{ "Event": { "analysis": "2", "date": "2015-06-15", "extends_uuid": "", "info": "OSINT Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 by Citizen Lab", "publish_timestamp": "1456870655", "published": true, "threat_level_id": "2", "timestamp": "1441971856", "uuid": "557fddba-87c0-4ac1-a79a-a56f950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "Original report", "deleted": false, "disable_correlation": false, "timestamp": "1434443390", "to_ids": false, "type": "link", "uuid": "557fddd3-8660-4fae-8afd-a54c950d210b", "value": "https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443239", "to_ids": false, "type": "vulnerability", "uuid": "557fdde7-a1b4-4353-8c55-9a18950d210b", "value": "CVE-2014-4114" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443289", "to_ids": true, "type": "email-src", "uuid": "557fde19-2370-42ff-b177-a578950d210b", "value": "tibet_net@yahoo.com.hk" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443350", "to_ids": true, "type": "md5", "uuid": "557fde56-f758-440f-ba85-a557950d210b", "value": "18bb1ce405e4abac4b0fc63054beac6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443350", "to_ids": true, "type": "md5", "uuid": "557fde56-2028-4b0e-b56a-a557950d210b", "value": "8a18a13910838d08e38db80a08e15bd5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443350", "to_ids": true, "type": "md5", "uuid": "557fde56-ee28-45c5-b529-a557950d210b", "value": "2a544922d3ece4351c1af4ca63c24550" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443377", "to_ids": false, "type": "link", "uuid": "557fde71-8300-4656-b6c1-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/c895d68a40b9a61dce6758f537a08a289dd4a392202e2d4e7635efb063d58d16/analysis/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443377", "to_ids": false, "type": "link", "uuid": "557fde71-0ee8-4703-89eb-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/45a4a937dd727dad29d46bceeb460bf24fd9f6df44f10692508fbd6ed2b7dfbd/analysis/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443377", "to_ids": false, "type": "link", "uuid": "557fde71-ef04-4184-8bac-a56f950d210b", "value": "https://www.virustotal.com/en-gb/file/ab118ff89762b8bd32f8bcb754bec06004604380b20349255bc637a197fa5f2d/analysis/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1434443424", "to_ids": true, "type": "hostname", "uuid": "557fdea0-24fc-4196-8d74-9a18950d210b", "value": "free1999.jkub.com" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443544", "to_ids": true, "type": "hostname", "uuid": "557fdf18-691c-46df-8ee6-a578950d210b", "value": "eset-windows.findhere.org" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443544", "to_ids": true, "type": "md5", "uuid": "557fdf18-a958-4c1c-a813-a578950d210b", "value": "705147c509206151c22515ef568bac51" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443544", "to_ids": true, "type": "hostname", "uuid": "557fdf18-8f2c-4fce-87f3-a578950d210b", "value": "dnsupdate.dynamic-dns.net" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443544", "to_ids": true, "type": "hostname", "uuid": "557fdf18-8dfc-4438-a5c7-a578950d210b", "value": "good.wha.la" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443544", "to_ids": true, "type": "md5", "uuid": "557fdf18-3280-4a48-94d3-a578950d210b", "value": "d7832e76ee2c5c48ae428e57599b589e" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443793", "to_ids": false, "type": "filename", "uuid": "557fe011-bc38-40b7-97e6-a557950d210b", "value": "Challenge.pps" }, { "category": "Artifacts dropped", "comment": "False Positive - F-Secure Antivirus executable", "deleted": false, "disable_correlation": false, "timestamp": "1441971856", "to_ids": false, "type": "filename", "uuid": "557fe012-b77c-4d62-8b0b-a557950d210b", "value": "fsavstrt.exe" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "md5", "uuid": "557fe012-ac0c-4808-89b7-a557950d210b", "value": "9459478ab9a9b996de683789f77b185c" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "filename", "uuid": "557fe012-3a7c-43b1-891d-a557950d210b", "value": "FSMA32.dll" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "md5", "uuid": "557fe012-83c8-45d9-98d0-a557950d210b", "value": "8432c77b12343d59d991b0d0e0c12f7d" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "filename", "uuid": "557fe012-3e5c-435e-843f-a557950d210b", "value": "FSMA32.dllfox" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "md5", "uuid": "557fe012-8ac8-4dd8-bd7a-a557950d210b", "value": "db5a9c790e909629aaf7079b6996861f" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "filename", "uuid": "557fe012-c6e4-462a-913f-a557950d210b", "value": "putty.gif.exe" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443794", "to_ids": true, "type": "md5", "uuid": "557fe012-5d90-484d-a016-a557950d210b", "value": "a990071b60046863c98bcf462fede77a" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "filename", "uuid": "557fe013-e694-4c28-b731-a557950d210b", "value": "H.H." }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "filename", "uuid": "557fe013-c4b4-4c17-bea2-a557950d210b", "value": "LAMA.pps" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "filename", "uuid": "557fe013-4b10-4e5c-bace-a557950d210b", "value": "SX.exe" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "md5", "uuid": "557fe013-3ed0-4a80-b8a2-a557950d210b", "value": "5730866b34ef589bd398c9a9b6d7e307" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "filename", "uuid": "557fe013-fd28-4c49-b39c-a557950d210b", "value": "SXLOC.dll" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "md5", "uuid": "557fe013-1d70-43aa-aab5-a557950d210b", "value": "d839691657ca814be13d5c9c6511d6b2" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443795", "to_ids": true, "type": "filename", "uuid": "557fe013-9898-4d44-ab23-a557950d210b", "value": "SXLOC.zap" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443796", "to_ids": true, "type": "md5", "uuid": "557fe014-4658-4ea7-af4d-a557950d210b", "value": "03c900a1b115e759b32e4172dec52aa2" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1434443796", "to_ids": true, "type": "filename", "uuid": "557fe014-be88-4162-8de2-a557950d210b", "value": "\u00e3\u20ac\u0152\u00e4\u00bd\u201d\u00e9\u00a0\u02dc\u00e4\u00b8\u00ad\u00e7\u2019\u00b0\u00e3\u20ac\u008d\u00e5\u00bc\u2022\u00e7\u2122\u00bc\u00e7\u02c6\u00ad\u00e8\u00ad\u00b0\u00e7\u0161\u201e\u00e8\u0192\u0152\u00e5\u00be\u0152.pps" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 9459478ab9a9b996de683789f77b185c)", "deleted": false, "disable_correlation": false, "timestamp": "1455841049", "to_ids": true, "type": "sha1", "uuid": "56c65f19-a4a8-4aba-97c5-5f51950d210f", "value": "c6d8eabea5bac84b90851c1a6e17c0c30bcf5c27" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)", "deleted": false, "disable_correlation": false, "timestamp": "1455841051", "to_ids": true, "type": "sha1", "uuid": "56c65f1b-65a4-469f-870a-4a61950d210f", "value": "62dbbcd115497a7bbbd4d1351d50a328914a8b26" }, { "category": "Artifacts dropped", "comment": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)", "deleted": false, "disable_correlation": false, "timestamp": "1455841054", "to_ids": true, "type": "sha1", "uuid": "56c65f1e-461c-4530-864e-458f950d210f", "value": "cd425ce7f3e4a823d9027780e1b439759c4dc665" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 9459478ab9a9b996de683789f77b185c)", "deleted": false, "disable_correlation": false, "timestamp": "1455841050", "to_ids": true, "type": "sha256", "uuid": "56c65f1a-dd00-494f-8ae5-c653950d210f", "value": "583c8920445feaf0a963fbd3ad8ad24fd9143941e4046cf376cfe08cb9137613" }, { "category": "Artifacts dropped", "comment": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)", "deleted": false, "disable_correlation": false, "timestamp": "1455841052", "to_ids": true, "type": "sha256", "uuid": "56c65f1c-0a5c-4bfa-8f6a-59a1950d210f", "value": "cbb1d6b3c76c77ce1c3397cd607a7642fcb703201b82e07704e7074061d86ea3" }, { "category": "Artifacts dropped", "comment": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)", "deleted": false, "disable_correlation": false, "timestamp": "1455841054", "to_ids": true, "type": "sha256", "uuid": "56c65f1e-afc8-469a-82e6-599c950d210f", "value": "5ff2bc7267759bde3c02e4c19b8c3144c43c4f7fc2c21f2d4f881ca0b821e00b" } ] } }