misp-circl-feed/feeds/circl/misp/55014406-fd90-4fc1-a814-4638950d210b.json

513 lines
No EOL
16 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2015-03-10",
"extends_uuid": "",
"info": "OSINT Tibetan Uprising Day Malware Attacks by Citizen Labs",
"publish_timestamp": "1426149018",
"published": true,
"threat_level_id": "2",
"timestamp": "1426147474",
"uuid": "55014406-fd90-4fc1-a814-4638950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#33FF00",
"name": "tlp:green"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146321",
"to_ids": false,
"type": "link",
"uuid": "55014411-d4cc-4047-bc11-4dd5950d210b",
"value": "https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146351",
"to_ids": true,
"type": "email-attachment",
"uuid": "5501442f-79a8-4594-a548-310e950d210b",
"value": "10th March.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146373",
"to_ids": false,
"type": "vulnerability",
"uuid": "55014445-9d54-4f18-a108-4f7f950d210b",
"value": "CVE-2012-0158"
},
{
"category": "Network activity",
"comment": "MsAttacker",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147197",
"to_ids": true,
"type": "ip-dst",
"uuid": "5501445e-a540-44d5-801d-4c2c950d210b",
"value": "122.10.117.152"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146418",
"to_ids": true,
"type": "url",
"uuid": "55014472-b0d8-48fe-800e-ca98950d210b",
"value": "http://122.10.117.152/download/ms/MiniJs.dll"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146418",
"to_ids": true,
"type": "url",
"uuid": "55014472-1174-4e76-838f-ca98950d210b",
"value": "/download/ms/MiniJs.dll"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146445",
"to_ids": true,
"type": "filename",
"uuid": "5501448d-2ed8-43ef-8476-492b950d210b",
"value": "%WINDIR%\\system32\\teamviewsvc.dll"
},
{
"category": "Network activity",
"comment": "MsAttacker",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147197",
"to_ids": true,
"type": "ip-dst",
"uuid": "550144a0-0f58-4165-94d0-48f2950d210b",
"value": "23.27.127.200"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146474",
"to_ids": false,
"type": "text",
"uuid": "550144aa-d8d4-43f4-b4cc-45f2950d210b",
"value": "MsAttacker"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146502",
"to_ids": true,
"type": "email-attachment",
"uuid": "550144c6-705c-4176-a9aa-9778950d210b",
"value": "WTO. non-market status China _1_.doc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146517",
"to_ids": false,
"type": "link",
"uuid": "550144d5-fc14-4bf8-a9af-4fe8950d210b",
"value": "https://malwr.com/analysis/MDE4MDMzNGQ0MjY2NDY1OWE5ZTVhMDRmZjQzNTlkYWM/"
},
{
"category": "Artifacts dropped",
"comment": "MiniJS.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146735",
"to_ids": true,
"type": "md5",
"uuid": "550145af-46c8-4980-8fab-ca98950d210b",
"value": "2782c233ddde25040fb1febf9b13611e"
},
{
"category": "Artifacts dropped",
"comment": "MiniJS.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146735",
"to_ids": true,
"type": "sha1",
"uuid": "550145af-1cd8-4470-bddc-ca98950d210b",
"value": "be50ef6c94f3b630886e1b337e89f4ea9d6e7649"
},
{
"category": "Artifacts dropped",
"comment": "MiniJS.dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146735",
"to_ids": true,
"type": "sha256",
"uuid": "550145af-1448-4610-9e15-ca98950d210b",
"value": "50aebd2a1e3b8917d6c2b5e88c2e2999b2368fca550c548d0836aa57e35c463f"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146758",
"to_ids": false,
"type": "text",
"uuid": "550145c6-f97c-4ba4-aa09-9778950d210b",
"value": "ShadowNet"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146796",
"to_ids": true,
"type": "url",
"uuid": "550145ec-ddf8-4a02-b69f-49fb950d210b",
"value": "http://johnsmith152.typepad.com/blog/rss.xml"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146797",
"to_ids": true,
"type": "url",
"uuid": "550145ed-a194-4be4-ae2d-49c2950d210b",
"value": "http://mynewshemm.wordpress.com/feed/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146797",
"to_ids": true,
"type": "url",
"uuid": "550145ed-4940-425d-8b3d-4532950d210b",
"value": "http://johnsmith5382.thoughts.com/feed"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146820",
"to_ids": true,
"type": "url",
"uuid": "55014604-fde8-40d8-a01a-9778950d210b",
"value": "http://www.semamail.info/firex/test.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146847",
"to_ids": true,
"type": "ip-dst",
"uuid": "5501461f-b418-4dc1-a388-ca98950d210b",
"value": "122.10.117.5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146868",
"to_ids": false,
"type": "AS",
"uuid": "55014634-3e34-4ce2-94d9-4d15950d210b",
"value": "24544"
},
{
"category": "Attribution",
"comment": "Registrant of semamail.info",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146912",
"to_ids": false,
"type": "text",
"uuid": "55014660-9d28-4cca-98bc-4cb7950d210b",
"value": "mike.fly@email.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146923",
"to_ids": true,
"type": "domain",
"uuid": "5501466b-005c-467a-9862-47c4950d210b",
"value": "semamail.info"
},
{
"category": "Network activity",
"comment": "Same registrant as semamail.info",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146986",
"to_ids": true,
"type": "domain",
"uuid": "5501468b-374c-4fec-a0d3-4a94950d210b",
"value": "conamail.info"
},
{
"category": "Network activity",
"comment": "Same registrant as semamail.info",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146986",
"to_ids": true,
"type": "domain",
"uuid": "5501468b-2338-4833-bb8e-456d950d210b",
"value": "convmail.info"
},
{
"category": "Network activity",
"comment": "Same registrant as semamail.info",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426146986",
"to_ids": true,
"type": "domain",
"uuid": "5501468b-4f98-4f19-a158-435a950d210b",
"value": "fifamp3.info"
},
{
"category": "Network activity",
"comment": "Also resolved to 122.10.117.35",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147024",
"to_ids": true,
"type": "hostname",
"uuid": "550146d0-f174-4578-a83d-ca98950d210b",
"value": "rukiyeangel.dyndns.pro"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "md5",
"uuid": "5501471c-d41c-4568-91e3-41ad950d210b",
"value": "8346b50c3954b5c25bf13fcd281eb11a"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "sha1",
"uuid": "5501471c-4798-4566-a48c-48ad950d210b",
"value": "d9a74528bb56a841cea1fe5fa3e0c777a8e96402"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "sha256",
"uuid": "5501471c-1f40-458f-8f17-40f5950d210b",
"value": "de7058700f06c5310c26944b28203bc82035f9ff74021649db39a24470517fd1"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "md5",
"uuid": "5501471c-58e8-47c0-9fe2-48dc950d210b",
"value": "6fc909a57650daff9a8b9264f38444a7"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "sha1",
"uuid": "5501471c-f594-446e-9879-4b61950d210b",
"value": "2a2a1fae6be0468d388aa2c721a0edd93fb37649"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147100",
"to_ids": true,
"type": "sha256",
"uuid": "5501471c-51cc-4abf-b1d9-4f6e950d210b",
"value": "a264cec4096a04c47013d41dcddab9f99482f8f83d61e13be4bcf4614f79b7a0"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147142",
"to_ids": true,
"type": "md5",
"uuid": "55014746-35d0-487a-9f31-4410950d210b",
"value": "69a0f490de6ae9fdde0ad9cc35305a7d"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147142",
"to_ids": true,
"type": "sha1",
"uuid": "55014746-0bb8-43fe-98a9-4058950d210b",
"value": "e3532fc890f659fb6afb9115b388e0024565888c"
},
{
"category": "Artifacts dropped",
"comment": "MsAttacker Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147142",
"to_ids": true,
"type": "sha256",
"uuid": "55014746-1458-4bcd-aabf-4688950d210b",
"value": "3de8fb09d79166f10f4a10aef1202c2cb45849943f224dc6c61df8d18435e064"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147229",
"to_ids": true,
"type": "url",
"uuid": "5501479d-ffe8-4bdf-b1ba-0959950d210b",
"value": "http://122.10.117.152/download/ms/CryptBase.32.cab"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147229",
"to_ids": true,
"type": "url",
"uuid": "5501479d-07b8-45b9-aaf3-0959950d210b",
"value": "http://122.10.117.152/download/ms/CryptBase.64.cab"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147266",
"to_ids": true,
"type": "md5",
"uuid": "550147c2-aeb8-44cc-84eb-4c8f950d210b",
"value": "72707089512762fce576e29a0472eb16"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147266",
"to_ids": true,
"type": "sha1",
"uuid": "550147c2-ef78-4730-9051-4e54950d210b",
"value": "4ab039da14acf7d80fbb11034ef9ccc861c5ed24"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147266",
"to_ids": true,
"type": "sha256",
"uuid": "550147c2-f8e0-49e2-ac9f-4140950d210b",
"value": "ddfa44ebb181282e815e965a1c531c7e145128aa7306b508a563e10d5f9f03fb"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147316",
"to_ids": true,
"type": "md5",
"uuid": "550147f4-84c0-4e82-bc24-0955950d210b",
"value": "d8ae44cd65f97654f066edbcb501d999"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147317",
"to_ids": true,
"type": "sha1",
"uuid": "550147f5-6850-4f1d-9a7f-0955950d210b",
"value": "602a762dca46f7639210e60c59f89a6e7a16391b"
},
{
"category": "Artifacts dropped",
"comment": "ShadowNet Stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426147317",
"to_ids": true,
"type": "sha256",
"uuid": "550147f5-3fa4-48f9-ac44-0955950d210b",
"value": "e8f36317e29206d48bd0e6dd6570872122be44f82ca1de01aef373b3cdb2c0e1"
}
]
}
}