{ "Event": { "analysis": "2", "date": "2015-10-16", "extends_uuid": "", "info": "OSINT Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites by Citizen Labs", "publish_timestamp": "1445418271", "published": true, "threat_level_id": "2", "timestamp": "1450794987", "uuid": "56240d98-a524-4386-8e43-8371950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203375", "to_ids": false, "type": "link", "uuid": "56240daf-5e40-4631-8a88-4416950d210b", "value": "https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203458", "to_ids": true, "type": "hostname", "uuid": "56240e02-0950-47e9-a84e-8371950d210b", "value": "usafbi.websecexp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203458", "to_ids": true, "type": "hostname", "uuid": "56240e02-e808-4cb8-814b-8371950d210b", "value": "usacia.websecexp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203459", "to_ids": true, "type": "hostname", "uuid": "56240e03-aeac-42f9-a84b-8371950d210b", "value": "webhttps.websecexp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203459", "to_ids": true, "type": "hostname", "uuid": "56240e03-3c84-470b-842a-8371950d210b", "value": "appeur.gnway.cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203544", "to_ids": true, "type": "md5", "uuid": "56240e58-8374-4e94-a379-985e950d210b", "value": "884d46c01c762ad6ddd2759fd921bf71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203545", "to_ids": true, "type": "hostname", "uuid": "56240e59-ebcc-4a9a-a330-985e950d210b", "value": "t2.mailsecurityservice.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203545", "to_ids": true, "type": "hostname", "uuid": "56240e59-a624-435b-b7ef-985e950d210b", "value": "t1.mailsecurityservice.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203545", "to_ids": true, "type": "ip-dst", "uuid": "56240e59-e278-45da-a1b4-985e950d210b", "value": "118.193.212.98" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203546", "to_ids": true, "type": "md5", "uuid": "56240e5a-b864-4d11-b021-985e950d210b", "value": "15c926d2602f65be0de65fa9c06aa6c6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203546", "to_ids": true, "type": "url", "uuid": "56240e5a-2900-4ca4-aa61-985e950d210b", "value": "http://client.mailsecurityservice.com/viewclient/connect.php?n=zxishanchu1106.exe." }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445417831", "to_ids": true, "type": "ip-dst", "uuid": "56240eb7-8e04-40b4-97c2-7dd1950d210b", "value": "198.44.190.85" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203640", "to_ids": true, "type": "domain", "uuid": "56240eb8-0958-41fa-ab85-7dd1950d210b", "value": "mailsecurityservice.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203640", "to_ids": true, "type": "domain", "uuid": "56240eb8-e438-4d89-8c76-7dd1950d210b", "value": "iyouthen.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445418249", "to_ids": true, "type": "ip-dst", "uuid": "56240eb9-ac80-46dd-a90e-7dd1950d210b", "value": "103.20.222.244" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203641", "to_ids": true, "type": "hostname", "uuid": "56240eb9-608c-4b5d-aa05-7dd1950d210b", "value": "gmail.iyouthen.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203642", "to_ids": true, "type": "ip-dst", "uuid": "56240eba-d774-4119-b2d1-7dd1950d210b", "value": "59.44.49.88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445203642", "to_ids": true, "type": "md5", "uuid": "56240eba-cea4-4d24-8d86-7dd1950d210b", "value": "53f81415ccedf453d6e3ebcdc142b966" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358836", "to_ids": true, "type": "md5", "uuid": "56266cf4-7bbc-4601-9b87-771f950d210b", "value": "56f0e67d981024ddcc215543698f44fb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358837", "to_ids": true, "type": "sha1", "uuid": "56266cf5-5d00-47a7-b5c0-771f950d210b", "value": "bfaebb3e8a6768a2a5785ffa8dbb16cab43ba560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358837", "to_ids": true, "type": "sha256", "uuid": "56266cf5-767c-4172-8a63-771f950d210b", "value": "30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358838", "to_ids": true, "type": "md5", "uuid": "56266cf6-fc08-4dfe-8cb6-771f950d210b", "value": "c4c147bdfddffec2eea6bf99661e69ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358838", "to_ids": true, "type": "md5", "uuid": "56266cf6-41c4-44b4-a591-771f950d210b", "value": "7e0081fba718fcd71753d3199a290f03" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358838", "to_ids": true, "type": "md5", "uuid": "56266cf6-1c00-4670-907b-771f950d210b", "value": "6701662097e274f3cd089ceec35471d2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358839", "to_ids": true, "type": "md5", "uuid": "56266cf7-da80-4dc4-9132-771f950d210b", "value": "699b3d90b050cae37f65c855ec7f616a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358839", "to_ids": true, "type": "md5", "uuid": "56266cf7-e870-453d-8a9a-771f950d210b", "value": "5710d567d98a8f4a6682859ce3a35336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445358840", "to_ids": true, "type": "md5", "uuid": "56266cf8-5e70-4f2e-8240-771f950d210b", "value": "49ceba3347d39870f15f2ab0391af234" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1445418264", "to_ids": false, "type": "link", "uuid": "56275518-82a4-42d4-b18a-4498950d210b", "value": "https://passivetotal.org/passive/103.20.222.244" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794987", "to_ids": true, "type": "link", "uuid": "56795feb-2f6c-419e-9ed4-45bd950d210f", "value": "https://www.virustotal.com/file/30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf/analysis/1447248301/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336", "deleted": false, "disable_correlation": false, "timestamp": "1450794987", "to_ids": true, "type": "sha256", "uuid": "56795feb-f20c-45cd-a22a-4db1950d210f", "value": "44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336", "deleted": false, "disable_correlation": false, "timestamp": "1450794988", "to_ids": true, "type": "sha1", "uuid": "56795fec-2cb0-4de1-a7c0-42d7950d210f", "value": "355e7fd36a18253358e6175842c7309f79629570" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794988", "to_ids": true, "type": "link", "uuid": "56795fec-abfc-48ce-894e-4347950d210f", "value": "https://www.virustotal.com/file/44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6/analysis/1447876975/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03", "deleted": false, "disable_correlation": false, "timestamp": "1450794988", "to_ids": true, "type": "sha256", "uuid": "56795fec-0150-4dbc-ac02-422b950d210f", "value": "d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03", "deleted": false, "disable_correlation": false, "timestamp": "1450794988", "to_ids": true, "type": "sha1", "uuid": "56795fec-7e3c-478a-a737-45fb950d210f", "value": "4d994872ad4032282d140ac0a19844de6f252141" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794989", "to_ids": true, "type": "link", "uuid": "56795fed-cb88-486d-b125-4cc8950d210f", "value": "https://www.virustotal.com/file/d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f/analysis/1438899341/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee", "deleted": false, "disable_correlation": false, "timestamp": "1450794989", "to_ids": true, "type": "sha256", "uuid": "56795fed-25fc-46f2-80d4-4fe3950d210f", "value": "365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee", "deleted": false, "disable_correlation": false, "timestamp": "1450794989", "to_ids": true, "type": "sha1", "uuid": "56795fed-c0e0-4847-a03d-4fde950d210f", "value": "926b3576e75b49169e4fec6cbd070f02c8f33ed0" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794990", "to_ids": true, "type": "link", "uuid": "56795fee-8410-463e-ae7e-4d19950d210f", "value": "https://www.virustotal.com/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/analysis/1445244286/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6", "deleted": false, "disable_correlation": false, "timestamp": "1450794990", "to_ids": true, "type": "sha256", "uuid": "56795fee-83a4-4b57-b858-4018950d210f", "value": "2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6", "deleted": false, "disable_correlation": false, "timestamp": "1450794990", "to_ids": true, "type": "sha1", "uuid": "56795fee-d458-46aa-ac57-4785950d210f", "value": "3425cdc99e28661d6c510a5167488ce0a6952b6a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794990", "to_ids": true, "type": "link", "uuid": "56795fee-5084-4386-999a-4445950d210f", "value": "https://www.virustotal.com/file/2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79/analysis/1442294210/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71", "deleted": false, "disable_correlation": false, "timestamp": "1450794991", "to_ids": true, "type": "sha256", "uuid": "56795fef-dd6c-4d72-9a96-48fe950d210f", "value": "3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71", "deleted": false, "disable_correlation": false, "timestamp": "1450794991", "to_ids": true, "type": "sha1", "uuid": "56795fef-89cc-4dbc-86ff-435d950d210f", "value": "d201b130232e0ea411daa23c1ba2892fe6468712" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1450794991", "to_ids": true, "type": "link", "uuid": "56795fef-a068-4e7c-82ad-47fb950d210f", "value": "https://www.virustotal.com/file/3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe/analysis/1450088702/" } ] } }