misp-circl-feed/feeds/circl/misp/557e78b6-91ec-4123-87df-424f950d210b.json

{
  "Event": {
    "analysis": "2",
    "date": "2015-06-11",
    "extends_uuid": "",
    "info": "OSINT  Evilgrab Delivered by Watering Hole Attack on President of Myanmar\u00e2\u20ac\u2122s Website by Palo Alto Unit 42",
    "publish_timestamp": "1434359247",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1434353143",
    "uuid": "557e78b6-91ec-4123-87df-424f950d210b",
    "Orgc": {
      "name": "CthulhuSPRL.be",
      "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "Original report",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352985",
        "to_ids": false,
        "type": "link",
        "uuid": "557e78d1-83c4-4017-9c33-4de6950d210b",
        "value": "http://researchcenter.paloaltonetworks.com/2015/06/evilgrab-delivered-by-watering-hole-attack-on-president-of-myanmars-website/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434351835",
        "to_ids": false,
        "type": "text",
        "uuid": "557e78dc-e5c4-4aec-b954-4203950d210b",
        "value": "Evilgrab"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434351866",
        "to_ids": false,
        "type": "vulnerability",
        "uuid": "557e78fa-dd00-48c9-81bd-4e06950d210b",
        "value": "CVE-2014-6332"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434351879",
        "to_ids": true,
        "type": "sha256",
        "uuid": "557e7907-9c30-4429-8bd2-4ed7950d210b",
        "value": "b69106e06dc008e4fa1e4a0b0b58fcb1dc6d2016422a35cb3111168fd3fae577"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434351894",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7916-6e04-4bbc-832e-ce64950d210b",
        "value": "mmslsh.tiger1234.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434351914",
        "to_ids": true,
        "type": "url",
        "uuid": "557e792a-d3ac-482a-8701-ce64950d210b",
        "value": "http://www.president-office.gov.mm/sites/all/modules/browscap/List_View.php"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353040",
        "to_ids": true,
        "type": "md5",
        "uuid": "557e7941-4480-4112-ab99-4dca950d210b",
        "value": "2e78e6d02aaed4f057f4dfa631ea5519"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353040",
        "to_ids": true,
        "type": "sha256",
        "uuid": "557e7941-c378-4a95-8948-4bee950d210b",
        "value": "10d9611e5b4ff41fc79e8907e3eb522630131b1bdc1010a0564c8780ba55c87c"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352629",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7bf5-1fac-4513-b4e8-3a65950d210b",
        "value": "dns.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352630",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7bf6-2230-4082-9f66-3a65950d210b",
        "value": "ns.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352630",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7bf6-6e88-43b7-9920-3a65950d210b",
        "value": "appeur.gnway.cc"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352645",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7c05-7300-4af6-b311-38d3950d210b",
        "value": "211.169.202.2"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352859",
        "to_ids": true,
        "type": "domain",
        "uuid": "557e7cdb-14e4-4883-8db7-3a54950d210b",
        "value": "websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352904",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d08-2aec-46bb-adb0-3a65950d210b",
        "value": "usafi.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352904",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d08-40a8-45d3-af79-3a65950d210b",
        "value": "usacia.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352904",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d08-f270-4072-8dec-3a65950d210b",
        "value": "webhttps.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352904",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d08-eaa8-4647-9319-3a65950d210b",
        "value": "usagovdns.websecexp.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352924",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7d1c-aef8-4fe9-aa83-40be950d210b",
        "value": "59.188.16.130"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352945",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d31-a988-4350-8692-3a73950d210b",
        "value": "ceshi.mailpseonfz.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434352946",
        "to_ids": true,
        "type": "hostname",
        "uuid": "557e7d32-e780-40dc-b678-3a73950d210b",
        "value": "dns.mailpseonfz.com"
      },
      {
        "category": "External analysis",
        "comment": "Link in the original post",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353021",
        "to_ids": false,
        "type": "link",
        "uuid": "557e7d7d-3318-42f9-8a08-3a5f950d210b",
        "value": "https://www.virustotal.com/en/url/91f7d6612c79cc0b266891c447359853614546837b003836ab342b091ee1a6cc/analysis/"
      },
      {
        "category": "External analysis",
        "comment": "Link in the original post",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353022",
        "to_ids": false,
        "type": "link",
        "uuid": "557e7d7e-61e8-4bb3-a675-3a5f950d210b",
        "value": "https://www.virustotal.com/en/file/b8c37a1db36d702932b5db97ec150269a323b5dc76059062beff7e330f2d136d/analysis/"
      },
      {
        "category": "External analysis",
        "comment": "Link in the original post",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353022",
        "to_ids": false,
        "type": "link",
        "uuid": "557e7d7e-d400-4717-a8ea-3a5f950d210b",
        "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/"
      },
      {
        "category": "External analysis",
        "comment": "Link in the original post",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353022",
        "to_ids": false,
        "type": "link",
        "uuid": "557e7d7e-db40-4ea1-9e4e-3a5f950d210b",
        "value": "http://pwc.blogs.com/files/cto-tib-20150223-01a.pdf"
      },
      {
        "category": "External analysis",
        "comment": "Link in the original post",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353022",
        "to_ids": false,
        "type": "link",
        "uuid": "557e7d7e-d074-4b71-8a27-3a5f950d210b",
        "value": "http://contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html"
      },
      {
        "category": "Attribution",
        "comment": "Registrant",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353096",
        "to_ids": false,
        "type": "text",
        "uuid": "557e7dc8-9fe4-4923-b96d-40be950d210b",
        "value": "gooleWarning@gmail.com"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353143",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7df7-21fc-40a9-a9ca-47a7950d210b",
        "value": "218.54.45.220"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353143",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7df7-63b8-47fd-95bc-46c8950d210b",
        "value": "61.221.66.199"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353143",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7df7-cba4-46a1-9f89-4eca950d210b",
        "value": "59.188.4.106"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1434353143",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "557e7df7-f578-4161-9a22-444e950d210b",
        "value": "59.188.16.135"
      }
    ]
  }
}