{ "Event": { "analysis": "2", "date": "2015-08-10", "extends_uuid": "", "info": "OSINT Darkhotel\u00e2\u20ac\u2122s attacks in 2015 by Kaspersky", "publish_timestamp": "1498162871", "published": true, "threat_level_id": "2", "timestamp": "1498162829", "uuid": "55c9108c-43b4-4b9e-8cfb-4837950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0fbf00", "name": "misp-galaxy:threat-actor=\"darkhotel\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241077", "to_ids": false, "type": "link", "uuid": "55c91375-73b4-4930-bd0a-40d6950d210b", "value": "https://securelist.com/blog/research/71713/darkhotels-attacks-in-2015/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241120", "to_ids": true, "type": "md5", "uuid": "55c913a0-1734-42af-bb25-80e8950d210b", "value": "021685613fb739dec7303247212c3b09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241121", "to_ids": true, "type": "md5", "uuid": "55c913a1-a6e8-433c-a1ef-80e8950d210b", "value": "1ee3dfce97ab318b416c1ba7463ee405" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241121", "to_ids": true, "type": "md5", "uuid": "55c913a1-1954-413d-abe6-80e8950d210b", "value": "2899f4099c76232d6362fd62ab730741" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241121", "to_ids": true, "type": "md5", "uuid": "55c913a1-8264-46d8-9e5b-80e8950d210b", "value": "2dee887b20a06b8e556e878c62e46e13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241121", "to_ids": true, "type": "md5", "uuid": "55c913a1-9c28-4bcf-993a-80e8950d210b", "value": "6b9e9b2dc97ff0b26a8a61ba95ca8ff6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241121", "to_ids": true, "type": "md5", "uuid": "55c913a1-4ea4-4d99-89c8-80e8950d210b", "value": "852a9411a949add69386a72805c8cb05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241122", "to_ids": true, "type": "md5", "uuid": "55c913a2-0f5c-43be-b081-80e8950d210b", "value": "be59994b5008a0be48934a9c5771dfa5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241122", "to_ids": true, "type": "md5", "uuid": "55c913a2-7f2c-4e41-855c-80e8950d210b", "value": "e29693ce15acd552f1a0435e2d31d6df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241122", "to_ids": true, "type": "md5", "uuid": "55c913a2-1e40-4f4d-a5e7-80e8950d210b", "value": "fa67142728e40a2a4e97ccc6db919f2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241122", "to_ids": true, "type": "md5", "uuid": "55c913a2-349c-4d44-bbf1-80e8950d210b", "value": "fef8fda27deb3e950ba1a71968ec7466" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241122", "to_ids": true, "type": "md5", "uuid": "55c913a2-a22c-4080-a9e5-80e8950d210b", "value": "5c74db6f755555ea99b51e1c68e796f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241123", "to_ids": true, "type": "md5", "uuid": "55c913a3-c8c8-4200-82c1-80e8950d210b", "value": "c3ae70b3012cc9b5c9ceb060a251715a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241123", "to_ids": true, "type": "md5", "uuid": "55c913a3-0d68-4af8-9b8b-80e8950d210b", "value": "560d68c31980c26d2adab7406b61c651" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241123", "to_ids": true, "type": "md5", "uuid": "55c913a3-42ec-45e3-82e2-80e8950d210b", "value": "da0717899e3ccc1ba0e8d32774566219" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241123", "to_ids": true, "type": "md5", "uuid": "55c913a3-c8bc-49a1-8a8d-80e8950d210b", "value": "d965a5b3548047da27b503029440e77f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241123", "to_ids": true, "type": "md5", "uuid": "55c913a3-56e4-48c8-baa5-80e8950d210b", "value": "dc0de14d9d36d13a6c8a34b2c583e70a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-6db4-47c5-8c12-80e8950d210b", "value": "39562e410bc3fb5a30aca8162b20bdd0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-1088-4bdb-ae28-80e8950d210b", "value": "e85e0365b6f77cc2e9862f987b152a89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-0d74-40b4-92a4-80e8950d210b", "value": "5e01b8bc78afc6ecb3376c06cbceb680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-cda8-4138-b885-80e8950d210b", "value": "61cc019c3141281073181c4ef1f4e524" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-78a0-47a3-8e73-80e8950d210b", "value": "3d2e941ac48ae9d79380ca0f133f4a49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241124", "to_ids": true, "type": "md5", "uuid": "55c913a4-9cb8-4fe6-83a2-80e8950d210b", "value": "fc78b15507e920b3ee405f843f48a7b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241125", "to_ids": true, "type": "md5", "uuid": "55c913a5-39bc-409d-8659-80e8950d210b", "value": "da360e94e60267dce08e6d47fc1fcecc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241125", "to_ids": true, "type": "md5", "uuid": "55c913a5-645c-4492-b5a1-80e8950d210b", "value": "33e278c5ba6bf1a545d45e17f7582512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241125", "to_ids": true, "type": "md5", "uuid": "55c913a5-20f8-420c-8699-80e8950d210b", "value": "b1f56a54309147b07dda54623fecbb89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241125", "to_ids": true, "type": "md5", "uuid": "55c913a5-f1d0-4af7-9b7f-80e8950d210b", "value": "009d85773d519a9a97129102d8116305" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241125", "to_ids": true, "type": "md5", "uuid": "55c913a5-58e8-4fa9-ac73-80e8950d210b", "value": "61637a0637fb25c53f396c305efa5dc5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241126", "to_ids": true, "type": "md5", "uuid": "55c913a6-4bf0-4f4d-99cf-80e8950d210b", "value": "a7e78fd4bf305509c2fc1b3706567acd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241126", "to_ids": true, "type": "url", "uuid": "55c913a6-3f24-4bea-813b-80e8950d210b", "value": "tisone360.com/img_h/ims2/icon.swf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241126", "to_ids": true, "type": "url", "uuid": "55c913a6-d320-4bbb-93f4-80e8950d210b", "value": "tisone360.com/img_h/ims2/1.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241126", "to_ids": true, "type": "url", "uuid": "55c913a6-24e0-42f6-8da7-80e8950d210b", "value": "tisone360.com/img_h/ims2/icon.jpg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241126", "to_ids": true, "type": "url", "uuid": "55c913a6-34ac-4b63-998d-80e8950d210b", "value": "tisone360.com/noname/img/movie.swf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-7ce0-46f1-a145-80e8950d210b", "value": "tisone360.com/noname/minky/face.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-5e7c-45a1-8df9-80e8950d210b", "value": "tisone360.com/htdoc/imageview.hta" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-4fd8-4d19-b7c1-80e8950d210b", "value": "tisone360.com/htdoc/page1/page.html" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-55d8-4b84-9e93-80e8950d210b", "value": "daily.enewsbank.net/wmpsrx64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-8660-4c32-b7a0-80e8950d210b", "value": "daily.enewsbank.net/newsviewer.hta" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241127", "to_ids": true, "type": "url", "uuid": "55c913a7-3fe8-4cf8-a86a-80e8950d210b", "value": "saytargetworld.net/season/nextpage.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241128", "to_ids": true, "type": "url", "uuid": "55c913a8-a800-419b-b488-80e8950d210b", "value": "sendspace.servermsys.com/wnctprx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241128", "to_ids": true, "type": "url", "uuid": "55c913a8-b128-4465-a2c9-80e8950d210b", "value": "error-page.net/update/load.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241128", "to_ids": true, "type": "url", "uuid": "55c913a8-cca8-4a36-a11f-80e8950d210b", "value": "photo.storyonboard.net/wmpsrx64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241128", "to_ids": true, "type": "url", "uuid": "55c913a8-1f84-4dc8-8c75-80e8950d210b", "value": "photo.storyonboard.net/photoviewer.hta" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241128", "to_ids": true, "type": "url", "uuid": "55c913a8-e548-4e4f-8c1d-80e8950d210b", "value": "photo.storyonboard.net/readme.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241129", "to_ids": true, "type": "url", "uuid": "55c913a9-3f60-491a-8976-80e8950d210b", "value": "unionnewsreport.net/aeroflot_bonus/ticket.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241129", "to_ids": true, "type": "url", "uuid": "55c913a9-4574-4206-94bf-80e8950d210b", "value": "www.openofficev.info/xopen88/office2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241129", "to_ids": true, "type": "url", "uuid": "55c913a9-7f48-4e22-9f68-80e8950d210b", "value": "www.openofficev.info/dec98/unzip.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241129", "to_ids": true, "type": "url", "uuid": "55c913a9-619c-4130-adf3-80e8950d210b", "value": "www.openofficev.info/open99/office32" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241129", "to_ids": true, "type": "url", "uuid": "55c913a9-ed3c-4b88-8586-80e8950d210b", "value": "www.openofficev.info/decod9/unzip.js" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439241173", "to_ids": false, "type": "text", "uuid": "55c913d5-7290-4d28-8ddd-e8f5950d210b", "value": "Dark Hotel" }, { "category": "Payload delivery", "comment": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)", "deleted": false, "disable_correlation": false, "timestamp": "1455857218", "to_ids": true, "type": "sha1", "uuid": "56c69e42-9dd4-42c7-bd76-c654950d210f", "value": "33911793dc1db6ea2f2271a3d4ef57a8f141abc1" }, { "category": "Payload delivery", "comment": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)", "deleted": false, "disable_correlation": false, "timestamp": "1455857222", "to_ids": true, "type": "sha1", "uuid": "56c69e46-f08c-43a8-9d0d-c653950d210f", "value": "a041c1ebd3851cd738ed8366feecb64ed180faa5" }, { "category": "Payload delivery", "comment": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)", "deleted": false, "disable_correlation": false, "timestamp": "1455857224", "to_ids": true, "type": "sha1", "uuid": "56c69e48-cef4-4e4e-9296-c654950d210f", "value": "cdaba7cea55bd490f9d152796db4c86d1d58d0da" }, { "category": "Payload delivery", "comment": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)", "deleted": false, "disable_correlation": false, "timestamp": "1455857226", "to_ids": true, "type": "sha1", "uuid": "56c69e4a-26c8-4500-82ba-c650950d210f", "value": "cfc9cf21598961be0a9598b61403e9206c24ea19" }, { "category": "Payload delivery", "comment": "Automatically added (via b1f56a54309147b07dda54623fecbb89)", "deleted": false, "disable_correlation": false, "timestamp": "1455857228", "to_ids": true, "type": "sha1", "uuid": "56c69e4c-9778-4b87-af14-59a0950d210f", "value": "c6e77cb10563d7c4dcb20d4c5a4ea16ef2f01ee8" }, { "category": "Payload delivery", "comment": "Automatically added (via dc0de14d9d36d13a6c8a34b2c583e70a)", "deleted": false, "disable_correlation": false, "timestamp": "1455857220", "to_ids": true, "type": "sha256", "uuid": "56c69e44-22ec-46fe-8fe9-5ca1950d210f", "value": "7c3193439b8490403d3d5608bc7b85482b408c38cfcfbc4dcf4142eb32c8a7e0" }, { "category": "Payload delivery", "comment": "Automatically added (via fc78b15507e920b3ee405f843f48a7b3)", "deleted": false, "disable_correlation": false, "timestamp": "1455857223", "to_ids": true, "type": "sha256", "uuid": "56c69e47-8ea4-4b1a-bdb7-4bea950d210f", "value": "bfaa6490bee525a9ea6671e3a3e1b7041f4cbdc4f37e401587101d649d8db810" }, { "category": "Payload delivery", "comment": "Automatically added (via da360e94e60267dce08e6d47fc1fcecc)", "deleted": false, "disable_correlation": false, "timestamp": "1455857225", "to_ids": true, "type": "sha256", "uuid": "56c69e49-804c-4755-9311-59a3950d210f", "value": "03607dbb3b2d164ee2e1fb8a399a044fb1867e63cc6d64b7cfa06331ad1eb3cb" }, { "category": "Payload delivery", "comment": "Automatically added (via 33e278c5ba6bf1a545d45e17f7582512)", "deleted": false, "disable_correlation": false, "timestamp": "1455857227", "to_ids": true, "type": "sha256", "uuid": "56c69e4b-9a70-45c1-b63b-5ca1950d210f", "value": "eca1437ededc3f8692516dc907a5bd4390bcc4be0ae65b5e261a1f5dd352d3ee" }, { "category": "Payload delivery", "comment": "Automatically added (via b1f56a54309147b07dda54623fecbb89)", "deleted": false, "disable_correlation": false, "timestamp": "1455857229", "to_ids": true, "type": "sha256", "uuid": "56c69e4d-35d4-485d-b591-599e950d210f", "value": "9d480e8dd52b18dae237e48d88a621fa209b6c2ed43cc261de6a5b30d8c56b11" } ] } }