{ "Event": { "analysis": "2", "date": "2016-04-22", "extends_uuid": "", "info": "OSINT The Ghost Dragon by Cylance", "publish_timestamp": "1466374940", "published": true, "threat_level_id": "2", "timestamp": "1466374930", "uuid": "571bd702-031c-400b-a851-43ce02de0b81", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#ffffff", "name": "OSINT" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461442846", "to_ids": false, "type": "link", "uuid": "571bd91f-9188-41c4-be32-451e02de0b81", "value": "https://blog.cylance.com/the-ghost-dragon" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445671", "to_ids": true, "type": "sha256", "uuid": "571be427-a170-40cd-89dc-424802de0b81", "value": "a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445671", "to_ids": true, "type": "sha256", "uuid": "571be427-a4e0-405e-81a7-4cc502de0b81", "value": "71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445672", "to_ids": true, "type": "filename", "uuid": "571be428-1c90-44ba-b368-4cc302de0b81", "value": "AdobeWpkReg.tmp" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445738", "to_ids": true, "type": "url", "uuid": "571be428-a8d8-41f5-86fb-463102de0b81", "value": "http://info.winupdate.net/robots.txt" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445674", "to_ids": true, "type": "sha256", "uuid": "571be42a-dc8c-4b29-9f4b-4a3602de0b81", "value": "1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1466374930", "to_ids": false, "type": "filename", "uuid": "571be42b-0f40-467f-8224-41ed02de0b81", "value": "iconfig.exe" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445675", "to_ids": true, "type": "hostname", "uuid": "571be42b-d1c4-45f7-bdb5-44a002de0b81", "value": "bbs.winupdate.net" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445675", "to_ids": true, "type": "sha256", "uuid": "571be42b-8458-48cd-b651-407302de0b81", "value": "f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1466374929", "to_ids": false, "type": "filename", "uuid": "571be42c-f8b8-448f-a79a-47cb02de0b81", "value": "install.exe" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445676", "to_ids": true, "type": "hostname", "uuid": "571be42c-b8ec-40a1-b61b-45d002de0b81", "value": "ooxxxoo.gicp.net" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445677", "to_ids": true, "type": "hostname", "uuid": "571be42d-7360-4dc5-bf99-4daf02de0b81", "value": "www.winupdate.net" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445677", "to_ids": true, "type": "sha256", "uuid": "571be42d-f770-4152-b05b-436f02de0b81", "value": "99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445677", "to_ids": true, "type": "hostname", "uuid": "571be42d-4b98-4735-ad9a-49a902de0b81", "value": "www.searchhappynews.com" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445678", "to_ids": true, "type": "sha256", "uuid": "571be42e-2ea0-4e56-9f6d-44d702de0b81", "value": "b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1466374929", "to_ids": false, "type": "filename", "uuid": "571be42e-5c6c-417e-a3ce-411502de0b81", "value": "ExtensionManager.exe" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445678", "to_ids": true, "type": "hostname", "uuid": "571be42e-4bd8-43f3-9abe-476d02de0b81", "value": "www.fhtd.info" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445788", "to_ids": true, "type": "ip-dst", "uuid": "571be49c-3030-4fdf-a450-4a9902de0b81", "value": "122.10.18.166" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445788", "to_ids": true, "type": "ip-dst", "uuid": "571be49c-adf4-4c5c-95c8-4a9302de0b81", "value": "122.10.36.94" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445834", "to_ids": true, "type": "sha256", "uuid": "571be4ca-86cc-46a2-9850-473402de0b81", "value": "fb5a7cb34040b1e98b077edaf91cb59a446d8ff07263afe875cf6bd85bfb359d" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1466374930", "to_ids": false, "type": "filename", "uuid": "571be4ca-6358-4226-98e4-46e302de0b81", "value": "operas.exe" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1461445835", "to_ids": true, "type": "hostname", "uuid": "571be4cb-3094-4ac2-9f05-4bed02de0b81", "value": "www.swgabeg.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445880", "to_ids": true, "type": "ip-dst", "uuid": "571be4f8-d4b4-4fd4-bbd6-06e102de0b81", "value": "101.55.33.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445881", "to_ids": true, "type": "ip-dst", "uuid": "571be4f9-9774-41d2-aded-06e102de0b81", "value": "103.232.215.144" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445881", "to_ids": true, "type": "ip-dst", "uuid": "571be4f9-7740-4c83-9093-06e102de0b81", "value": "103.246.245.147" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445881", "to_ids": true, "type": "ip-dst", "uuid": "571be4f9-a1d0-4c09-84e5-06e102de0b81", "value": "111.68.8.130" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445882", "to_ids": true, "type": "ip-dst", "uuid": "571be4fa-461c-42e4-93fa-06e102de0b81", "value": "112.125.17.103" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445882", "to_ids": true, "type": "ip-dst", "uuid": "571be4fa-bb6c-49fb-b075-06e102de0b81", "value": "113.10.148.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445882", "to_ids": true, "type": "ip-dst", "uuid": "571be4fa-8a9c-4421-928c-06e102de0b81", "value": "113.10.148.205" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445883", "to_ids": true, "type": "ip-dst", "uuid": "571be4fb-8758-4049-9f58-06e102de0b81", "value": "122.10.41.85" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445883", "to_ids": true, "type": "ip-dst", "uuid": "571be4fb-7924-4c78-9e51-06e102de0b81", "value": "122.10.83.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445883", "to_ids": true, "type": "ip-dst", "uuid": "571be4fb-1f28-4329-bdae-06e102de0b81", "value": "122.10.85.35" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445884", "to_ids": true, "type": "ip-dst", "uuid": "571be4fc-d3f0-4d86-9ce1-06e102de0b81", "value": "122.9.247.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445884", "to_ids": true, "type": "ip-dst", "uuid": "571be4fc-81e0-4a36-a78f-06e102de0b81", "value": "122.9.247.134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445884", "to_ids": true, "type": "ip-dst", "uuid": "571be4fc-8adc-4e08-8124-06e102de0b81", "value": "122.9.247.216" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445885", "to_ids": true, "type": "ip-dst", "uuid": "571be4fd-032c-4978-8c75-06e102de0b81", "value": "122.9.247.56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445885", "to_ids": true, "type": "ip-dst", "uuid": "571be4fd-ae64-43a9-a7f6-06e102de0b81", "value": "123.254.111.87" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445885", "to_ids": true, "type": "ip-dst", "uuid": "571be4fd-5028-420b-86bf-06e102de0b81", "value": "142.4.103.90" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445886", "to_ids": true, "type": "ip-dst", "uuid": "571be4fe-d028-4b71-bd19-06e102de0b81", "value": "174.128.255.228" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445886", "to_ids": true, "type": "ip-dst", "uuid": "571be4fe-d204-4aeb-a607-06e102de0b81", "value": "175.45.192.234" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445886", "to_ids": true, "type": "ip-dst", "uuid": "571be4fe-75b8-4416-9a76-06e102de0b81", "value": "202.172.32.172" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445886", "to_ids": true, "type": "ip-dst", "uuid": "571be4fe-d334-47f4-95e0-06e102de0b81", "value": "202.174.130.116" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445887", "to_ids": true, "type": "ip-dst", "uuid": "571be4ff-58f4-4b7a-93f5-06e102de0b81", "value": "203.232.28.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445887", "to_ids": true, "type": "ip-dst", "uuid": "571be4ff-9ba0-467f-8a37-06e102de0b81", "value": "209.85.84.165" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445887", "to_ids": true, "type": "ip-dst", "uuid": "571be4ff-0b78-471f-986c-06e102de0b81", "value": "209.85.84.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445888", "to_ids": true, "type": "ip-dst", "uuid": "571be500-b3f4-499b-aa45-06e102de0b81", "value": "31.170.179.179" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445888", "to_ids": true, "type": "ip-dst", "uuid": "571be500-f398-4261-8b04-06e102de0b81", "value": "58.64.187.22" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445888", "to_ids": true, "type": "ip-dst", "uuid": "571be500-3f24-47ca-999e-06e102de0b81", "value": "60.215.128.246" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445889", "to_ids": true, "type": "ip-dst", "uuid": "571be501-6ec8-4744-97ef-06e102de0b81", "value": "64.111.220.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445914", "to_ids": true, "type": "hostname", "uuid": "571be51a-ff48-497d-9d1b-43d402de0b81", "value": "info.winupdate.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445937", "to_ids": true, "type": "domain", "uuid": "571be531-44f8-4a0b-bb88-4c7f02de0b81", "value": "winupdate.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445938", "to_ids": true, "type": "domain", "uuid": "571be532-e580-47e0-9962-401002de0b81", "value": "searchhappynews.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445938", "to_ids": true, "type": "domain", "uuid": "571be532-8338-4447-84e3-46b002de0b81", "value": "fhtd.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461445938", "to_ids": true, "type": "domain", "uuid": "571be532-cf9c-4853-ae92-481602de0b81", "value": "swgabeg.com" }, { "category": "Payload delivery", "comment": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)", "deleted": false, "disable_correlation": false, "timestamp": "1461446330", "to_ids": true, "type": "md5", "uuid": "571be6ba-4950-4c42-9a39-4478950d210f", "value": "ba6eaf301344de6fe1e079fa960bc698" }, { "category": "Payload delivery", "comment": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)", "deleted": false, "disable_correlation": false, "timestamp": "1461446334", "to_ids": true, "type": "md5", "uuid": "571be6be-69bc-41f9-8d52-458a950d210f", "value": "b0a2c91d85195a72f86399590ac2c549" }, { "category": "Payload delivery", "comment": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)", "deleted": false, "disable_correlation": false, "timestamp": "1461446332", "to_ids": true, "type": "sha1", "uuid": "571be6bc-b398-4413-b63a-4735950d210f", "value": "c0eea2b52460d5fef1c4c439c56cf51ea74b5abd" }, { "category": "Payload delivery", "comment": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)", "deleted": false, "disable_correlation": false, "timestamp": "1461446335", "to_ids": true, "type": "sha1", "uuid": "571be6bf-6840-4bec-a572-43ba950d210f", "value": "63323dc4bfa47548317a19ae52d6f179f807bba0" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5", "deleted": false, "disable_correlation": false, "timestamp": "1461565682", "to_ids": true, "type": "sha1", "uuid": "571db8f2-77a0-4e9f-9d8c-414802de0b81", "value": "f24a47d4d197b06331aa9c86b915799d0ad9c8c9" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5", "deleted": false, "disable_correlation": false, "timestamp": "1461565682", "to_ids": true, "type": "md5", "uuid": "571db8f2-3bd0-4b0b-a56a-45ab02de0b81", "value": "8b4b1c933f5f7b47e3c2a9da35fb7dc3" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565683", "to_ids": false, "type": "link", "uuid": "571db8f3-45c8-4d16-bbc3-494a02de0b81", "value": "https://www.virustotal.com/file/b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5/analysis/1376040471/" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2", "deleted": false, "disable_correlation": false, "timestamp": "1461565683", "to_ids": true, "type": "sha1", "uuid": "571db8f3-cf1c-45bb-b8c8-4ba802de0b81", "value": "83fe6ace20b721a67d7bf6090d78a053b24d0d06" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2", "deleted": false, "disable_correlation": false, "timestamp": "1461565683", "to_ids": true, "type": "md5", "uuid": "571db8f3-1fc8-4824-b761-4ec402de0b81", "value": "8f513ea6bbfb8b6a439eef9b68aca11c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565684", "to_ids": false, "type": "link", "uuid": "571db8f4-c7b0-47bb-a1e8-4f1802de0b81", "value": "https://www.virustotal.com/file/99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2/analysis/1423637719/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565684", "to_ids": false, "type": "link", "uuid": "571db8f4-f494-48ea-8383-454102de0b81", "value": "https://www.virustotal.com/file/f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197/analysis/1453437365/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565685", "to_ids": false, "type": "link", "uuid": "571db8f5-e1b8-4a2f-82fb-48b802de0b81", "value": "https://www.virustotal.com/file/1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42/analysis/1455814047/" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97", "deleted": false, "disable_correlation": false, "timestamp": "1461565685", "to_ids": true, "type": "sha1", "uuid": "571db8f5-feb8-4fe4-a3c9-403902de0b81", "value": "4e93941aa05dd908e7cd7bfa6f8ca7b446e7b6f7" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97", "deleted": false, "disable_correlation": false, "timestamp": "1461565686", "to_ids": true, "type": "md5", "uuid": "571db8f6-c8f8-4236-8f17-4c3002de0b81", "value": "1a7772d0fbedf103e4f21d949392a34b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565686", "to_ids": false, "type": "link", "uuid": "571db8f6-3730-42a3-9b88-416102de0b81", "value": "https://www.virustotal.com/file/71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97/analysis/1445871730/" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67", "deleted": false, "disable_correlation": false, "timestamp": "1461565686", "to_ids": true, "type": "sha1", "uuid": "571db8f6-3758-426d-acc0-4a8b02de0b81", "value": "c17a9c6841c554ebc5273ff021f5aed5c76920c9" }, { "category": "Payload delivery", "comment": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67", "deleted": false, "disable_correlation": false, "timestamp": "1461565687", "to_ids": true, "type": "md5", "uuid": "571db8f7-8c74-46ad-893b-4eff02de0b81", "value": "0875cf64928da6c9b365384e6dbb3c33" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461565687", "to_ids": false, "type": "link", "uuid": "571db8f7-0858-4cab-849d-4e7702de0b81", "value": "https://www.virustotal.com/file/a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67/analysis/1432189489/" } ] } }