygv1tu/lR27NjM5LnRgc0oJQCACHl+55M/dq5in5//2QABAIBsKOz5/f9Dn/HdLpQFANVgeuIshfuLfLbf9a8Ciyxkjh5EoQEA6h8fXChQ0H/7mn9jn8e22CEAAJCRhc/OxJ7+9sgTKhQFABU2rpmZOQFw9nRp0N9307U7fvS14Lc/y/49tWfbe6/3HXh09Rst/3H+9DiKDgBQd46MjfDo//udKyZzWQgAAGTFUf89B1xfRTkAUFnSB9/cdue/9H8Y5b+7+fGJY4f3P7qalofuN9EG2dHEllXXc1Xw6u3/OD1xBuUGABAD6/sf5ALgXpei31mCAACyFQD71//LzOTpS34K+WkUFwCXT6jhSyy43/+nX/OV2+748tD9P7wwlx10pu+mT3ABMIaXAQAA4mAyd874yNe5AEi+fxQCAAAZCgD2JsAlP0MP/q9zY3hjGIDL5dXbb2DBfWzDw3zlwA//tW/lXArQ1lv+RpgXdMTjQIkBAMTAW0ff4NE/fRReGhAAQM4CYPL9Q29v0BTyuY9F/Pb/j3322P8nW5Pa70WJAbAI2bFE2Pqtfu1nhMH9Vv3fZceOXSgUTu3exlfuXn3bwfX39626jq85sO6/+JihAABQL34meP138xtPzRZm2aegSAcFAQDkLABKP7Seb5PLjEEAAHAlMuDdrbf8LcX0g5avv/PcYyy+77/5UzzWf/2nN7Etx98IsTWh275YyM+g6AAA9eXcVEbY/f/Rq8BrvhY9ugsCAAA5kDuTXEgAJF7+Od9seuIkBAAAV0TqrfDcq73fv2G/o2XuIcD3vrD/T7+m5a36v2OzAXCpwARA9MF7UGgAgLrz7I71ZQWAw9+mzAKBAAAy5M2HPwEBAEDFmZ2Z3tV8C+/vD936xQ+GL/acFWZmdv1C13fTJ46+8Of339wRuu3ii8JB3ecxCQAAoO7c+UcV/9zx4avAP3auys2chwAAQP4CIO77Ed8sd/YEBAAAl0l+cmK/o0WY3D+y7jfCDc4cGd7yrU/OTQiw8pqPXhVYec3AD248vvU5FCAAQCQ8u+Ox+XkAvvZmPKzYQoAAAMoSAEP2/3f4sS/vf+yf6RN95LNVEgD5fD6Xy+FGAPmRfe8YH+Uz/szHRvg5/8H43GwAtrvOp07ubPo2mxrsbPwACg0AhSCVhu83T1tIAPx2o/XC/NigEAAAyITZfO7yhwGdGyxofKRSh06lUt3d3U1NTaQBcCOALOnTXHwIQLH+xyp/9DX66sDa/6Jl+mpOAKy67sLsLEoMAIXg8/mam5uHhoZEfp4/XnszCYD87Ex+VrktNQQAkCdzE4E9tix3Jsk+bz78iYnkrpjnltHBh45ve+DQ099J7feyDWayH1TkiCMjI21tbcuXL1+2bFk0GsUtALLk4Pr7eXpPv/YzYwO+i6p7Ohe69R/mc36uDd32xcB8FlDwO5+LPdmBQgNAIeTzeZ1Od8MNNxiNRq/Xm8lkRHiS4+lRiv4PJpU+/w8EAJCtADjg+ir/d+jB///oi3fvW/ult3tWHXxy5b61XzzsvT36x89V6nBut3vFihU3zHPTTTfdAMAScLlc4jSrk+Et24zLjvauHw09z0L8vps+8Vrjv2+/a3nfTdcKpwiYGxHov38g5uH/qZBR0wCoKmazOZVKic32t0Z9v9/0nwXFT04CAQAUIQBqQC6X83q9rPMjGAziFgCZUdReJnx/oei/X/vporiff957PYBCA0BRZDKZFStW3HjjjW1tbfF4XJwn6Xz5gYmps7hZEABAnpyJv3Ji++/rcuihoaGOjg68BAzkzfGtG/NTWVp47R41KYF9a5q2fu8LW2/520zibTYT8MH1NpQSAIrC7/f39PSIM/OHc+jEMO4UBAAAAIAlMfxI86k9A7QwnUkfcj/IVp4/fWrgzhtROAAAAAEAAABAbhxyP1TIz7DlQn6ary8UMP4PAABAAAAAAJAd504cRSEAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAIAAAAAAAAAAAEAAADBPoVDI5/NsOZfLzc7O8pVsmTE5OSncnn9V9O/MzEzR/qenLw5mMjExgdIG9SWZTC5iBcwQeI0VVnuCKvnU1FTRSuE+eQ0va1Ol9sW3WXweTeE5L7Kl0L6Ey8KTYbuic9izZw8t0N9sNsu3LDVeAIA4W23mCvhC6QZjY2Nk0exv6W+L2vdS8ydnxQ+x0IEWcqdlz4cv0HGZ9xPukHvXUq9VtBPhX+arS9dDAABwaTKZzEMPPfTOO+/QMnkKj8ezdu1aWt67d++jjz4aCoXYZocPHw4Gg0888UTpV8J/abPnnntu48aNfP/79u3z+/1PP/10IpHw+Xzr1q1DmYM6sn79+rLrqer29PT88pe/PHXqFKuxRdWemrpNmzZRPReuFO6T1/CFbEq4zA83Pj5OUfjidsHPeZEthfYlXBaeDN/VG2+8EYlEqLmlv1ztlBovAECcPPXUU8xHPfzww0zMF0Et78DAAJn/M888I5xKLB6PDw8PFzXipeZPzop229XVRarAarXSGtoP7fP8+fOX407LnvCLL75IC+T3AoHAr371q97eXjooFxLMu5aGJUKE50N727Bhw+bNm1955ZWi84QAAOBy2bp1K7O0ycnJNWvWvPTSS7RMPoKsK51O882y2Sx9W/qV8F+32012SBbIuxWfffbZiYkJl8t1YX5eQ6HHAaCWUHv2wgsv3HfffWyZmk+qunyBVp47d46WeY1lnei82lPsTg3qzp07hSuF+6Saz2t4WZsSLvPDpVIpaslYo0V7o2+3b99O7WJ3dzcdTrj/xbcUHl24zE9GuCu6OtoP+8t3JTRevrL0QKhIAIhBAFAETxreZrPt2rXr+eefJ8dF6/fv309BvN1up2ieC4B8Ps+Nl3zI7Oxsafte1HbTTgqFAsX3FPSvXr36yJEjg4ODtE9ygLSNw+EocqfsBGifdAJPPPHEtm3bDh06RP6NH4JOeN26dePj4yQA6N+//OUvwv5+oXctCkvefvvts2fPcr3Bz4ddPq2khaLzhAAA4IoFALXxe/fuJd/B8xx4dyP5gscff5znFQi/Ev7LnAiZPRcA5ID6+vr+8Ic/sGeR5DhQ4KAudHV18S4rqofsSTFfIKjdohourLHCak8t6JkzZ5588kla5iuF+2TdZqyGl7WpIvtih6Ndbdq0iZouMpm1a9dStN3f3z8yMrJjxw7aQLj/xbcUHr1omZ2McFfBYPDo0aPsL9+V0Hj5yrIHAgDUXQCQ/VKzS9bNGl+yzfPnz1NwTwExi/tfffVVtkAOhx
"deleted": false,
"disable_correlation": false,
"timestamp": "1528382863",
"to_ids": false,
"type": "attachment",
"uuid": "5b19458f-5c74-4724-b1db-d9ec0acd0835",
"value": "figure2-copy.png"
},
{
"category": "Payload delivery",
"comment": "MD5 of 8cf3bc2bf36342e844e9c8108393562538a9af2a1011c80bb46416c0572c86ff",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-6194-4a01-b335-d9ec0acd0835",
"value": "1d2c706e821076a59dcd38cf37dcf3c6"
},
{
"category": "Payload delivery",
"comment": "MD5 of abbad7acd50754f096fdc6551e728aa6054dcf8e55946f90a02b17db552471ca",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-d1e8-46b1-ad80-d9ec0acd0835",
"value": "35d2ce0651d8bc045e920c10fd52a178"
},
{
"category": "Payload delivery",
"comment": "MD5 of d697160aecf152a81a89a6b5a7d9e1b8b5e121724038c676157ac72f20364edc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-b574-4dd7-8627-d9ec0acd0835",
"value": "35eb9e586dfef4b385d4ee13a85e29de"
},
{
"category": "Payload delivery",
"comment": "MD5 of dd7e69e14c88972ac173132b90b3f4bfb2d1faec15cca256a256dd3a12b6e75d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-0020-44fd-950f-d9ec0acd0835",
"value": "bf0fea133818387cca7eaef5a52c0aed"
},
{
"category": "Payload delivery",
"comment": "MD5 of 115fd8c619fa173622c7a1e84efdf6fed08a25d3ca3095404dcbd5ac3deb1f03",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-4298-456a-bbd5-d9ec0acd0835",
"value": "77d4cc390e8bb7e2b5ccfd92efd3dd83"
},
{
"category": "Payload delivery",
"comment": "MD5 of 5b5e80f63c04402d0b282e95e32155b2f86cf604a6837853ab467111d4ac15e2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1528383144",
"to_ids": true,
"type": "md5",
"uuid": "5b1946a8-30b0-47e4-bf8d-d9ec0acd0835",
"value": "794d18f975f94e3d9b1144c542c7f39b"
}
]
}
}
Reference in a new issue Copy permalink