adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/81f607d5-2b83-477c-95f5-342030de6570.json

665 lines
No EOL
22 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "0",
"date": "2023-07-03",
"extends_uuid": "",
"info": "Chinese Threat Actors Targeting Europe in SmugX Campaign",
"publish_timestamp": "1689165773",
"published": true,
"threat_level_id": "1",
"timestamp": "1689165761",
"uuid": "81f607d5-2b83-477c-95f5-342030de6570",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"RedDelta\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"PlugX\"",
"relationship_type": ""
},
{
"colour": "#e834ab",
"local": false,
"name": "misp-galaxy:mitre-intrusion-set=\"Mustang Panda - G0129\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:threat-actor=\"Mustang Panda\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "918d4b5b-4477-49a0-a9fb-0085e9992b07",
"value": "edb5d4b454b6c7d3abecd6de7099e05575b8f28bb09dfc364e45ce8c16a34fcd"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "57317342-6458-427e-89b2-9a3ba097bfcb",
"value": "736451c2593bc1601c52b45c16ad8fd1aec56f868eb3bba333183723dea805af"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "f588c595-946f-4d8b-94c9-f217b5956e17",
"value": "0e4b81e04ca77762be2afb8bd451abb2ff46d2831028cde1c5d0ec45199f01a1"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "236c2d6a-3c41-4369-a4e3-9b371371b6cb",
"value": "989ede1df02e4d9620f6caf75a88a11791d156f62fdea4258e12d972df76bc05"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "9eb2e07d-4dd1-48a1-930e-ea58ecfb0268",
"value": "10cad59ea2a566597d933b1e8ba929af0b4c7af85481eacaab708ef4ddf6e0ee"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "38427789-8f29-4e78-b8c8-5d2fbfb2671b",
"value": "c96723a68fc939c835578ff746f7d4c5371cb82a9c0dffe360bb656acea4d6e1"
},
{
"category": "Payload delivery",
"comment": "html",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716052",
"to_ids": true,
"type": "sha256",
"uuid": "b879469e-f585-487b-8be5-e42d7f58cd3d",
"value": "9ce5abd02d397689d99f62dfbd2a6a396876c6629cb5db453f1dcbbc3465ac9a"
},
{
"category": "Payload delivery",
"comment": "Archives",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716263",
"to_ids": true,
"type": "sha256",
"uuid": "c640cf82-25b2-4bc9-b687-a6d2fc9b7b45",
"value": "5f751fb287db51f79bb6df2e330a53b6d80ef3d2af93f09bb786b62e613514db"
},
{
"category": "Payload delivery",
"comment": "Archives",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716263",
"to_ids": true,
"type": "sha256",
"uuid": "f7862093-0ace-4081-8bcc-87757be6df7c",
"value": "baca1159acc715545a787d522950117eae5b7dc65efacfe86383f62e6b9b59d3"
},
{
"category": "Payload delivery",
"comment": "Archives",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716263",
"to_ids": true,
"type": "sha256",
"uuid": "030ac331-5f4a-480d-a8ce-85b886c460b3",
"value": "720a70ca6ee1fbaf06c7cb60d14e27391130407e34e13a092d19f1df2c9c6d05"
},
{
"category": "Payload delivery",
"comment": "Archives",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716263",
"to_ids": true,
"type": "sha256",
"uuid": "d02a5889-c523-4239-af4e-47432c36bfb9",
"value": "460c459db77c5625ed1c029b2dd6c6eae5e631b81a169494fb0182d550769f76"
},
{
"category": "Payload delivery",
"comment": "Archives",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688716263",
"to_ids": true,
"type": "sha256",
"uuid": "f7442091-f412-415c-a8de-dbb3fbd77d11",
"value": "277390cc50e00f52e76a6562e6e699b0345497bd1df26c7c41bd56da5b6d1347"
},
{
"category": "Payload delivery",
"comment": "JavaScripts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717120",
"to_ids": true,
"type": "sha256",
"uuid": "dc275756-44a8-410c-ac12-e5ad42cf0c24",
"value": "3c6ace055527877778d989f469a5a70eb5ef7700375b850f0b1b8414151105ee"
},
{
"category": "Payload delivery",
"comment": "JavaScripts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717120",
"to_ids": true,
"type": "sha256",
"uuid": "d648e16e-8955-4d59-8f5c-f60021a8e321",
"value": "27a61653ce4e503334413cf80809647ce5dca02ff4aea63fb3a39bc62c9c258c"
},
{
"category": "Payload delivery",
"comment": "JavaScripts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717120",
"to_ids": true,
"type": "sha256",
"uuid": "c303a4a0-0f51-444c-bca8-5a81b9b7b007",
"value": "ce308b538ff3a0be0dbcee753db7e556a54b4aeddbddd0c03db7126b08911fe2"
},
{
"category": "Payload delivery",
"comment": "MSI",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717229",
"to_ids": true,
"type": "sha256",
"uuid": "ade041fe-db67-4a5d-b52f-4a0eb90cf238",
"value": "fd0711a50c8af1dbc5c7ba42b894b2af8a2b03dd7544d20f5a887c93b9834429"
},
{
"category": "Payload delivery",
"comment": "MSI",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717229",
"to_ids": true,
"type": "sha256",
"uuid": "fed631dc-e32b-4126-a750-19f671bc4e19",
"value": "3489955d23e66d6f34b3ada70b4d228547dbb3ccb0f6c7282553cbbdeaf168cb"
},
{
"category": "Payload delivery",
"comment": "MSI",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717229",
"to_ids": true,
"type": "sha256",
"uuid": "7d600d01-043a-4e0b-8351-65470c9383ae",
"value": "04b99518502774deb4a9d9cf6b54d43ff8f333d8ec5b4b230c0e995542bb2c61"
},
{
"category": "Payload delivery",
"comment": "MSI",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717229",
"to_ids": true,
"type": "sha256",
"uuid": "6b87864c-b0ca-4be8-9b60-19e2134b0eec",
"value": "bd3881964e351a7691bfc7e997e8a2c8ce4a8e26b79e3712d0cbdc484a5646b6"
},
{
"category": "Payload delivery",
"comment": "MSI",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717229",
"to_ids": true,
"type": "sha256",
"uuid": "c4b96fad-75ad-44a8-a961-e1e1d23d5eea",
"value": "ea2869424df2ffbb113017d95ae48ae8ed9897280fd21b26e046c75b3e43b25a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "filename",
"uuid": "5201eecc-c54e-41d9-81a4-847be85b77b7",
"value": "RoboForm.dll"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "d97638bc-4323-4f3a-bdda-5e5fa6c0c29d",
"value": "b00c252a60171f33e32e64891ffe826b8a45f8816acf778838d788897213a405"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "8e31f890-9f9d-4859-99a4-6492a27c929f",
"value": "2bc30ced135acd6a506cfb557734407f21b70fecd2f645c5b938e14199b24f1e"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "c4d542d1-127a-4cc4-9449-1b8a12e2abac",
"value": "0d13a503d86a6450f71408eb82a196718324465744bf6b8c4e0a780fd5be40c0"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "2f9be8b8-9990-46c3-b127-1ad96f0be1b5",
"value": "0bdfb922a39103658195d1d37ff584d24f7bd88464e7a119e86d6e3579958cc1"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "83a9b04d-1c87-43a5-8998-49c02e0acb65",
"value": "a0879dd439c7f1ed520aad0c309fe1dbf1a2fc41e2468f4174489a0ec56c47c7"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "62cd6350-dffb-4795-84b1-ca2c0ef4b783",
"value": "bddbc529f23ab6b865bc750508403ef57c8cf77284d613d030949bd37078d880"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "87d95afd-9f4e-4ee3-9de8-3d792f5a1928",
"value": "4547914e17c127d9b53bbc9d44de0e5b867f1a86d2e5ede828cd3188ed7fe838"
},
{
"category": "Payload delivery",
"comment": "RoboForm.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688717317",
"to_ids": true,
"type": "sha256",
"uuid": "e899a5f1-895f-4398-8e36-549f535eb7c0",
"value": "0032d5430f1b5fcfb6a380b4f1d226b6b919f2677340503f04df04235409b2d0"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "98da3f2f-aed7-433d-a085-2bd3385c8d3a",
"value": "62c2e246855d589eb1ec37a9f3bcc0b6f3ba9946532aff8a39a4dc9d3a93f42c"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "15135495-f94c-4d8e-8710-57892fcc53a1",
"value": "f7d35cb95256513c07c262d4b03603e073e58eb4cd5fa9aac1e04ecc6e870d42"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "2fd6059c-4e54-4cfb-84bf-f411cf6bab9b",
"value": "bf4f8a5f75e9e5ecd752baa73abddd37b014728722ac3d74b82bffa625bf09b5"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "2731a46e-cecc-495c-9a1e-4a860ccbe51f",
"value": "8a6ef9aa3f0762b03f983a1e53e8c731247273aafa410ed884ecd4c4e02c7db8"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "7fd7ac52-df1a-46c9-a496-b0479f65dd9a",
"value": "ec3e491a831b4057fc0e2ebe9f43c32f1f07959b6430b323d35d6d409d2b31e4"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "ede4804b-e2e8-46c3-8770-ed7a59e12e82",
"value": "bf8e512921522e49d16c638dc8d01bd0a2803a4ef019afbfc2f0941875019ea1"
},
{
"category": "Payload delivery",
"comment": "Encrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725081",
"to_ids": true,
"type": "sha256",
"uuid": "8be04fa0-a8a5-4120-bf5d-2a65f6e79d92",
"value": "ba55542c6fa12865633d6d24f4a81bffd512791a6e0a9b77f6b17a53e2216659"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "1a4d83aa-71c5-41bb-bc17-cef04dc5bf35",
"value": "8ea34b85dd4fb64f7e6591e4f1c24763fc3421caa7c0f0d8350c67b9bafa4d32"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "a59c4e78-186d-4e1e-a435-74b21ea3f13d",
"value": "8cac6dfb2a894ff3f530c29e79dcd37810b4628279b9570a34f7e22bd4d416b3"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "ef63127f-e3b8-4521-892b-127b0f2a063c",
"value": "ea5825fa1f39587a88882e87064caae9dd3b79f02438dc3a229c5b775b530c7d"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "169b95c2-6a5d-43b1-a35a-301332d91695",
"value": "1acb061ce63ee8ee172fbdf518bd261ef2c46d818ffd4b1614db6ce3daa5a885"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "1a299fc1-af8a-4b29-8228-b3947a88db2c",
"value": "08661f40f40371fc8a49380ad3d57521f9d0c2aa322ae4b0a684b27e637aed12"
},
{
"category": "Payload delivery",
"comment": "Decrypted payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725237",
"to_ids": true,
"type": "sha256",
"uuid": "970bc7bf-375e-467c-9d2a-8ddb7c18c1bb",
"value": "324bfb2f414be221e24aaa9fb22cb49e4d4c0904bd7c203afdff158ba63fe35b"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "ip-dst",
"uuid": "88995009-ec15-4814-b8f9-b7e89eb2eaf6",
"value": "45.90.58.69"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "ip-dst",
"uuid": "5fac55a3-27a6-4829-9178-c00f9d88bed9",
"value": "62.233.57.136"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "ip-dst",
"uuid": "be7699e0-c556-47d3-ac9a-24b3c4bd72bd",
"value": "217.12.207.164"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "ip-dst",
"uuid": "c2316ec7-09ef-467b-9c70-e545bd619fe7",
"value": "152.152.12.12"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "domain",
"uuid": "e12b5bd9-03fc-4db1-a097-d6ced8fbc05b",
"value": "jcswcd.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688725523",
"to_ids": true,
"type": "domain",
"uuid": "1f567817-4fc4-489b-a97f-dbd64c8bf1e2",
"value": "newsmailnet.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1688736671",
"to_ids": true,
"type": "ip-dst",
"uuid": "fcfe2c30-fa5c-4613-8b7c-cebf940aef43",
"value": "45.134.83.29"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1688715763",
"uuid": "bba1dd1a-32ef-465a-89eb-6f5b3ccab59d",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1688715763",
"to_ids": false,
"type": "link",
"uuid": "96f066f4-4fd7-466e-82fe-8e707db62917",
"value": "https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1688715763",
"to_ids": false,
"type": "text",
"uuid": "992411e4-4c16-4f45-a642-2a0e5a65866e",
"value": "- Check Point Research uncovers a targeted campaign carried out by a Chinese threat actor targeting government entities in Europe, with a focus on foreign and domestic policy entities.\r\n- The campaign leverages HTML Smuggling, a technique in which attackers hide malicious payloads inside HTML documents.\r\n- Following a complex infection chain involving either archives or MSI files, the attacks deploy PlugX, an implant commonly associated with Chinese threat actors.\r\n- The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some extent with Camaro Dragon, there is insufficient evidence to link the SmugX campaign to the Camaro Dragon group."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1688715763",
"to_ids": false,
"type": "text",
"uuid": "45f7986c-ea72-46bb-91e9-16d191fbbfec",
"value": "Report"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink