{ "Event": { "analysis": "2", "date": "2016-08-16", "extends_uuid": "", "info": "OSINT Aveo Malware Family Targets Japanese Speaking Users by Palo Alto networks Unit 42", "publish_timestamp": "1471522219", "published": true, "threat_level_id": "3", "timestamp": "1471522208", "uuid": "57b5a32c-b744-4674-b727-4cb2950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471521588", "to_ids": false, "type": "link", "uuid": "57b5a334-12c8-43b0-9987-40bb950d210f", "value": "http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521782", "to_ids": true, "type": "domain", "uuid": "57b5a3f6-4250-4f13-bdbc-4045950d210f", "value": "europcubit.com" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521782", "to_ids": true, "type": "domain", "uuid": "57b5a3f6-d374-4e7c-8bb2-47be950d210f", "value": "snoozetime.info" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521782", "to_ids": true, "type": "domain", "uuid": "57b5a3f6-53a4-4f28-a14d-4fb0950d210f", "value": "bluepaint.info" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521783", "to_ids": true, "type": "domain", "uuid": "57b5a3f7-50a4-4ed4-b5e7-40dc950d210f", "value": "7b7p.info" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521783", "to_ids": true, "type": "domain", "uuid": "57b5a3f7-284c-48ee-b5d7-4d04950d210f", "value": "coinpack.info" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521783", "to_ids": true, "type": "domain", "uuid": "57b5a3f7-6384-4a06-88c2-4677950d210f", "value": "donkeyhaws.info" }, { "category": "Attribution", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471522197", "to_ids": true, "type": "whois-registrant-email", "uuid": "57b5a3f7-d260-4d69-a44f-4d42950d210f", "value": "jhmiyh.ny@gmail.com" }, { "category": "Attribution", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471522182", "to_ids": true, "type": "whois-registrant-email", "uuid": "57b5a3f7-0fe0-4118-be05-4b20950d210f", "value": "jack.ondo@mail.com" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521784", "to_ids": true, "type": "sha256", "uuid": "57b5a3f8-6bb4-4f2e-9744-42e3950d210f", "value": "8101c298a33d91a985a5150d0254cf426601e4632250f5a03ddac39375e7fb4d" }, { "category": "Payload delivery", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521784", "to_ids": true, "type": "sha256", "uuid": "57b5a3f8-0158-4e04-888b-4a5f950d210f", "value": "9dccfdd2a503ef8614189225bbbac11ee6027590c577afcaada7e042e18625e2" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521784", "to_ids": true, "type": "ip-dst", "uuid": "57b5a3f8-6578-4eee-9848-4f33950d210f", "value": "50.63.202.38" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521784", "to_ids": true, "type": "ip-dst", "uuid": "57b5a3f8-4a80-4250-9044-475c950d210f", "value": "104.202.173.82" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1471521784", "to_ids": true, "type": "ip-dst", "uuid": "57b5a3f8-6df8-47ac-9070-4d19950d210f", "value": "107.180.36.179" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471521836", "to_ids": true, "type": "filename", "uuid": "57b5a42c-edac-460b-b68e-4a82950d210f", "value": "%APPDATA%\\MMC\\MMC.exe" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471521837", "to_ids": true, "type": "filename", "uuid": "57b5a42d-b8cc-47db-9689-4574950d210f", "value": "%TEMP%\\MMC\\MMC.exe" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471522208", "to_ids": true, "type": "whois-registrant-email", "uuid": "57b5a5a0-ec2c-4b4f-961d-49f1950d210f", "value": "844148030@qq.com" } ] } }