adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59afedbe-12f4-4585-9048-4b8b950d210f.json

414 lines
No EOL
15 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-09-06",
"extends_uuid": "",
"info": "OSINT - Dragonfly: Western energy sector targeted by sophisticated attack group",
"publish_timestamp": "1504707371",
"published": true,
"threat_level_id": "3",
"timestamp": "1504707359",
"uuid": "59afedbe-12f4-4585-9048-4b8b950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-intrusion-set=\"Dragonfly\"",
"relationship_type": ""
},
{
"colour": "#12e200",
"local": false,
"name": "misp-galaxy:threat-actor=\"Energetic Bear\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#ff8e41",
"local": false,
"name": "certsi:critical-sector=\"energy\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59afeddc-0fc0-471d-8894-2b8f950d210f",
"value": "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "comment",
"uuid": "59afee32-7834-49c8-83a1-2a5e950d210f",
"value": "The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This \u00e2\u20ac\u0153Dragonfly 2.0\u00e2\u20ac\u009d campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Backdoor.Dorshel",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-c93c-414e-8a00-2a4f950d210f",
"value": "b3b5d67f5bbf5a043f5bf5d079dbcb56"
},
{
"category": "Payload delivery",
"comment": "Trojan.Karagany.B",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-2138-4eb2-be22-2a4f950d210f",
"value": "1560f68403c5a41e96b28d3f882de7f1"
},
{
"category": "Payload delivery",
"comment": "Trojan.Heriplor",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-9094-4c28-af46-2a4f950d210f",
"value": "e02603178c8c47d198f7d34bcf2d68b8"
},
{
"category": "Payload delivery",
"comment": "Trojan.Listrix",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-d2a8-4044-be77-2a4f950d210f",
"value": "da9d8c78efe0c6c8be70e6b857400fb1"
},
{
"category": "Payload delivery",
"comment": "Hacktool.Credrix",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-2e84-4d01-bd45-2a4f950d210f",
"value": "a4cf567f27f3b2f8b73ae15e2e487f00"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Goodor",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-ba6c-4f95-b2eb-2a4f950d210f",
"value": "765fcd7588b1d94008975c4627c8feb6"
},
{
"category": "Payload delivery",
"comment": "Trojan.Phisherly",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-9e9c-47fc-b818-2a4f950d210f",
"value": "141e78d16456a072c9697454fc6d5f58"
},
{
"category": "Payload delivery",
"comment": "Screenutil",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "md5",
"uuid": "59afeeef-2250-49ea-b0ab-2a4f950d210f",
"value": "db07e1740152e09610ea826655d27e8d"
},
{
"category": "Network activity",
"comment": "Command & Control for Backdoor.Dorshel",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "url",
"uuid": "59afef44-f9c8-4bd0-9214-2fb4950d210f",
"value": "http://103.41.177.69/A56WY"
},
{
"category": "Network activity",
"comment": "Command & Control for Trojan.Karagany.B",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "url",
"uuid": "59afef44-2fa4-4a68-93e5-2fb4950d210f",
"value": "http://37.1.202.26/getimage/622622.jpg"
},
{
"category": "Network activity",
"comment": "Command & Control for Trojan.Phisherly",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "ip-dst",
"uuid": "59afef44-0f1c-46e7-9221-2fb4950d210f",
"value": "184.154.150.66"
},
{
"category": "Payload delivery",
"comment": "Trojan.Phisherly - Xchecked via VT: 141e78d16456a072c9697454fc6d5f58",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-7184-4065-929b-45ca02de0b81",
"value": "c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d"
},
{
"category": "Payload delivery",
"comment": "Trojan.Phisherly - Xchecked via VT: 141e78d16456a072c9697454fc6d5f58",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-767c-45f4-909d-45e802de0b81",
"value": "eff5e2a3ac471a1b5ecdf51a72e003a82c350506"
},
{
"category": "External analysis",
"comment": "Trojan.Phisherly - Xchecked via VT: 141e78d16456a072c9697454fc6d5f58",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-8c90-429a-9187-4f7b02de0b81",
"value": "https://www.virustotal.com/file/c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d/analysis/1504702236/"
},
{
"category": "Payload delivery",
"comment": "Hacktool.Credrix - Xchecked via VT: a4cf567f27f3b2f8b73ae15e2e487f00",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-8f78-44a7-87a2-449d02de0b81",
"value": "178348c14324bc0a3e57559a01a6ae6aa0cb4013aabbe324b51f906dcf5d537e"
},
{
"category": "Payload delivery",
"comment": "Hacktool.Credrix - Xchecked via VT: a4cf567f27f3b2f8b73ae15e2e487f00",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-d548-4a07-a646-49d602de0b81",
"value": "4f2faef3d65099c19d617df73af5119dd719240c"
},
{
"category": "External analysis",
"comment": "Hacktool.Credrix - Xchecked via VT: a4cf567f27f3b2f8b73ae15e2e487f00",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-ff24-460a-8067-4d0302de0b81",
"value": "https://www.virustotal.com/file/178348c14324bc0a3e57559a01a6ae6aa0cb4013aabbe324b51f906dcf5d537e/analysis/1504704171/"
},
{
"category": "Payload delivery",
"comment": "Trojan.Listrix - Xchecked via VT: da9d8c78efe0c6c8be70e6b857400fb1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-c7bc-46a0-92b5-46cd02de0b81",
"value": "fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9"
},
{
"category": "Payload delivery",
"comment": "Trojan.Listrix - Xchecked via VT: da9d8c78efe0c6c8be70e6b857400fb1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-d3bc-419d-936c-421302de0b81",
"value": "cd9519127efcc9a65068befe17ae038c94085358"
},
{
"category": "External analysis",
"comment": "Trojan.Listrix - Xchecked via VT: da9d8c78efe0c6c8be70e6b857400fb1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-715c-49a9-84cb-49e002de0b81",
"value": "https://www.virustotal.com/file/fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9/analysis/1504707156/"
},
{
"category": "Payload delivery",
"comment": "Trojan.Heriplor - Xchecked via VT: e02603178c8c47d198f7d34bcf2d68b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-5b68-4e2d-80f2-4f7502de0b81",
"value": "b051a5997267a5d7fa8316005124f3506574807ab2b25b037086e2e971564291"
},
{
"category": "Payload delivery",
"comment": "Trojan.Heriplor - Xchecked via VT: e02603178c8c47d198f7d34bcf2d68b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-892c-4dd0-a380-40b402de0b81",
"value": "d6ef3e457819425bf9524e8a7070f3fcf21c3ad5"
},
{
"category": "External analysis",
"comment": "Trojan.Heriplor - Xchecked via VT: e02603178c8c47d198f7d34bcf2d68b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-5e44-43ab-bcf4-440502de0b81",
"value": "https://www.virustotal.com/file/b051a5997267a5d7fa8316005124f3506574807ab2b25b037086e2e971564291/analysis/1504704663/"
},
{
"category": "Payload delivery",
"comment": "Trojan.Karagany.B - Xchecked via VT: 1560f68403c5a41e96b28d3f882de7f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-3aa4-4feb-b8c0-46ac02de0b81",
"value": "28143c7638f22342bff8edcd0bedd708e265948a5fcca750c302e2dca95ed9f0"
},
{
"category": "Payload delivery",
"comment": "Trojan.Karagany.B - Xchecked via VT: 1560f68403c5a41e96b28d3f882de7f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-7f60-4222-80d3-4cc102de0b81",
"value": "95db15c67b48945237af7de61f3dbab92c99edd1"
},
{
"category": "External analysis",
"comment": "Trojan.Karagany.B - Xchecked via VT: 1560f68403c5a41e96b28d3f882de7f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-1d58-41e5-97c0-441b02de0b81",
"value": "https://www.virustotal.com/file/28143c7638f22342bff8edcd0bedd708e265948a5fcca750c302e2dca95ed9f0/analysis/1504696978/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Dorshel - Xchecked via VT: b3b5d67f5bbf5a043f5bf5d079dbcb56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha256",
"uuid": "59b00317-0dbc-4932-8748-464502de0b81",
"value": "cee4211af96df184236e816ab0b11d95d1075148299a29719fcd9675b2714426"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Dorshel - Xchecked via VT: b3b5d67f5bbf5a043f5bf5d079dbcb56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": true,
"type": "sha1",
"uuid": "59b00317-8cd8-440c-8c01-4efb02de0b81",
"value": "c7eae6cd08d0601223b641745f078dffce285066"
},
{
"category": "External analysis",
"comment": "Backdoor.Dorshel - Xchecked via VT: b3b5d67f5bbf5a043f5bf5d079dbcb56",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504707351",
"to_ids": false,
"type": "link",
"uuid": "59b00317-24f4-44f6-bfd7-4ca902de0b81",
"value": "https://www.virustotal.com/file/cee4211af96df184236e816ab0b11d95d1075148299a29719fcd9675b2714426/analysis/1504696840/"
}
]
}
}
Reference in a new issue View git blame Copy permalink