{ "Event": { "analysis": "2", "date": "2016-08-04", "extends_uuid": "", "info": "OSINT - NANHAISHU RATing the South China Sea", "publish_timestamp": "1470319345", "published": true, "threat_level_id": "2", "timestamp": "1470319332", "uuid": "57a33020-bc70-4f69-96f9-118b950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "First seen 2015-01-13", "deleted": false, "disable_correlation": false, "timestamp": "1470319166", "to_ids": true, "type": "filename|sha1", "uuid": "57a34524-d4ac-4726-93e7-22a8950d210f", "value": "DOJ Staff bonus January 13, 2015.xls|a17769e8a2ac48f83076e3e1b6b24d71e6431d43" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07", "deleted": false, "disable_correlation": false, "timestamp": "1470319204", "to_ids": true, "type": "filename|sha1", "uuid": "57a34582-8218-4ef3-92aa-22a4950d210f", "value": "The draft Foley Hoag reform of the distribution of shares and the remuneration system.xls|c66165a2fda061a2dc6415b99668c0b802bb26a0" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27", "deleted": false, "disable_correlation": false, "timestamp": "1470319228", "to_ids": true, "type": "filename|sha1", "uuid": "57a34582-65fc-45a6-abff-22a4950d210f", "value": "Salary and Bonus Data.xls|da799a043e077fd7bde1eaa1a1fa32fd32bcfb25" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02", "deleted": false, "disable_correlation": false, "timestamp": "1470319245", "to_ids": true, "type": "filename|sha1", "uuid": "57a34583-b91c-42ae-973e-22a4950d210f", "value": "AELM Entertainment budget and Attendance allowance.xls|da3a8d1ea5b245f612da17ec7b252c45fd75adae" }, { "category": "Network activity", "comment": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43", "deleted": false, "disable_correlation": false, "timestamp": "1470318110", "to_ids": true, "type": "domain|ip", "uuid": "57a3461e-63e4-43aa-ba6d-22a4950d210f", "value": "mines.port0.org|54.87.87.13" }, { "category": "Network activity", "comment": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43", "deleted": false, "disable_correlation": false, "timestamp": "1470318111", "to_ids": true, "type": "domain|ip", "uuid": "57a3461f-38f0-4b14-a80b-22a4950d210f", "value": "mines.port0.org|103.238.224.218" }, { "category": "Network activity", "comment": "c66165a2fda061a2dc6415b99668c0b802bb26a0", "deleted": false, "disable_correlation": false, "timestamp": "1470318147", "to_ids": true, "type": "domain|ip", "uuid": "57a34643-5a6c-40e0-98e3-22a9950d210f", "value": "eholidays.mooo.com|54.87.87.13" }, { "category": "Network activity", "comment": "c66165a2fda061a2dc6415b99668c0b802bb26a0", "deleted": false, "disable_correlation": false, "timestamp": "1470318147", "to_ids": true, "type": "domain|ip", "uuid": "57a34643-c924-4e5a-903e-22a9950d210f", "value": "eholidays.mooo.com|103.238.224.218" }, { "category": "Network activity", "comment": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25", "deleted": false, "disable_correlation": false, "timestamp": "1470318398", "to_ids": true, "type": "domain|ip", "uuid": "57a3473e-0b34-46a7-a522-1cb7950d210f", "value": "humans.mooo.info|54.242.66.219" }, { "category": "Network activity", "comment": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25", "deleted": false, "disable_correlation": false, "timestamp": "1470318398", "to_ids": true, "type": "domain|ip", "uuid": "57a3473e-37b4-40a5-9930-1cb7950d210f", "value": "humans.mooo.info|103.238.224.218" }, { "category": "Network activity", "comment": "da3a8d1ea5b245f612da17ec7b252c45fd75adae", "deleted": false, "disable_correlation": false, "timestamp": "1470319000", "to_ids": true, "type": "domain|ip", "uuid": "57a34998-ba54-4cff-bf49-22ae950d210f", "value": "presentation.twilightparadox.com|64.62.189.196" }, { "category": "Network activity", "comment": "da3a8d1ea5b245f612da17ec7b252c45fd75adae", "deleted": false, "disable_correlation": false, "timestamp": "1470319000", "to_ids": true, "type": "domain|ip", "uuid": "57a34998-0918-41f5-8b46-22ae950d210f", "value": "presentation.twilightparadox.com|103.238.224.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319068", "to_ids": true, "type": "domain|ip", "uuid": "57a349dc-fad4-4d78-8806-22ae950d210f", "value": "mintty.ignorelist.com|64.62.189.221" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319068", "to_ids": true, "type": "domain|ip", "uuid": "57a349dc-d358-419b-a9d8-22ae950d210f", "value": "mintty.ignorelist.com|103.238.224.218" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319100", "to_ids": true, "type": "filename", "uuid": "57a349fc-40f8-4218-970f-22b3950d210f", "value": "%appdata%\\Microsoft\\Network\\network.js" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319100", "to_ids": true, "type": "filename", "uuid": "57a349fc-de7c-4f8a-9c75-22b3950d210f", "value": "%appdata%\\Microsoft\\Protect\\CRED" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319128", "to_ids": true, "type": "regkey", "uuid": "57a34a18-8724-4dd0-8e04-22b3950d210f", "value": "%regrun%\\network" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319128", "to_ids": true, "type": "regkey", "uuid": "57a34a18-7d8c-45de-a405-22b3950d210f", "value": "%regrun%\\protect" }, { "category": "External analysis", "comment": "External reference", "deleted": false, "disable_correlation": false, "timestamp": "1470319265", "to_ids": false, "type": "link", "uuid": "57a34aa1-1038-4900-952d-22b0950d210f", "value": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1470319304", "to_ids": false, "type": "link", "uuid": "57a34ac8-2f7c-40f0-87ed-118b950d210f", "value": "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae", "deleted": false, "disable_correlation": false, "timestamp": "1470319332", "to_ids": true, "type": "sha256", "uuid": "57a34ae4-6ec4-4df6-8404-22b402de0b81", "value": "b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae", "deleted": false, "disable_correlation": false, "timestamp": "1470319332", "to_ids": true, "type": "md5", "uuid": "57a34ae4-5750-4fc5-aa9f-22b402de0b81", "value": "97da0784fddfef932d7d31884f088b40" }, { "category": "External analysis", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae", "deleted": false, "disable_correlation": false, "timestamp": "1470319332", "to_ids": false, "type": "link", "uuid": "57a34ae4-12b8-4f62-ab4d-22b402de0b81", "value": "https://www.virustotal.com/file/b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6/analysis/1445948371/" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": true, "type": "sha256", "uuid": "57a34ae5-61ac-40c3-bbbf-22b402de0b81", "value": "fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": true, "type": "md5", "uuid": "57a34ae5-ae24-4413-8de2-22b402de0b81", "value": "e1f88bc02e9bd15cecc7ae97a009e0d2" }, { "category": "External analysis", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": false, "type": "link", "uuid": "57a34ae5-de80-4f90-99b7-22b402de0b81", "value": "https://www.virustotal.com/file/fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0/analysis/1455828112/" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": true, "type": "sha256", "uuid": "57a34ae5-2d0c-4bce-aeb9-22b402de0b81", "value": "e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca" }, { "category": "Payload delivery", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": true, "type": "md5", "uuid": "57a34ae5-4d90-4304-8b72-22b402de0b81", "value": "d1de5bf033ee31da7babc6fa270f55bb" }, { "category": "External analysis", "comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0", "deleted": false, "disable_correlation": false, "timestamp": "1470319333", "to_ids": false, "type": "link", "uuid": "57a34ae5-7574-446f-bed9-22b402de0b81", "value": "https://www.virustotal.com/file/e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca/analysis/1456251302/" }, { "category": "Payload delivery", "comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43", "deleted": false, "disable_correlation": false, "timestamp": "1470319334", "to_ids": true, "type": "sha256", "uuid": "57a34ae6-85e8-4129-851b-22b402de0b81", "value": "9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef" }, { "category": "Payload delivery", "comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43", "deleted": false, "disable_correlation": false, "timestamp": "1470319334", "to_ids": true, "type": "md5", "uuid": "57a34ae6-d5d4-4764-886b-22b402de0b81", "value": "c0326d13c9619ebf6ee302cebda6cbfe" }, { "category": "External analysis", "comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43", "deleted": false, "disable_correlation": false, "timestamp": "1470319334", "to_ids": false, "type": "link", "uuid": "57a34ae6-b7a0-49dd-a6fe-22b402de0b81", "value": "https://www.virustotal.com/file/9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef/analysis/1470315364/" } ] } }