misp-circl-feed/feeds/circl/misp/57b5a32c-b744-4674-b727-4cb2950d210f.json

220 lines
No EOL
6.8 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2016-08-16",
"extends_uuid": "",
"info": "OSINT Aveo Malware Family Targets Japanese Speaking Users by Palo Alto networks Unit 42",
"publish_timestamp": "1471522219",
"published": true,
"threat_level_id": "3",
"timestamp": "1471522208",
"uuid": "57b5a32c-b744-4674-b727-4cb2950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521588",
"to_ids": false,
"type": "link",
"uuid": "57b5a334-12c8-43b0-9987-40bb950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521782",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f6-4250-4f13-bdbc-4045950d210f",
"value": "europcubit.com"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521782",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f6-d374-4e7c-8bb2-47be950d210f",
"value": "snoozetime.info"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521782",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f6-53a4-4f28-a14d-4fb0950d210f",
"value": "bluepaint.info"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521783",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f7-50a4-4ed4-b5e7-40dc950d210f",
"value": "7b7p.info"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521783",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f7-284c-48ee-b5d7-4d04950d210f",
"value": "coinpack.info"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521783",
"to_ids": true,
"type": "domain",
"uuid": "57b5a3f7-6384-4a06-88c2-4677950d210f",
"value": "donkeyhaws.info"
},
{
"category": "Attribution",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471522197",
"to_ids": true,
"type": "whois-registrant-email",
"uuid": "57b5a3f7-d260-4d69-a44f-4d42950d210f",
"value": "jhmiyh.ny@gmail.com"
},
{
"category": "Attribution",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471522182",
"to_ids": true,
"type": "whois-registrant-email",
"uuid": "57b5a3f7-0fe0-4118-be05-4b20950d210f",
"value": "jack.ondo@mail.com"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521784",
"to_ids": true,
"type": "sha256",
"uuid": "57b5a3f8-6bb4-4f2e-9744-42e3950d210f",
"value": "8101c298a33d91a985a5150d0254cf426601e4632250f5a03ddac39375e7fb4d"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521784",
"to_ids": true,
"type": "sha256",
"uuid": "57b5a3f8-0158-4e04-888b-4a5f950d210f",
"value": "9dccfdd2a503ef8614189225bbbac11ee6027590c577afcaada7e042e18625e2"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521784",
"to_ids": true,
"type": "ip-dst",
"uuid": "57b5a3f8-6578-4eee-9848-4f33950d210f",
"value": "50.63.202.38"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521784",
"to_ids": true,
"type": "ip-dst",
"uuid": "57b5a3f8-4a80-4250-9044-475c950d210f",
"value": "104.202.173.82"
},
{
"category": "Network activity",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521784",
"to_ids": true,
"type": "ip-dst",
"uuid": "57b5a3f8-6df8-47ac-9070-4d19950d210f",
"value": "107.180.36.179"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521836",
"to_ids": true,
"type": "filename",
"uuid": "57b5a42c-edac-460b-b68e-4a82950d210f",
"value": "%APPDATA%\\MMC\\MMC.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471521837",
"to_ids": true,
"type": "filename",
"uuid": "57b5a42d-b8cc-47db-9689-4574950d210f",
"value": "%TEMP%\\MMC\\MMC.exe"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471522208",
"to_ids": true,
"type": "whois-registrant-email",
"uuid": "57b5a5a0-ec2c-4b4f-961d-49f1950d210f",
"value": "844148030@qq.com"
}
]
}
}