{ "Event": { "analysis": "2", "date": "2015-08-24", "extends_uuid": "", "info": "OSINT New activity of the Blue Termite APT by AlienVault", "publish_timestamp": "1498162738", "published": true, "threat_level_id": "2", "timestamp": "1498162710", "uuid": "55db9387-6a70-4fdd-8fee-6e76950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:threat-actor=\"Blue Termite\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440453535", "to_ids": false, "type": "link", "uuid": "55db939f-46d4-4867-9d87-6070950d210b", "value": "https://otx.alienvault.com/pulse/55db51554637f21c54c19363/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440453545", "to_ids": false, "type": "text", "uuid": "55db93a9-df84-40b7-89e1-4c28950d210b", "value": "Blue Termite" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485889", "to_ids": false, "type": "vulnerability", "uuid": "55dc1201-38e4-424b-b789-44a1950d210b", "value": "CVE-2015-5119" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485907", "to_ids": true, "type": "md5", "uuid": "55dc1213-5904-442e-9cba-449a950d210b", "value": "07aa0340ec0bfbb2e59f1cc50382c055" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485907", "to_ids": true, "type": "md5", "uuid": "55dc1213-463c-4c3d-96a1-4119950d210b", "value": "23f23e1345f6bc70af34604246d6300d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485907", "to_ids": true, "type": "md5", "uuid": "55dc1213-0e34-4583-ad80-47c6950d210b", "value": "302fbe13736403921ad7f9d310d7beb2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485908", "to_ids": true, "type": "md5", "uuid": "55dc1214-c82c-4aef-afe6-445f950d210b", "value": "3b42577bbd602934a728744f242ffe26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485908", "to_ids": true, "type": "md5", "uuid": "55dc1214-6018-4397-8532-4edd950d210b", "value": "438a3b6783fb290197d3023ce441229c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485908", "to_ids": true, "type": "md5", "uuid": "55dc1214-67b0-48ab-8eda-4aa6950d210b", "value": "512d93c711f006891cbc124392c2e8d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485908", "to_ids": true, "type": "md5", "uuid": "55dc1214-b0cc-44ec-bf92-48ae950d210b", "value": "8cc0f235189efcf3fe1c4ccc7527fcfc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485908", "to_ids": true, "type": "md5", "uuid": "55dc1214-6ba8-478a-96b6-432b950d210b", "value": "a421f5145eae2c68950cc3174e88870f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485909", "to_ids": true, "type": "md5", "uuid": "55dc1215-5360-40c9-8525-47a6950d210b", "value": "b3bc4b5f17fd5f87ec3714c6587f6906" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485909", "to_ids": true, "type": "md5", "uuid": "55dc1215-ebe4-4e89-9dd3-4c54950d210b", "value": "bb3f0ad472aac26ae6dc8c0e7969cc30" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485909", "to_ids": true, "type": "md5", "uuid": "55dc1215-82c0-4ed3-93d5-401c950d210b", "value": "f07216c34689a9104b29bbdcba17325f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485909", "to_ids": true, "type": "md5", "uuid": "55dc1215-51dc-4c23-bd6e-4cb7950d210b", "value": "f46019f795bd721262dc69988d7e53bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485909", "to_ids": true, "type": "md5", "uuid": "55dc1215-1d90-4dec-b586-4093950d210b", "value": "f60cdde57bd9ca9412c32a08ef068abc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "md5", "uuid": "55dc1216-0044-43e7-84e4-4d1e950d210b", "value": "f8d9af763e64c420ffa6e8930727f779" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "url", "uuid": "55dc1216-f97c-481a-ac7a-41b1950d210b", "value": "http://www.ishopsg.com/sites.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "url", "uuid": "55dc1216-32a0-403b-88c9-4635950d210b", "value": "http://www.motoavanti.com/shinyo/backup/look/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "url", "uuid": "55dc1216-cad4-49e4-b6f0-4fe1950d210b", "value": "http://www.n-fit-sub.com/ec/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "url", "uuid": "55dc1216-bd24-4e15-b0d9-40c2950d210b", "value": "http://www.nichiiko-golf.com/news/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485910", "to_ids": true, "type": "url", "uuid": "55dc1216-b3e0-49c8-85dd-4a7d950d210b", "value": "http://www.pikogrm.jp/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440485911", "to_ids": true, "type": "url", "uuid": "55dc1217-4ed0-40c0-ac32-43db950d210b", "value": "http://www.upgs.com/css/bin/index.php" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc", "deleted": false, "disable_correlation": false, "timestamp": "1440487779", "to_ids": true, "type": "sha256", "uuid": "55dc1963-4b34-418d-810c-4593950d210b", "value": "e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f60cdde57bd9ca9412c32a08ef068abc", "deleted": false, "disable_correlation": false, "timestamp": "1440487780", "to_ids": true, "type": "sha1", "uuid": "55dc1964-e2e0-40b6-ae55-4c42950d210b", "value": "3573a9d03211e3935a48a947d1152d7611539f68" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487780", "to_ids": false, "type": "link", "uuid": "55dc1964-98c0-4a77-a6f5-40ed950d210b", "value": "https://www.virustotal.com/file/e03e6f7d98b214b5051b7484e4099ce5bd8c46e49faf44002c8ba146977127ef/analysis/1436519315/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc", "deleted": false, "disable_correlation": false, "timestamp": "1440487780", "to_ids": true, "type": "sha256", "uuid": "55dc1964-58c8-4161-99cb-4c74950d210b", "value": "e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f46019f795bd721262dc69988d7e53bc", "deleted": false, "disable_correlation": false, "timestamp": "1440487780", "to_ids": true, "type": "sha1", "uuid": "55dc1964-f858-4bf8-aad7-4667950d210b", "value": "de51aa21847c1268a708351992a0f95b9a823ffb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487780", "to_ids": false, "type": "link", "uuid": "55dc1964-2ac0-4644-8fde-49ab950d210b", "value": "https://www.virustotal.com/file/e9302fe774e22e2b34a395f8e56c6976fe354bb88b5dcfda4ee36984eebd9340/analysis/1439629438/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30", "deleted": false, "disable_correlation": false, "timestamp": "1440487781", "to_ids": true, "type": "sha256", "uuid": "55dc1965-5a00-4e1e-9400-41e7950d210b", "value": "e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: bb3f0ad472aac26ae6dc8c0e7969cc30", "deleted": false, "disable_correlation": false, "timestamp": "1440487781", "to_ids": true, "type": "sha1", "uuid": "55dc1965-9a94-4135-ad58-4e79950d210b", "value": "7e8c4127902dbb0fd3f714d2e6b50acc57d4fcc1" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487781", "to_ids": false, "type": "link", "uuid": "55dc1965-77a8-44c5-be6c-4b02950d210b", "value": "https://www.virustotal.com/file/e919ae6a3bdc6abe6b695215a53b74072a39b86757e049f930866b3f69000957/analysis/1440461268/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906", "deleted": false, "disable_correlation": false, "timestamp": "1440487781", "to_ids": true, "type": "sha256", "uuid": "55dc1965-e704-4cf0-89c1-40c4950d210b", "value": "dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: b3bc4b5f17fd5f87ec3714c6587f6906", "deleted": false, "disable_correlation": false, "timestamp": "1440487781", "to_ids": true, "type": "sha1", "uuid": "55dc1965-1fb4-4bac-9e22-40c8950d210b", "value": "07aba67978294a8757bb58fd99f8e1fa151fc348" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487782", "to_ids": false, "type": "link", "uuid": "55dc1966-d0d0-4eb4-b38f-458c950d210b", "value": "https://www.virustotal.com/file/dc3c90084e8c47414ccb17fd70d3c2b051a293efcc29dc57a6d273293e0001ec/analysis/1440387368/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f", "deleted": false, "disable_correlation": false, "timestamp": "1440487782", "to_ids": true, "type": "sha256", "uuid": "55dc1966-ca20-40fc-9581-4052950d210b", "value": "f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: a421f5145eae2c68950cc3174e88870f", "deleted": false, "disable_correlation": false, "timestamp": "1440487782", "to_ids": true, "type": "sha1", "uuid": "55dc1966-f1e4-423c-9c3f-4e7b950d210b", "value": "5c9b84f587cd1a79caae46d9b7cee30c4857f4a2" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487782", "to_ids": false, "type": "link", "uuid": "55dc1966-3338-4325-8bb7-400e950d210b", "value": "https://www.virustotal.com/file/f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051/analysis/1438873061/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc", "deleted": false, "disable_correlation": false, "timestamp": "1440487782", "to_ids": true, "type": "sha256", "uuid": "55dc1966-b224-4fa7-b241-42dc950d210b", "value": "6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 8cc0f235189efcf3fe1c4ccc7527fcfc", "deleted": false, "disable_correlation": false, "timestamp": "1440487783", "to_ids": true, "type": "sha1", "uuid": "55dc1967-b370-4622-b41b-4604950d210b", "value": "cdbbcd70452fd84fe4612a7fe2208077fb8fa8ee" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487783", "to_ids": false, "type": "link", "uuid": "55dc1967-deec-4044-b468-4e83950d210b", "value": "https://www.virustotal.com/file/6aed51b108d9f9f197842e17b0f58d4dec3709ca1eae4d42146d0bba0c145eaf/analysis/1437032832/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c", "deleted": false, "disable_correlation": false, "timestamp": "1440487783", "to_ids": true, "type": "sha256", "uuid": "55dc1967-5cd0-4fb1-a672-4a35950d210b", "value": "85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 438a3b6783fb290197d3023ce441229c", "deleted": false, "disable_correlation": false, "timestamp": "1440487783", "to_ids": true, "type": "sha1", "uuid": "55dc1967-acbc-482c-abeb-42b8950d210b", "value": "dfd74765a126a0fff4122d9b101720e148c179cb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487783", "to_ids": false, "type": "link", "uuid": "55dc1967-fa48-4bc8-9350-494f950d210b", "value": "https://www.virustotal.com/file/85a5b524a07d2a37e56876495c1a3a67a1217998a45283fe87f4ab1f97f6a973/analysis/1437031062/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2", "deleted": false, "disable_correlation": false, "timestamp": "1440487784", "to_ids": true, "type": "sha256", "uuid": "55dc1968-7b38-4679-b642-4b15950d210b", "value": "008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 302fbe13736403921ad7f9d310d7beb2", "deleted": false, "disable_correlation": false, "timestamp": "1440487784", "to_ids": true, "type": "sha1", "uuid": "55dc1968-8f2c-47fd-8709-4a35950d210b", "value": "d87315166be5e3aa2d0962563e0b2edaf371d959" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487784", "to_ids": false, "type": "link", "uuid": "55dc1968-7d4c-4456-b885-446b950d210b", "value": "https://www.virustotal.com/file/008f4f14cf64dc9d323b6cb5942da4a99979c4c7d750ec1228d8c8285883771e/analysis/1438870784/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d", "deleted": false, "disable_correlation": false, "timestamp": "1440487784", "to_ids": true, "type": "sha256", "uuid": "55dc1968-500c-47f7-95e9-42d7950d210b", "value": "a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 23f23e1345f6bc70af34604246d6300d", "deleted": false, "disable_correlation": false, "timestamp": "1440487785", "to_ids": true, "type": "sha1", "uuid": "55dc1969-fa74-4784-b76c-414e950d210b", "value": "26fc5977b2d235e36b084e2f5b2c1cb23ea834be" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487785", "to_ids": false, "type": "link", "uuid": "55dc1969-6bb8-4c62-bc9f-4c09950d210b", "value": "https://www.virustotal.com/file/a1fa7c5216737e96359452dcbf121afc251b225abd00f6a464392591caaf52e1/analysis/1436513718/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055", "deleted": false, "disable_correlation": false, "timestamp": "1440487785", "to_ids": true, "type": "sha256", "uuid": "55dc1969-7d50-447a-81e9-4cab950d210b", "value": "a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 07aa0340ec0bfbb2e59f1cc50382c055", "deleted": false, "disable_correlation": false, "timestamp": "1440487785", "to_ids": true, "type": "sha1", "uuid": "55dc1969-0dbc-425e-8520-4491950d210b", "value": "f0a73f20bc6c986d5e09a11f5606cf0aff271b2f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440487785", "to_ids": false, "type": "link", "uuid": "55dc1969-3994-4e37-8e05-47a1950d210b", "value": "https://www.virustotal.com/file/a94bf485cebeda8e4b74bbe2c0a0567903a13c36b9bf60fab484a9b55207fe0d/analysis/1440402672/" } ] } }