{ "Event": { "analysis": "2", "date": "2014-11-12", "extends_uuid": "", "info": "OSINT Korplug military targeted attacks: Afghanistan & Tajikistan blog post from ESET", "publish_timestamp": "1456151931", "published": true, "threat_level_id": "2", "timestamp": "1415914547", "uuid": "54651e3e-3934-4d34-9396-956a950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#33FF00", "local": false, "name": "tlp:green", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913424", "to_ids": false, "type": "link", "uuid": "54651fd0-3988-45ca-8816-9a37950d210b", "value": "http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913440", "to_ids": false, "type": "comment", "uuid": "54651fe0-6ad0-4955-ad1a-4960950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913478", "to_ids": false, "type": "text", "uuid": "54652006-ed94-4a90-8907-9a22950d210b", "value": "Korplug" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913478", "to_ids": false, "type": "text", "uuid": "54652006-32ac-4819-abb7-9a22950d210b", "value": "PlugX" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913518", "to_ids": true, "type": "hostname", "uuid": "5465202e-7418-4999-bb7e-4767950d210b", "value": "www.notebookhk.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913531", "to_ids": true, "type": "domain", "uuid": "5465203b-92c4-46ea-bb24-9a39950d210b", "value": "notebookhk.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913653", "to_ids": true, "type": "hostname", "uuid": "546520b5-18ac-4f42-a306-956a950d210b", "value": "www.dicemention.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913653", "to_ids": true, "type": "hostname", "uuid": "546520b5-659c-43c0-9b37-956a950d210b", "value": "www.abudlrasul.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913670", "to_ids": true, "type": "domain", "uuid": "546520c6-31a4-4603-9ec4-93c7950d210b", "value": "dicemention.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415913671", "to_ids": true, "type": "domain", "uuid": "546520c7-0f04-463c-879c-93c7950d210b", "value": "abudlrasul.com" }, { "category": "Attribution", "comment": "Registrant", "deleted": false, "disable_correlation": false, "timestamp": "1415913751", "to_ids": false, "type": "text", "uuid": "54652117-1e68-455f-b492-9a39950d210b", "value": "stanlee@gmail.com" }, { "category": "Attribution", "comment": "Registrant", "deleted": false, "disable_correlation": false, "timestamp": "1415913751", "to_ids": false, "type": "text", "uuid": "54652117-f490-4062-9d03-9a39950d210b", "value": "123@123.com" }, { "category": "Attribution", "comment": "Registrant", "deleted": false, "disable_correlation": false, "timestamp": "1415913751", "to_ids": false, "type": "text", "uuid": "54652117-4e70-4163-a7bd-9a39950d210b", "value": "woffg89@yahoo.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-0940-4a89-8115-d85b950d210b", "value": "36119221826d0290bc23371b55a8c0e6a84718dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-83f0-4e58-ad78-d85b950d210b", "value": "a6642bc9f3425f0ab93d462002456be231bb5646" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-0f44-4060-bba3-d85b950d210b", "value": "51cdc273b5638e06906bcb700335e288807744b5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-5dd8-4054-a92e-d85b950d210b", "value": "ea6ee9eab546fb9f93b75dcb650af22a95486391" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-bc40-4ed7-983c-d85b950d210b", "value": "d297dc7d29e42e8d37c951b0b11629051eebe9c0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-46c4-48dd-9b2c-d85b950d210b", "value": "8e5e19ebe719ebf7f8be4290931ffa173e658cb8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-c30c-4fd1-84ed-d85b950d210b", "value": "1f726e94b90034e7abd148fe31eba08774d1506f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-57dc-44bf-9ed1-d85b950d210b", "value": "a9c627aa09b8cc50a83ff2728a3978492aeb79d8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914316", "to_ids": true, "type": "sha1", "uuid": "5465234c-001c-495c-b61c-d85b950d210b", "value": "e32081c56f39ea14dfd1e449c28219d264d80b2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914370", "to_ids": false, "type": "vulnerability", "uuid": "54652382-8914-451f-b266-956a950d210b", "value": "CVE-2012-0158" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415914370", "to_ids": false, "type": "vulnerability", "uuid": "54652382-58a0-48df-b92b-956a950d210b", "value": "CVE-2014-1761" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914433", "to_ids": true, "type": "sha1", "uuid": "546523c1-e814-42dd-aa3f-c0c0950d210b", "value": "5dfa79eb89b3a8ddbc55252bd330d04d285f9189" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914433", "to_ids": true, "type": "sha1", "uuid": "546523c1-52d0-4d19-88d5-c0c0950d210b", "value": "095550e3f0e5d24a59add9390e6e17120039355e" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914433", "to_ids": true, "type": "sha1", "uuid": "546523c1-77cc-41e3-899b-c0c0950d210b", "value": "5d760403108bdcdce5c22403387e89edc2694860" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914433", "to_ids": true, "type": "sha1", "uuid": "546523c1-0bf0-4d16-b80a-c0c0950d210b", "value": "05bfe122f207df7806eb5e4ce69d3aec26d74190" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-f568-45e6-914a-c0c0950d210b", "value": "548577598a670ffd7770f01b8c8eeff853c222c7" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-0038-4c87-98fb-c0c0950d210b", "value": "530d26a9beedcced0c36c54c1bf3cda28d2b6e62" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-6b20-4c51-a75a-c0c0950d210b", "value": "f6cb6db20aa8f17769095042790aeb60eecd58b0" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-acd0-4e34-877a-c0c0950d210b", "value": "ef17b7ec3111949cbdbdeb5e0e15bd2c6e90358f" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-aebc-4b25-b287-c0c0950d210b", "value": "17ca3bbddef164e6493f32c952002e34c55a74f2" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-0f80-462b-a405-c0c0950d210b", "value": "973ea910ea3734e45fde304f20ab6cf067456551" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-4098-49d6-9d70-c0c0950d210b", "value": "47d78fbfb2efc3ab9ddc653a0f03d560d972bf67" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-8fac-49e7-8751-c0c0950d210b", "value": "0b5a7e49987ef2c320864cf205b7048f7032300d" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-e534-4aaa-bfbd-c0c0950d210b", "value": "e81e0f416752b336396294d24e639ae86d9c6baa" }, { "category": "Artifacts dropped", "comment": "Korplug", "deleted": false, "disable_correlation": false, "timestamp": "1415914434", "to_ids": true, "type": "sha1", "uuid": "546523c2-1e68-4f24-b7b8-c0c0950d210b", "value": "e930d3a2e6b2ffdc7052d7e18f51bd5a765bdb90" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914506", "to_ids": true, "type": "sha1", "uuid": "5465240a-ff00-4d83-877e-9a37950d210b", "value": "fdd41eb3cbb631f38ac415347e25926e3e3f09b6" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-f640-47a2-9f11-9a37950d210b", "value": "457f4ffa2fe1cacfea53f8f5ff72c3fa61939ccd" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-1604-4b57-81ac-9a37950d210b", "value": "5b6d654eb16fc84a212acf7d5a05a8e8a642ce20" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-3c64-4dbb-9adc-9a37950d210b", "value": "7d59b19bd56e1d2c742c39a2aba9ac34f6bc58d4" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-d1e0-4bc2-8505-9a37950d210b", "value": "d7d130b8cc9bea51143f28820f08068521763494" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-3924-4b91-b38f-9a37950d210b", "value": "01b4b92d5839ecf3130f5c69652295fe4f2da0c5" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #1", "deleted": false, "disable_correlation": false, "timestamp": "1415914507", "to_ids": true, "type": "sha1", "uuid": "5465240b-d138-402c-ae8f-9a37950d210b", "value": "02c38ec1c67098e1f6854d1125d3aed6268540de" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914547", "to_ids": true, "type": "sha1", "uuid": "54652433-5664-4cae-ba8b-9a39950d210b", "value": "3a7fb6e819eec52111693219e604239bd25629e9" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914547", "to_ids": true, "type": "sha1", "uuid": "54652433-218c-4ba7-9fc0-9a39950d210b", "value": "bf77d0ba7f3e60b45bd0801979b12bea703b227b" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914547", "to_ids": true, "type": "sha1", "uuid": "54652433-d50c-4a22-96c2-9a39950d210b", "value": "55ef67afa2ec2f260b046a901868c48a76bc7b72" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914547", "to_ids": true, "type": "sha1", "uuid": "54652433-0384-4c5e-95b6-9a39950d210b", "value": "a29f64cd7b78e51d0c9fdfbdcbc57ced43a157b2" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-8b2c-4d61-b247-9a39950d210b", "value": "34754e8b410c9480e1adfb31a4aa72419056b622" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-1f48-484a-bf2a-9a39950d210b", "value": "17a2f18c9ccaaa714fd31be2de0bc62b2c310d8f" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-95d0-4bc5-8232-9a39950d210b", "value": "6d99acea8323b8797560f7284607db08eca616d8" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-91a4-40ac-bb34-9a39950d210b", "value": "1884a05409c7ef877e0e1aaaec6bb9d59e065d7c" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-dbb4-4417-9505-9a39950d210b", "value": "1fc6fb0d35dcd0517c82adaef1a85ffe2afab4ee" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-c010-43b5-8ff4-9a39950d210b", "value": "5860c99e5065a414c91f51b9e8b779d10f40adc4" }, { "category": "Artifacts dropped", "comment": "Alternative Malware #2", "deleted": false, "disable_correlation": false, "timestamp": "1415914548", "to_ids": true, "type": "sha1", "uuid": "54652434-93d0-42fe-8bbe-9a39950d210b", "value": "7950d5b57fa651ca6fa9180e39b6e8cc1e65b746" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)", "deleted": false, "disable_correlation": false, "timestamp": "1455834419", "to_ids": true, "type": "md5", "uuid": "56c64533-4454-42f6-bcbb-59a3950d210f", "value": "b948c6616215ba79bc152e7eccc21044" }, { "category": "Artifacts dropped", "comment": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)", "deleted": false, "disable_correlation": false, "timestamp": "1455834421", "to_ids": true, "type": "md5", "uuid": "56c64535-5680-4596-8cec-59a2950d210f", "value": "d4c0390698f5332cc6e0f3fe611d1d38" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)", "deleted": false, "disable_correlation": false, "timestamp": "1455834424", "to_ids": true, "type": "md5", "uuid": "56c64538-d5a4-494e-bd85-4a96950d210f", "value": "66c411a966f01575c0ab39f197638e73" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)", "deleted": false, "disable_correlation": false, "timestamp": "1455834426", "to_ids": true, "type": "md5", "uuid": "56c6453a-ab4c-49b9-bafc-599c950d210f", "value": "4c184b9f897999b4daa4fbe2b023292e" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)", "deleted": false, "disable_correlation": false, "timestamp": "1455834428", "to_ids": true, "type": "md5", "uuid": "56c6453c-16fc-4833-b304-469e950d210f", "value": "18d7adcdade1942efd572ed5256a0d2e" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)", "deleted": false, "disable_correlation": false, "timestamp": "1455834431", "to_ids": true, "type": "md5", "uuid": "56c6453f-b078-46b4-a427-59a0950d210f", "value": "6f6eeade8fac2509b677a33c5c6b2628" }, { "category": "Payload delivery", "comment": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)", "deleted": false, "disable_correlation": false, "timestamp": "1455834435", "to_ids": true, "type": "md5", "uuid": "56c64543-2df0-4f2a-ab13-59a0950d210f", "value": "273e3694afb362d836fdeafa03921a19" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)", "deleted": false, "disable_correlation": false, "timestamp": "1455834420", "to_ids": true, "type": "sha256", "uuid": "56c64534-da74-4d4c-adb7-5ca1950d210f", "value": "baf81d98dcdd218ee1dd89610ec44cbfcc75667b11efb52987011b4f15202fb0" }, { "category": "Artifacts dropped", "comment": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)", "deleted": false, "disable_correlation": false, "timestamp": "1455834422", "to_ids": true, "type": "sha256", "uuid": "56c64536-cbb0-42f1-9383-c653950d210f", "value": "a623949b9624e1410fdb22e490d014cad175b98b758d786f50ed9edb2549607a" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)", "deleted": false, "disable_correlation": false, "timestamp": "1455834424", "to_ids": true, "type": "sha256", "uuid": "56c64538-e3dc-4ff0-8208-c651950d210f", "value": "38fea14bf5c8c6cd82b8f46a83389f2eab28ca6c007e887e14e9c37f688df762" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)", "deleted": false, "disable_correlation": false, "timestamp": "1455834427", "to_ids": true, "type": "sha256", "uuid": "56c6453b-8654-4926-b86a-59a0950d210f", "value": "0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)", "deleted": false, "disable_correlation": false, "timestamp": "1455834429", "to_ids": true, "type": "sha256", "uuid": "56c6453d-cb18-4837-976b-59a3950d210f", "value": "3c4d6ddfc047fccb21ae5e4294a195920bb35a21cf8cb795928c55d94233e7e9" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)", "deleted": false, "disable_correlation": false, "timestamp": "1455834432", "to_ids": true, "type": "sha256", "uuid": "56c64540-35b8-40fe-972a-59a1950d210f", "value": "d685fc5a95189c6cecfbdec160de75401161a959d8e98f00a75d3b89465ddd4e" }, { "category": "Payload delivery", "comment": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)", "deleted": false, "disable_correlation": false, "timestamp": "1455834436", "to_ids": true, "type": "sha256", "uuid": "56c64544-bb7c-4291-ae52-c651950d210f", "value": "97ada78fe46d46d9d640b34c2d66bd55ff5c543d99efe951ec489de7d5b3de1c" } ] } }