{ "Event": { "analysis": "2", "date": "2016-03-30", "extends_uuid": "", "info": "OSINT - Taiwan targeted with new cyberespionage back door Trojan", "publish_timestamp": "1459340996", "published": true, "threat_level_id": "2", "timestamp": "1459340280", "uuid": "56fb756e-0df4-40e4-9756-438e950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320214", "to_ids": false, "type": "link", "uuid": "56fb7596-a590-4da9-a679-467b950d210f", "value": "http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320303", "to_ids": false, "type": "comment", "uuid": "56fb75ef-16b0-4b65-aea4-4809950d210f", "value": "In late August 2015, Symantec identified a previously unknown back door Trojan (Backdoor.Dripion) infecting organizations primarily located in Taiwan, as well as Brazil and the United States. Dripion is custom-built, designed to steal information, and has been used sparingly in a limited number of targeted attacks. The attackers behind this campaign went to some lengths to disguise their activities, including using domains names disguised as antivirus (AV) company websites for their command and control (C&C) servers. These attacks have some links to earlier attacks by a group called Budminer involving the Taidoor Trojan (Trojan.Taidoor).\r\n\r\nThe threat posed by custom malware such as Dripion illustrates the value of multilayered security. Unknown threats may evade signature-based detection, but can be blocked by other detection tools which identify malicious behavior." }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320397", "to_ids": true, "type": "hostname", "uuid": "56fb764d-a53c-4345-a754-43c7950d210f", "value": "hyydn.nortonsoft.com" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320398", "to_ids": true, "type": "hostname", "uuid": "56fb764e-23e0-4ee6-85f7-4218950d210f", "value": "mhysix.mcfeesoft.com" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320398", "to_ids": true, "type": "hostname", "uuid": "56fb764e-643c-4ce9-83f1-4544950d210f", "value": "gspt.dns1.us" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320398", "to_ids": true, "type": "hostname", "uuid": "56fb764e-e028-49f1-94d6-4ac4950d210f", "value": "unpt.defultname.com" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320398", "to_ids": true, "type": "ip-dst", "uuid": "56fb764e-be28-4b04-9ff7-428f950d210f", "value": "198.144.100.73" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320399", "to_ids": true, "type": "ip-dst", "uuid": "56fb764f-9d64-471b-86cb-487c950d210f", "value": "208.61.229.10" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320399", "to_ids": true, "type": "ip-dst", "uuid": "56fb764f-be3c-4da9-9427-401e950d210f", "value": "200.215.222.105" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320399", "to_ids": true, "type": "ip-dst", "uuid": "56fb764f-7df8-4856-b8a9-4ec1950d210f", "value": "61.222.137.66" }, { "category": "Network activity", "comment": "Infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1459320400", "to_ids": true, "type": "ip-dst", "uuid": "56fb7650-13d0-4c5c-bc1c-4bac950d210f", "value": "103.240.182.99" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320510", "to_ids": true, "type": "md5", "uuid": "56fb76be-2608-41bf-b905-4800950d210f", "value": "2dd931cf0950817d1bb567e12cf80ae7" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320511", "to_ids": true, "type": "md5", "uuid": "56fb76bf-dd10-4dd2-b455-4f26950d210f", "value": "3652075425b367d101a7d6b6ef558c6c" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320511", "to_ids": true, "type": "md5", "uuid": "56fb76bf-a120-4d9e-bdac-41d6950d210f", "value": "59ff5624a02e98f60187add71bba3756" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320512", "to_ids": true, "type": "md5", "uuid": "56fb76c0-a9a4-47de-a0b7-476b950d210f", "value": "865d24324f1cac5aecc09bae6a9157f5" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320512", "to_ids": true, "type": "md5", "uuid": "56fb76c0-7684-4f0b-913e-42e7950d210f", "value": "eca0ef705d148ff105dbaf40ce9d1d5e" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320512", "to_ids": true, "type": "md5", "uuid": "56fb76c0-726c-4489-a265-4cd3950d210f", "value": "f4260ecd0395076439d8c0725ee0125f" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320512", "to_ids": true, "type": "md5", "uuid": "56fb76c1-1128-4689-920f-47aa950d210f", "value": "285de6e5d3ed8ca966430846888a56ff" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320513", "to_ids": true, "type": "md5", "uuid": "56fb76c1-4610-4939-9e12-4995950d210f", "value": "31f83a1e09062e8c4773a03d5993d870" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320513", "to_ids": true, "type": "md5", "uuid": "56fb76c1-f63c-4948-9ec2-4e6d950d210f", "value": "4438921ea3d08d0c90f2f903556967e5" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320513", "to_ids": true, "type": "md5", "uuid": "56fb76c1-142c-448a-882b-410d950d210f", "value": "7ad3b2b6eee18af6816b6f4f7f7f71a6" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320514", "to_ids": true, "type": "md5", "uuid": "56fb76c2-5b1c-447c-8e11-4b5a950d210f", "value": "b594d53a0d19eaac113988bf238654d3" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320514", "to_ids": true, "type": "md5", "uuid": "56fb76c2-a9c4-4c5f-aba7-43ce950d210f", "value": "c3e6ce287d12ac39ceb24e08dc63e3b5" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320514", "to_ids": true, "type": "md5", "uuid": "56fb76c2-fc40-40b9-9ecc-4acb950d210f", "value": "e0c6b7d9bdae838139caa3acce5c890d" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320515", "to_ids": true, "type": "md5", "uuid": "56fb76c3-303c-4d10-9f1b-4ada950d210f", "value": "e7205c0b80035b629d80b5e7aeff7b0e" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320515", "to_ids": true, "type": "md5", "uuid": "56fb76c3-be30-4591-a074-4c3c950d210f", "value": "c182e33cf7e85316e9dc0e13999db45e" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320515", "to_ids": true, "type": "md5", "uuid": "56fb76c3-2c70-4e67-bde0-41db950d210f", "value": "272ff690f6d27d2953fbadf75791274c" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320515", "to_ids": true, "type": "md5", "uuid": "56fb76c3-9dc4-42e9-9d03-4dc9950d210f", "value": "ae80f056b8c38873ab1251c454ed1fe9" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320516", "to_ids": true, "type": "md5", "uuid": "56fb76c4-8090-4b2e-9b9e-45c8950d210f", "value": "260f19ef39d56373bb5590346d2c1811" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320516", "to_ids": true, "type": "md5", "uuid": "56fb76c4-42e0-4403-a4e0-4566950d210f", "value": "fe8d19e3435879e56f5189b37263ab06" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320517", "to_ids": true, "type": "md5", "uuid": "56fb76c5-5e84-40dd-a7db-4a7f950d210f", "value": "68bebcd9d2ad418332980a7dab71bf79" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320517", "to_ids": true, "type": "md5", "uuid": "56fb76c5-abf4-4bab-99e1-47f2950d210f", "value": "cbde79b6ba782840db4aca46a5a63467" }, { "category": "Payload installation", "comment": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467", "deleted": false, "disable_correlation": false, "timestamp": "1459320850", "to_ids": true, "type": "sha256", "uuid": "56fb7812-cc00-4a88-b061-41d302de0b81", "value": "39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c" }, { "category": "Payload installation", "comment": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467", "deleted": false, "disable_correlation": false, "timestamp": "1459320850", "to_ids": true, "type": "sha1", "uuid": "56fb7812-c9f0-4aa8-96c0-4cba02de0b81", "value": "5b697da0efde1052c0f49d586744bc52e49626ab" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320850", "to_ids": false, "type": "link", "uuid": "56fb7812-c270-4734-909a-4a0a02de0b81", "value": "https://www.virustotal.com/file/39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c/analysis/1456306454/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79", "deleted": false, "disable_correlation": false, "timestamp": "1459320851", "to_ids": true, "type": "sha256", "uuid": "56fb7813-d03c-48a7-92dc-43ad02de0b81", "value": "fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79", "deleted": false, "disable_correlation": false, "timestamp": "1459320851", "to_ids": true, "type": "sha1", "uuid": "56fb7813-5f54-482c-b9c8-4c8d02de0b81", "value": "f9222b8048ec770c613be5692b1ed225564c90e7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320851", "to_ids": false, "type": "link", "uuid": "56fb7813-9714-4300-a683-4aa602de0b81", "value": "https://www.virustotal.com/file/fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83/analysis/1441264811/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9", "deleted": false, "disable_correlation": false, "timestamp": "1459320852", "to_ids": true, "type": "sha256", "uuid": "56fb7814-20fc-4425-ae0c-4c9d02de0b81", "value": "c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4" }, { "category": "Payload installation", "comment": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9", "deleted": false, "disable_correlation": false, "timestamp": "1459320852", "to_ids": true, "type": "sha1", "uuid": "56fb7814-1cf0-48ea-a52f-45d802de0b81", "value": "4a4f670f59073191c4b06e857151725208693c39" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320852", "to_ids": false, "type": "link", "uuid": "56fb7814-9d74-46a8-8955-4eb602de0b81", "value": "https://www.virustotal.com/file/c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4/analysis/1459263257/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c", "deleted": false, "disable_correlation": false, "timestamp": "1459320852", "to_ids": true, "type": "sha256", "uuid": "56fb7814-aa54-4383-b8af-429702de0b81", "value": "580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c", "deleted": false, "disable_correlation": false, "timestamp": "1459320853", "to_ids": true, "type": "sha1", "uuid": "56fb7815-4b18-42e0-bef6-426202de0b81", "value": "8e74830b02b73c12b7eb7f273bb60ef18b658dbd" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320853", "to_ids": false, "type": "link", "uuid": "56fb7815-7ab4-440c-9ef9-43a202de0b81", "value": "https://www.virustotal.com/file/580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8/analysis/1407397787/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e", "deleted": false, "disable_correlation": false, "timestamp": "1459320853", "to_ids": true, "type": "sha256", "uuid": "56fb7815-b3e4-4997-82aa-4bfa02de0b81", "value": "52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e", "deleted": false, "disable_correlation": false, "timestamp": "1459320854", "to_ids": true, "type": "sha1", "uuid": "56fb7816-9604-4ddc-b48c-406002de0b81", "value": "b9ecda3a8695d0385d1764091b9bb751cfb92ff6" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320854", "to_ids": false, "type": "link", "uuid": "56fb7816-8464-4f18-8f1c-418902de0b81", "value": "https://www.virustotal.com/file/52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb/analysis/1442570891/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e", "deleted": false, "disable_correlation": false, "timestamp": "1459320854", "to_ids": true, "type": "sha256", "uuid": "56fb7816-a5e0-4816-812e-425d02de0b81", "value": "9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982" }, { "category": "Payload installation", "comment": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e", "deleted": false, "disable_correlation": false, "timestamp": "1459320855", "to_ids": true, "type": "sha1", "uuid": "56fb7817-1aa0-4a96-96c9-4bfc02de0b81", "value": "63c1e2b477bfbc05a9f2806adfcdfe1bc03cef1c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320855", "to_ids": false, "type": "link", "uuid": "56fb7817-c508-4707-9731-4bb602de0b81", "value": "https://www.virustotal.com/file/9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982/analysis/1458897537/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5", "deleted": false, "disable_correlation": false, "timestamp": "1459320855", "to_ids": true, "type": "sha256", "uuid": "56fb7817-9484-4c10-93dd-40a202de0b81", "value": "22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5", "deleted": false, "disable_correlation": false, "timestamp": "1459320855", "to_ids": true, "type": "sha1", "uuid": "56fb7817-aec4-4197-aa0a-4bb202de0b81", "value": "76db73ab0b5393a6a871b6ac8b7c467af61ee729" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320856", "to_ids": false, "type": "link", "uuid": "56fb7818-3734-4f5b-8e9a-4cae02de0b81", "value": "https://www.virustotal.com/file/22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4/analysis/1397818663/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6", "deleted": false, "disable_correlation": false, "timestamp": "1459320856", "to_ids": true, "type": "sha256", "uuid": "56fb7818-75d4-4a89-9b41-45c602de0b81", "value": "a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6", "deleted": false, "disable_correlation": false, "timestamp": "1459320856", "to_ids": true, "type": "sha1", "uuid": "56fb7818-7c6c-4423-862d-436402de0b81", "value": "52d455c5c8d4c8a852f8c3d9c477154e01604a8b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320857", "to_ids": false, "type": "link", "uuid": "56fb7819-a9a4-4011-a751-4a3a02de0b81", "value": "https://www.virustotal.com/file/a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145/analysis/1459263245/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5", "deleted": false, "disable_correlation": false, "timestamp": "1459320857", "to_ids": true, "type": "sha256", "uuid": "56fb7819-1f58-4ea9-9bea-4c9502de0b81", "value": "31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5", "deleted": false, "disable_correlation": false, "timestamp": "1459320857", "to_ids": true, "type": "sha1", "uuid": "56fb7819-83f0-49a8-b8dd-446202de0b81", "value": "2b798aa6018278ddd868253831439a8da3571edf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320858", "to_ids": false, "type": "link", "uuid": "56fb781a-6670-4e54-a213-47d002de0b81", "value": "https://www.virustotal.com/file/31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01/analysis/1457938903/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff", "deleted": false, "disable_correlation": false, "timestamp": "1459320858", "to_ids": true, "type": "sha256", "uuid": "56fb781a-81a0-4ea3-95b1-4ea402de0b81", "value": "f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff", "deleted": false, "disable_correlation": false, "timestamp": "1459320858", "to_ids": true, "type": "sha1", "uuid": "56fb781a-0a0c-40c3-80c5-4d2602de0b81", "value": "9f5e1b4bd1be64869f98af484881c5df5859a312" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320859", "to_ids": false, "type": "link", "uuid": "56fb781b-54d4-473e-b222-486202de0b81", "value": "https://www.virustotal.com/file/f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e/analysis/1415944613/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e", "deleted": false, "disable_correlation": false, "timestamp": "1459320859", "to_ids": true, "type": "sha256", "uuid": "56fb781b-80fc-4a69-9336-49bd02de0b81", "value": "8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729" }, { "category": "Payload installation", "comment": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e", "deleted": false, "disable_correlation": false, "timestamp": "1459320859", "to_ids": true, "type": "sha1", "uuid": "56fb781b-aa24-462e-8602-4ea302de0b81", "value": "cdcc2d4557ef9e27e4d41608076f92e4129617d6" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459320860", "to_ids": false, "type": "link", "uuid": "56fb781c-a0a8-43fe-b5c1-4c6602de0b81", "value": "https://www.virustotal.com/file/8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729/analysis/1459271737/" } ] } }