adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5718d275-88d4-492e-9f07-43ee950d210f.json

517 lines
No EOL
18 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2016-04-18",
"extends_uuid": "",
"info": "OSINT - \u00e2\u20ac\u0153Operation C-Major\u00e2\u20ac\u009d Actors Also Used Android, BlackBerry Mobile Spyware Against Targets",
"publish_timestamp": "1461251702",
"published": true,
"threat_level_id": "3",
"timestamp": "1461251249",
"uuid": "5718d275-88d4-492e-9f07-43ee950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461244559",
"to_ids": false,
"type": "link",
"uuid": "5718d28f-6890-4731-95e4-4b42950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/operation-c-major-actors-also-used-android-blackberry-mobile-spyware-targets/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461244579",
"to_ids": false,
"type": "comment",
"uuid": "5718d2a3-a008-4c0d-ba56-4ec7950d210f",
"value": "Last March, we reported on Operation C-Major, an active information theft campaign that was able to steal sensitive information from high profile targets in India. The campaign was able to steal large amounts of data despite using relatively simple malware because it used clever social engineering tactics against its targets. In this post, we will focus on the mobile part of their operation and discuss in detail several Android and BlackBerry apps they are using. Based on our investigation, the actors behind Operation C-Major were able to keep their Android malware on Google Play for months and they advertised their apps on Facebook pages which have thousands of likes from high profile targets."
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245186",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f3-98c0-40be-a296-40f8950d210f",
"value": "24f52c5f909d79a70e6e2a4e89aa7816b5f24aec"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245191",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f3-43a4-4bbd-bf88-40c4950d210f",
"value": "202f11c5cf2b9df8bf8ab766a33cd0e6d7a5161a"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245198",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f3-ba78-4f00-a3d3-4232950d210f",
"value": "31ac19091fd5347568b130d7150ed867ffe38c28"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245216",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f4-ef9c-46a2-8d75-4f77950d210f",
"value": "6919aa3a9d5e193a1d48e05e7bf320d795923ea7"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245202",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f4-d518-44d4-aef8-442a950d210f",
"value": "c48a5d639430e08980f1aeb5af49310692f2701b"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245212",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f5-e228-4ed6-b03a-4bff950d210f",
"value": "1ce6b3f02fe2e4ee201bdab2c1e4f6bb5a8da1b1"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245208",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f5-cdac-47c9-ae00-43d2950d210f",
"value": "59aec5002684de8cc8c27f7512ed70c094e4bd20"
},
{
"category": "Payload delivery",
"comment": "Smesh app",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245205",
"to_ids": true,
"type": "sha1",
"uuid": "5718d4f5-84c8-4878-b3a9-4d19950d210f",
"value": "552e3a16dd36ae4a3d4480182124a3f6701911f2"
},
{
"category": "Payload delivery",
"comment": "Ringster",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245260",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54c-be50-4f58-83e2-408c950d210f",
"value": "c544e5d8c6f38bb199283f11f799da8f3bb3807f"
},
{
"category": "Payload delivery",
"comment": "Ringster",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245261",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54d-2990-4cb5-9bfd-4883950d210f",
"value": "a13568164c0a8f50d76d9ffa6e34e31674a3afc8"
},
{
"category": "Payload delivery",
"comment": "Androrat",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245261",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54d-4be0-4e06-9405-4d66950d210f",
"value": "9288811c9747d151eab4ec708b368fc6cc4e2cb5"
},
{
"category": "Payload delivery",
"comment": "Androrat",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245262",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54e-8b80-4d4b-9b3f-48a3950d210f",
"value": "94c74a9e5d1aab18f51487e4e47e5995b7252c4b"
},
{
"category": "Payload delivery",
"comment": "Androrat",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245262",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54e-7dc8-49eb-9432-449a950d210f",
"value": "decf429be7d469292827c3b873f7e61076ffbba1"
},
{
"category": "Payload delivery",
"comment": "Androrat",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245262",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54e-6f18-48bd-aa39-43f1950d210f",
"value": "f86302da2d38bf60f1ea9549b2e21a34fe655b33"
},
{
"category": "Payload delivery",
"comment": "India Sena News",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245263",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54f-23a8-44b0-86b4-46a7950d210f",
"value": "b142e4b75a4562cdaad5cc2610d31594d2ed17c3"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245263",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54f-8be4-4981-8136-4bb4950d210f",
"value": "abcb176578df44c2be7173b318abe704963052b2"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461245263",
"to_ids": true,
"type": "sha1",
"uuid": "5718d54f-e3d0-4a0a-9f5c-45a8950d210f",
"value": "16318c4e4f94a5c4018b05955975771637b306b4"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461248936",
"to_ids": true,
"type": "domain",
"uuid": "5718e3a8-eef0-4849-81fd-470c950d210f",
"value": "mpjunkie.com"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware - Xchecked via VT: 16318c4e4f94a5c4018b05955975771637b306b4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251249",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb1-fb28-4bb5-85e0-40b702de0b81",
"value": "a2d9ef1e249a08737d183177116cba1ed03c411d257d4b8ab66064c9affda057"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware - Xchecked via VT: 16318c4e4f94a5c4018b05955975771637b306b4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251250",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb2-9428-4848-83fb-405b02de0b81",
"value": "5e5a6fd42417c98fdc0a2c9391876d7a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251250",
"to_ids": false,
"type": "link",
"uuid": "5718ecb2-efec-4668-8f3e-493002de0b81",
"value": "https://www.virustotal.com/file/a2d9ef1e249a08737d183177116cba1ed03c411d257d4b8ab66064c9affda057/analysis/1461189256/"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware - Xchecked via VT: abcb176578df44c2be7173b318abe704963052b2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251251",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb3-1d2c-47aa-b21c-474302de0b81",
"value": "7ef9af07a8a5f76a9b80349b1aeac59b25fcda1fb731e03797c682ad85f6e396"
},
{
"category": "Payload delivery",
"comment": "BlackBerry spyware - Xchecked via VT: abcb176578df44c2be7173b318abe704963052b2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251251",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb3-71bc-491c-8314-48ad02de0b81",
"value": "9201801719ebf4c6d8b4adf0425a35dc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251251",
"to_ids": false,
"type": "link",
"uuid": "5718ecb3-9f58-4d1a-8e7f-408f02de0b81",
"value": "https://www.virustotal.com/file/7ef9af07a8a5f76a9b80349b1aeac59b25fcda1fb731e03797c682ad85f6e396/analysis/1461189249/"
},
{
"category": "Payload delivery",
"comment": "India Sena News - Xchecked via VT: b142e4b75a4562cdaad5cc2610d31594d2ed17c3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251252",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb4-03c4-4676-ac2e-4c5002de0b81",
"value": "5bbcd8a7856e037418c0ac1c0c987476e3210f577beffcdfe2eceebc19c5644d"
},
{
"category": "Payload delivery",
"comment": "India Sena News - Xchecked via VT: b142e4b75a4562cdaad5cc2610d31594d2ed17c3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251252",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb4-dd44-44ee-9cd3-4b0702de0b81",
"value": "e6a0066676cab0144eb6055f67d917e0"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251252",
"to_ids": false,
"type": "link",
"uuid": "5718ecb4-8b60-44dd-bc05-483e02de0b81",
"value": "https://www.virustotal.com/file/5bbcd8a7856e037418c0ac1c0c987476e3210f577beffcdfe2eceebc19c5644d/analysis/1461073518/"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: f86302da2d38bf60f1ea9549b2e21a34fe655b33",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251253",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb5-a7d0-4a52-bd6c-4bcd02de0b81",
"value": "f529ccdee54c53e4c02366713ec2d2e8ff629fe56b2f5778f9f7d31f809e4446"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: f86302da2d38bf60f1ea9549b2e21a34fe655b33",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251253",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb5-fa50-4255-823a-4b5702de0b81",
"value": "dfd2eca84919418da2fa617fc51e9de5"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251253",
"to_ids": false,
"type": "link",
"uuid": "5718ecb5-1ad4-4fb3-9889-4b1802de0b81",
"value": "https://www.virustotal.com/file/f529ccdee54c53e4c02366713ec2d2e8ff629fe56b2f5778f9f7d31f809e4446/analysis/1461051345/"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: decf429be7d469292827c3b873f7e61076ffbba1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251254",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb6-a3fc-4ab9-ad1a-48ce02de0b81",
"value": "8b64a32e386d7cc51bb761bee8959bb5cac20e79ae1e549b04b7354e67bdee66"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: decf429be7d469292827c3b873f7e61076ffbba1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251254",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb6-117c-45d3-951e-4c0402de0b81",
"value": "11ba93d968bd96e9e9c9418ea1fdcbbc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251255",
"to_ids": false,
"type": "link",
"uuid": "5718ecb7-3c5c-4b28-8cf0-46f402de0b81",
"value": "https://www.virustotal.com/file/8b64a32e386d7cc51bb761bee8959bb5cac20e79ae1e549b04b7354e67bdee66/analysis/1461051347/"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: 94c74a9e5d1aab18f51487e4e47e5995b7252c4b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251255",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb7-a578-4bc5-b9c2-48b602de0b81",
"value": "563ebffbcd81d41e3ddb7b6ed580a2b17a6a6e14ec6bf208c9c22d7a296de7ae"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: 94c74a9e5d1aab18f51487e4e47e5995b7252c4b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251255",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb7-3210-4790-b39c-4cba02de0b81",
"value": "af046d94f254a3f85a0ba731562a05c5"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251256",
"to_ids": false,
"type": "link",
"uuid": "5718ecb8-7d80-4ee0-9656-43f602de0b81",
"value": "https://www.virustotal.com/file/563ebffbcd81d41e3ddb7b6ed580a2b17a6a6e14ec6bf208c9c22d7a296de7ae/analysis/1461073437/"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: 9288811c9747d151eab4ec708b368fc6cc4e2cb5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251256",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb8-1018-4832-8633-448602de0b81",
"value": "e6753bba53d7cca4a534c3089f24cd0546462667d110c0d48974f9e76714fe1c"
},
{
"category": "Payload delivery",
"comment": "Androrat - Xchecked via VT: 9288811c9747d151eab4ec708b368fc6cc4e2cb5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251257",
"to_ids": true,
"type": "md5",
"uuid": "5718ecb9-5f4c-48f3-80c9-413202de0b81",
"value": "ce59958c01e437f4bdc68b4896222b8e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251257",
"to_ids": false,
"type": "link",
"uuid": "5718ecb9-acdc-4965-83d0-4a9c02de0b81",
"value": "https://www.virustotal.com/file/e6753bba53d7cca4a534c3089f24cd0546462667d110c0d48974f9e76714fe1c/analysis/1461217726/"
},
{
"category": "Payload delivery",
"comment": "Ringster - Xchecked via VT: a13568164c0a8f50d76d9ffa6e34e31674a3afc8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251257",
"to_ids": true,
"type": "sha256",
"uuid": "5718ecb9-67b8-422e-b4d1-4f8202de0b81",
"value": "8babf68a96861c8495580b5ecf54d8e9e1c76fc89fb72a322c94e74796db4e19"
},
{
"category": "Payload delivery",
"comment": "Ringster - Xchecked via VT: a13568164c0a8f50d76d9ffa6e34e31674a3afc8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251258",
"to_ids": true,
"type": "md5",
"uuid": "5718ecba-bc08-4277-9a9f-473002de0b81",
"value": "c4cd2f9ba10c0f773a8ec56045d3b398"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251258",
"to_ids": false,
"type": "link",
"uuid": "5718ecba-61b8-46ad-aef6-4bc502de0b81",
"value": "https://www.virustotal.com/file/8babf68a96861c8495580b5ecf54d8e9e1c76fc89fb72a322c94e74796db4e19/analysis/1461226275/"
}
]
}
}
Reference in a new issue View git blame Copy permalink