{ "Event": { "analysis": "2", "date": "2017-06-14", "extends_uuid": "", "info": "OSINT Phantom of the Opaera: New KASPERAGENT Malware Campaign by ThreatConnect", "publish_timestamp": "1516110415", "published": true, "threat_level_id": "2", "timestamp": "1516110409", "uuid": "5a5df98f-3ea4-4cd5-b1d5-47d5950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#f71212", "local": "0", "name": "APT", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108415", "to_ids": false, "type": "link", "uuid": "5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f", "value": "https://www.threatconnect.com/blog/kasperagent-malware-campaign/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108415", "to_ids": false, "type": "link", "uuid": "5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f", "value": "https://app.threatconnect.com/auth/campaign/campaign.xhtml?campaign=4219181" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108415", "to_ids": false, "type": "link", "uuid": "5a5dfa7f-e974-43a9-a4b8-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219182" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108415", "to_ids": false, "type": "link", "uuid": "5a5dfa7f-0d38-4c30-bfc2-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219191" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108415", "to_ids": false, "type": "link", "uuid": "5a5dfa7f-215c-42ac-8c84-62e5950d210f", "value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219223" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108723", "to_ids": true, "type": "pdb", "uuid": "5a5dfaa7-cb80-4fd8-b424-46c0950d210f", "value": "%USERPROFILE%\\Documents\\Visual Studio 2008\\Projects\\New folder (2)\\kasper\\Release\\kasper.pdb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108470", "to_ids": true, "type": "md5", "uuid": "5a5dfab6-c328-44c4-b3e4-bff6950d210f", "value": "6843ae9eac03f69df301d024bfdefc88" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108470", "to_ids": true, "type": "md5", "uuid": "5a5dfab6-467c-45d8-adf9-bff6950d210f", "value": "4fe7561f63a71ca73c26cb95b28eaee8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108498", "to_ids": true, "type": "domain", "uuid": "5a5dfad2-24a0-46cc-9257-46be950d210f", "value": "treestower.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108498", "to_ids": true, "type": "domain", "uuid": "5a5dfad2-3e88-469e-ad8e-4917950d210f", "value": "mailsinfo.net" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108524", "to_ids": true, "type": "md5", "uuid": "5a5dfaec-a0b8-44c2-8802-c1be950d210f", "value": "2de25306a58d8a5b6cbe8d5e2fc5f3c5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108524", "to_ids": true, "type": "domain", "uuid": "5a5dfaec-7b28-4d37-89dc-c1be950d210f", "value": "windowsnewupdates.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108524", "to_ids": true, "type": "md5", "uuid": "5a5dfaec-d4c8-4f95-928c-c1be950d210f", "value": "c66f88d2d76d79210d568d7ad7896b45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108564", "to_ids": true, "type": "imphash", "uuid": "5a5dfb14-0a08-4f8b-abf7-44a3950d210f", "value": "0b4e44256788783634a2b1dadf4f9784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108565", "to_ids": true, "type": "imphash", "uuid": "5a5dfb15-9e3c-4d8f-9580-4b34950d210f", "value": "e44f0bd2adfb9cbcabcad314d27accfc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108591", "to_ids": true, "type": "ip-dst", "uuid": "5a5dfb2f-f3f0-40a4-8746-62e5950d210f", "value": "195.154.110.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108613", "to_ids": true, "type": "domain", "uuid": "5a5dfb45-d0f0-4f3c-9010-476e950d210f", "value": "upfile2box.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108613", "to_ids": true, "type": "domain", "uuid": "5a5dfb45-b754-4fc6-9687-4265950d210f", "value": "7aga.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108649", "to_ids": false, "type": "ip-dst", "uuid": "5a5dfb69-23a8-4879-9a3f-4356950d210f", "value": "144.76.107.83" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108650", "to_ids": true, "type": "domain", "uuid": "5a5dfb6a-08c0-4d3a-aff7-4c82950d210f", "value": "www.treestower.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108650", "to_ids": true, "type": "domain", "uuid": "5a5dfb6a-90e4-423a-8ffa-4c58950d210f", "value": "www.windowsnewupdates.com" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108650", "to_ids": true, "type": "md5", "uuid": "5a5dfb6a-7ad8-4026-94c1-4596950d210f", "value": "6e853f78c47dfd4cc726a47b0098d1b1" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108651", "to_ids": true, "type": "md5", "uuid": "5a5dfb6b-b78c-4f37-a92f-4db9950d210f", "value": "6843ae9eac03f69df301d024bfdefc88" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108651", "to_ids": true, "type": "md5", "uuid": "5a5dfb6b-1070-4ec8-9123-4e38950d210f", "value": "4fe7561f63a71ca73c26cb95b28eaee8" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108652", "to_ids": true, "type": "md5", "uuid": "5a5dfb6c-9bd0-47b2-8f40-44c3950d210f", "value": "bf587707b44e46208a53817a4718d384" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108652", "to_ids": true, "type": "md5", "uuid": "5a5dfb6c-5b5c-40d0-b251-4f33950d210f", "value": "2de25306a58d8a5b6cbe8d5e2fc5f3c5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108653", "to_ids": true, "type": "url", "uuid": "5a5dfb6d-1038-4ce4-8d79-4e4d950d210f", "value": "http://www.windowsnewupdates.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108653", "to_ids": true, "type": "url", "uuid": "5a5dfb6d-cd94-4687-a84a-44b6950d210f", "value": "http://www.windowsnewupdates.com/dad5/sign.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108653", "to_ids": true, "type": "url", "uuid": "5a5dfb6d-b354-4f56-a4ff-4a5f950d210f", "value": "http://www.treestower.com/images/17457790_12836.jpg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108654", "to_ids": true, "type": "url", "uuid": "5a5dfb6e-f0c0-4718-9153-4f79950d210f", "value": "http://www.windowsnewupdates.com/dad5/addCity.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108654", "to_ids": true, "type": "url", "uuid": "5a5dfb6e-2e90-47c2-be61-4411950d210f", "value": "http://www.windowsnewupdates.com/dad5/town.php" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108686", "to_ids": true, "type": "md5", "uuid": "5a5dfb8e-8ecc-4905-9fac-4347950d210f", "value": "339261a97e4cb123f15c77cb916c0ed2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108687", "to_ids": true, "type": "md5", "uuid": "5a5dfb8f-cbf4-42c3-b2b0-4725950d210f", "value": "48f39fe48f6fdae46dda189a904b5ad2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516108687", "to_ids": true, "type": "md5", "uuid": "5a5dfb8f-f5e0-4e15-b049-4ae2950d210f", "value": "f6ac341729d42893a06db8d55aaaabae" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110255", "to_ids": true, "type": "md5", "uuid": "5a5e01af-a050-4383-91ca-4711950d210f", "value": "53135d1b2488ce356a9dfbbfa717dd8a" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110256", "to_ids": true, "type": "md5", "uuid": "5a5e01b0-9b30-4098-bfa7-4795950d210f", "value": "30bfc2f4776451fb04fe272e372db82f" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110256", "to_ids": true, "type": "md5", "uuid": "5a5e01b0-2bf0-4137-b3d4-4d9e950d210f", "value": "0734f5ff152d851a4c0655d06cc43530" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110256", "to_ids": true, "type": "md5", "uuid": "5a5e01b0-1adc-461c-8f3b-4d66950d210f", "value": "a3fc6b4fed7c1d5ffd242ed39a9f6c8f" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110257", "to_ids": true, "type": "md5", "uuid": "5a5e01b1-5120-4c22-ad0c-4994950d210f", "value": "fbf143b2d34c43bf50d713054f5b6035" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110257", "to_ids": true, "type": "md5", "uuid": "5a5e01b1-f4d0-48e3-8428-4309950d210f", "value": "568b97515f969b14bc727e8961fd65c9" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110258", "to_ids": true, "type": "md5", "uuid": "5a5e01b2-da38-4971-9d68-4954950d210f", "value": "135d87dc18f703238eca6e360dd6e050" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110258", "to_ids": true, "type": "md5", "uuid": "5a5e01b2-e094-41be-a734-406d950d210f", "value": "73148c69c283eb85517419c4b7e60c46" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110259", "to_ids": true, "type": "md5", "uuid": "5a5e01b3-4240-47b2-b3f1-4b06950d210f", "value": "96cc23b77c36cec0c34ade9b740b7b87" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110259", "to_ids": true, "type": "md5", "uuid": "5a5e01b3-e060-4ca3-91d5-414f950d210f", "value": "32747103d34b6e773f81e24091d8e80d" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110260", "to_ids": true, "type": "md5", "uuid": "5a5e01b4-1bc8-4cf7-829d-4867950d210f", "value": "8ff090029aaf77c16d4a24fef6393264" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110260", "to_ids": true, "type": "md5", "uuid": "5a5e01b4-51e0-4f60-8abd-4c21950d210f", "value": "7ed9addc8ee29425551e673f4a8d7f2a" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110260", "to_ids": true, "type": "md5", "uuid": "5a5e01b4-7958-4e69-b9fb-4e1f950d210f", "value": "85349063104b084ffb24d09d4c6e4bd7" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110261", "to_ids": true, "type": "md5", "uuid": "5a5e01b5-4f6c-435b-bebd-43d5950d210f", "value": "ae6afaf92e7cf3689ca74b6350f0a9fa" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110261", "to_ids": true, "type": "md5", "uuid": "5a5e01b5-5af4-4987-b16d-474e950d210f", "value": "e673c6e1d6c546c5c4abb8124ffe505b" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110261", "to_ids": true, "type": "md5", "uuid": "5a5e01b5-60d8-4c8a-8537-4fe7950d210f", "value": "34d04aaa2c2b2455c9f988f2de5fab04" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110262", "to_ids": true, "type": "md5", "uuid": "5a5e01b6-cc68-4c40-9bb0-4d91950d210f", "value": "b8fb0f329654ec91cc6931667c4a3e39" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110262", "to_ids": true, "type": "md5", "uuid": "5a5e01b6-6de8-4471-8258-4f2c950d210f", "value": "d8fad23d13d5247484ce129cee85cc5e" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110263", "to_ids": true, "type": "md5", "uuid": "5a5e01b7-b8b0-4798-8fa8-4728950d210f", "value": "a9caa2009bc2b4cd078f193d0c5a80b0" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110263", "to_ids": true, "type": "md5", "uuid": "5a5e01b7-9a40-4d83-b384-4238950d210f", "value": "9afcf5029f67230514d366d212d375a5" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110263", "to_ids": true, "type": "md5", "uuid": "5a5e01b7-2c20-4bca-b050-4465950d210f", "value": "0e2aa5771dc87ca50d04efe5826aaf5c" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110290", "to_ids": true, "type": "md5", "uuid": "5a5e01d2-7364-4dbb-85e2-4840950d210f", "value": "6bb42841c16ab82e3acc63c7a6d87801" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110291", "to_ids": true, "type": "md5", "uuid": "5a5e01d3-4cac-485a-b6dc-4ca7950d210f", "value": "a8fc19b2c8efe81b09813292d31ec1eb" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110291", "to_ids": true, "type": "md5", "uuid": "5a5e01d3-ad20-47ac-a406-4641950d210f", "value": "980b1125805ccc351f3abde4fce133e0" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110291", "to_ids": true, "type": "md5", "uuid": "5a5e01d3-15a4-48d0-a318-43d8950d210f", "value": "016eb6d8dad949c95bc2929f80d174b3" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110292", "to_ids": true, "type": "md5", "uuid": "5a5e01d4-5f30-4988-a81c-408c950d210f", "value": "200c6f2b28dc75d8454dedd85b23bc56" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110292", "to_ids": true, "type": "md5", "uuid": "5a5e01d4-f468-47b9-825b-4a6a950d210f", "value": "5d44e3a13d8c976d30178688e8535ec5" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110293", "to_ids": true, "type": "md5", "uuid": "5a5e01d5-3350-4572-81bb-4840950d210f", "value": "cd27b0a11e6eb4006d7be41df850b9ee" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516110293", "to_ids": true, "type": "md5", "uuid": "5a5e01d5-aa8c-43a8-985e-4944950d210f", "value": "8adcc9e5e9137612418b6042f028640e" } ] } }