{ "Event": { "analysis": "0", "date": "2014-08-15", "extends_uuid": "", "info": "OSINT Attacks on East Asia using Google Code for Command and Control by Palo Alto Unit 42", "publish_timestamp": "1432230458", "published": true, "threat_level_id": "1", "timestamp": "1432213916", "uuid": "555dd7c9-2234-44d6-8604-a479950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213465", "to_ids": false, "type": "link", "uuid": "555dd7d9-112c-4809-8582-a479950d210b", "value": "http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-google-code-command-control/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213495", "to_ids": false, "type": "text", "uuid": "555dd7f7-6660-42aa-a8a7-d8ba950d210b", "value": "Poisoned Hurricane" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213495", "to_ids": false, "type": "text", "uuid": "555dd7f7-1d58-4ad2-865c-d8ba950d210b", "value": "Operation Poisoned Hurricane" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213545", "to_ids": true, "type": "ip-dst", "uuid": "555dd829-b3cc-4645-8b2f-d8ba950d210b", "value": "223.29.248.9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213545", "to_ids": true, "type": "ip-dst", "uuid": "555dd829-b248-4d57-9e70-d8ba950d210b", "value": "202.181.133.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213545", "to_ids": true, "type": "ip-dst", "uuid": "555dd829-1384-4c2f-b19b-d8ba950d210b", "value": "61.78.34.179" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213545", "to_ids": true, "type": "ip-dst", "uuid": "555dd82a-79d0-4f53-a659-d8ba950d210b", "value": "211.233.89.182" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213546", "to_ids": true, "type": "ip-dst", "uuid": "555dd82a-b164-4e34-a2f7-d8ba950d210b", "value": "203.135.134.243" }, { "category": "Artifacts dropped", "comment": "Linked to another campaign but had same CnC", "deleted": false, "disable_correlation": false, "timestamp": "1432213588", "to_ids": true, "type": "md5", "uuid": "555dd854-f334-42bf-a213-f22a950d210b", "value": "ddd46ce5e5eaaa8e61ce11a121a79266" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213608", "to_ids": true, "type": "domain", "uuid": "555dd868-daa4-44a2-81d8-177c950d210b", "value": "qq7712409.3322.org" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-b4f4-4917-9196-f87b950d210b", "value": "50af349c69ae4dec74bc41c581b82459" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-f1ac-4ea0-b5de-f87b950d210b", "value": "59db9dc2bb3635a3bd94182ae68d31cb" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-c0f8-4c6e-a161-f87b950d210b", "value": "835a1e33a87941c7a1cc9a741d33a5a3" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-963c-41f7-9fac-f87b950d210b", "value": "a31fe2e6bd94e6df84a091d00d27ec28" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-5cf0-4249-a0e0-f87b950d210b", "value": "e2a4b96cce9de4fb126cfd5f5c73c3ed" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-4e88-442b-9ecb-f87b950d210b", "value": "e8277240392ce218f9ec9d4ec3d00655" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213811", "to_ids": true, "type": "md5", "uuid": "555dd933-39a4-4860-9c2b-f87b950d210b", "value": "f92e9e3e86856b5c0ee465f77a440abb" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213824", "to_ids": true, "type": "sha256", "uuid": "555dd940-6e68-463d-9638-f22a950d210b", "value": "136e709cc83cbda0cd8ca6e46fe9e57202bd2699ca063f9d1a51602394c06ef3" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213824", "to_ids": true, "type": "sha256", "uuid": "555dd940-c550-4776-8181-f22a950d210b", "value": "25a02434132c3977124dfaa7e7392a9af4d1617f3520bc04589d5e7e5aad0362" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213824", "to_ids": true, "type": "sha256", "uuid": "555dd940-e598-431a-9cd4-f22a950d210b", "value": "2ab4953d2e2b38a918e1a1c74741e1de6111b1ce59878a82768990a339318cd2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213825", "to_ids": true, "type": "sha256", "uuid": "555dd941-baf8-4b8a-9656-f22a950d210b", "value": "4d894492c10ddaaae6924744cd21d8115e8b1d72bceb7df6393a8d2cf9130a49" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213825", "to_ids": true, "type": "sha256", "uuid": "555dd941-f1e4-4cee-9d64-f22a950d210b", "value": "6594912a0fe3d0380af1630aa8cb6c489f014af4b37f1c99f62fe4d2806907e5" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213825", "to_ids": true, "type": "sha256", "uuid": "555dd941-54c8-4c34-b606-f22a950d210b", "value": "935c9652a0d5427a0205062431fd1db9ccafa68d55313504f76206026b84b2f4" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213825", "to_ids": true, "type": "sha256", "uuid": "555dd941-8574-429f-9f6b-f22a950d210b", "value": "bbff6295b390e3098401a43f08d95d35745e807a0dcb19a2ea4a1596aca9ef31" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213878", "to_ids": true, "type": "ip-dst", "uuid": "555dd976-bf14-427d-9d16-a479950d210b", "value": "113.10.149.142" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213878", "to_ids": true, "type": "ip-dst", "uuid": "555dd976-2714-4cb0-bb17-a479950d210b", "value": "210.253.101.105" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213879", "to_ids": true, "type": "ip-dst", "uuid": "555dd977-0d18-4784-857d-a479950d210b", "value": "58.64.139.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213901", "to_ids": true, "type": "hostname", "uuid": "555dd98d-2c14-457b-a149-f22a950d210b", "value": "hk.jave-se.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213916", "to_ids": true, "type": "domain", "uuid": "555dd99c-b004-444e-a9d9-44cf950d210b", "value": "java-se.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432213916", "to_ids": true, "type": "domain", "uuid": "555dd99c-0664-42ec-8cf8-478c950d210b", "value": "lthly.com" } ] } }