528 lines
No EOL
18 KiB
JSON
528 lines
No EOL
18 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2016-03-30",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - GongDa vs. Korean News",
|
|
"publish_timestamp": "1459341083",
|
|
"published": true,
|
|
"threat_level_id": "4",
|
|
"timestamp": "1459341061",
|
|
"uuid": "56fba597-d420-45fe-9a73-46f5950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332579",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fba5e3-85e4-4c5e-9c95-4320950d210f",
|
|
"value": "https://www.fireeye.com/blog/threat-research/2016/03/gongda_vs_koreanne.html"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332648",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "56fba628-5b94-43b0-849c-455d950d210f",
|
|
"value": "GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful malware to be installed on the system. While GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. Despite its shortcomings when compared to newer EK\u00e2\u20ac\u2122s such as Angler or Neutrino, GongDa proves that old tricks (or vulnerabilities) can still work effectively."
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332871",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba707-7cec-48ad-9cab-4e21950d210f",
|
|
"value": "aac178f775588ca1d42c00d4d95604bd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332871",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba707-3ff4-48e2-8a78-4b8c950d210f",
|
|
"value": "3d58f4b2008f6d87cab9166c09e513b5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332871",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba707-5820-48a5-bb02-48b6950d210f",
|
|
"value": "a18d1bce5618b23f592dae9133c25229"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332872",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba708-3674-4f99-af9d-4f4d950d210f",
|
|
"value": "40be7c9424c6c6de0d560d358a020a5c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332872",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba708-4004-4f77-a616-4e45950d210f",
|
|
"value": "808e27fd120ade3ecfb2b21aeda8bc58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459332872",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56fba708-6b08-4d1d-9045-4a92950d210f",
|
|
"value": "ed751ce651d685100e00ed133e4e5018"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: ed751ce651d685100e00ed133e4e5018",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338979",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee3-be00-478b-94f5-467302de0b81",
|
|
"value": "89834c1deb693c4491c7641f9ee618beed11b3f560cf607427360a95c8c329fd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: ed751ce651d685100e00ed133e4e5018",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338979",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee3-f308-4678-9af5-479502de0b81",
|
|
"value": "a81b05d02505ece88af76f0496cf1b3b5c6c3248"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338979",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee3-a27c-44b7-9d45-4a4202de0b81",
|
|
"value": "https://www.virustotal.com/file/89834c1deb693c4491c7641f9ee618beed11b3f560cf607427360a95c8c329fd/analysis/1447245683/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 808e27fd120ade3ecfb2b21aeda8bc58",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338980",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee4-d4f0-4ccd-af00-404f02de0b81",
|
|
"value": "ec121f3e1068fa724c3345096e3f76c76ab7bc2a7e1f5e1b667718c32b37b52a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 808e27fd120ade3ecfb2b21aeda8bc58",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338980",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee4-0794-4bd1-90be-4f4e02de0b81",
|
|
"value": "714f99e141eb289d141fc66e57be155cfc56bc36"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338980",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee4-18bc-4e56-90af-46d002de0b81",
|
|
"value": "https://www.virustotal.com/file/ec121f3e1068fa724c3345096e3f76c76ab7bc2a7e1f5e1b667718c32b37b52a/analysis/1458753480/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 40be7c9424c6c6de0d560d358a020a5c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338981",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee5-72e0-415f-ab67-4bb702de0b81",
|
|
"value": "2720739c345a66ff03121e3695164a9d71603dac089f68ee547fee59bd74abea"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 40be7c9424c6c6de0d560d358a020a5c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338981",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee5-82d4-4414-8a81-48c202de0b81",
|
|
"value": "415702298f325957e7f92db74ebb748652232f6b"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338981",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee5-cfd4-430d-a275-46c102de0b81",
|
|
"value": "https://www.virustotal.com/file/2720739c345a66ff03121e3695164a9d71603dac089f68ee547fee59bd74abea/analysis/1458559566/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: a18d1bce5618b23f592dae9133c25229",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338981",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee5-fe40-4bc9-ac32-432202de0b81",
|
|
"value": "7e78d38c40a69d7938fb3bb0be9958040f3d67d8a7f4f7716287ea4a79b559b4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: a18d1bce5618b23f592dae9133c25229",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338982",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee6-7cd8-41c5-8113-4eca02de0b81",
|
|
"value": "51f4662fae481fbab8d57d4cca67172083f55408"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338982",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee6-062c-441a-bbb0-463a02de0b81",
|
|
"value": "https://www.virustotal.com/file/7e78d38c40a69d7938fb3bb0be9958040f3d67d8a7f4f7716287ea4a79b559b4/analysis/1458803140/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 3d58f4b2008f6d87cab9166c09e513b5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338982",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee6-e7d4-4597-a66b-471d02de0b81",
|
|
"value": "e251d761bc383b97e3df39b7565457ac0e5d497a1e0073563ce1787e60911def"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: 3d58f4b2008f6d87cab9166c09e513b5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338983",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee7-3f2c-4be6-9b73-4fda02de0b81",
|
|
"value": "b1004e02d99b517604e6d34a5f522624ffa92a12"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338983",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee7-abc0-4b55-93d4-479302de0b81",
|
|
"value": "https://www.virustotal.com/file/e251d761bc383b97e3df39b7565457ac0e5d497a1e0073563ce1787e60911def/analysis/1454321451/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: aac178f775588ca1d42c00d4d95604bd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338983",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56fbbee7-131c-4db6-a41e-43af02de0b81",
|
|
"value": "a65c12d9b255ae96cbfb7d1d29aa9396782184aae06384e48dc08de5b83f768e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import. - Xchecked via VT: aac178f775588ca1d42c00d4d95604bd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338983",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56fbbee7-535c-4965-82b4-494602de0b81",
|
|
"value": "57d53205d25088c7e365d2fb9af556b3b961c341"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459338984",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56fbbee8-9d28-4cf6-b251-426c02de0b81",
|
|
"value": "https://www.virustotal.com/file/a65c12d9b255ae96cbfb7d1d29aa9396782184aae06384e48dc08de5b83f768e/analysis/1454321908/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341056",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc700-b5c0-4155-a301-440b950d210f",
|
|
"value": "bose.co.kr/shop/img/click/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341056",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc700-3d70-4cb2-a57d-40a9950d210f",
|
|
"value": "bose.co.kr/shop/img/click/as1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341057",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc701-d604-40cf-b1dd-4d9e950d210f",
|
|
"value": "bose.co.kr/shop/img/naver/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341057",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc701-6dc4-4b2e-9773-4bfd950d210f",
|
|
"value": "edresearch.co.kr/PEG/click/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341057",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc701-96f4-4ecc-8869-48bb950d210f",
|
|
"value": "edresearch.co.kr/PEG/click1/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341057",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc701-0bd4-4303-87d3-44fc950d210f",
|
|
"value": "nstory.com/tmp/click/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341058",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc702-0d0c-4962-8aa0-4565950d210f",
|
|
"value": "nstory.com/vars/ad/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341058",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc702-fcb0-4330-855a-486f950d210f",
|
|
"value": "nstory.com/vars/cache/click/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341058",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc702-43e4-41a4-a483-406b950d210f",
|
|
"value": "odbike.co.kr/w3c/cdn/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341058",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc703-e2ac-4b3d-8e4d-47d0950d210f",
|
|
"value": "odbike.co.kr/shop/skin/click/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341059",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc703-b09c-493f-9509-4cfc950d210f",
|
|
"value": "odbike.co.kr/shop/temp/click/ad1.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341059",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc703-3220-4c25-ad7f-4346950d210f",
|
|
"value": "poption.kr/gnu/cdn1/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341059",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc703-96a8-4644-9a03-4638950d210f",
|
|
"value": "poption.kr/gnu/click/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341060",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc704-c5c8-4d4a-bdf7-4bdb950d210f",
|
|
"value": "poption.kr/gnu/extend/ad/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341060",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc704-7140-41af-9374-42ca950d210f",
|
|
"value": "poption.kr/w3c/click/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341060",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc704-dd6c-4e00-9d6d-4f5d950d210f",
|
|
"value": "sekielec.co.kr/m/et/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341060",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc704-9ca0-453c-b200-435f950d210f",
|
|
"value": "smsmaster.co.kr/docs/click1/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341061",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc705-4f58-4e08-972d-49ff950d210f",
|
|
"value": "smsmaster.co.kr/docs/click3/ad.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459341061",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "56fbc705-467c-4711-8cae-4ef3950d210f",
|
|
"value": "www.poption.kr/gnu/js/click/ad.html"
|
|
}
|
|
]
|
|
}
|
|
} |