misp-circl-feed/feeds/circl/misp/55c7524c-e510-453a-93dc-c2c9950d210b.json

572 lines
No EOL
19 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2013-08-23",
"extends_uuid": "",
"info": "OSINT Operation Molerats: Middle East Cyber Attacks Using Poison Ivy by Fire Eye",
"publish_timestamp": "1498161566",
"published": true,
"threat_level_id": "2",
"timestamp": "1498161545",
"uuid": "55c7524c-e510-453a-93dc-c2c9950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439126109",
"to_ids": false,
"type": "link",
"uuid": "55c7525e-d474-4ed0-a478-c2c9950d210b",
"value": "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886535",
"to_ids": true,
"type": "md5",
"uuid": "55d2ebcc-0278-4b56-8b29-7c5e950d210b",
"value": "7084f3a2d63a16a191b7fcb2b19f0e0d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886296",
"to_ids": true,
"type": "mutex",
"uuid": "55d2ebd8-092c-48cc-a41d-966f950d210b",
"value": "gdfgdfgdg"
},
{
"category": "Attribution",
"comment": "Password used",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886311",
"to_ids": false,
"type": "text",
"uuid": "55d2ebe7-30a8-486a-83f9-9675950d210b",
"value": "!@#GooD#@!"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886378",
"to_ids": true,
"type": "md5",
"uuid": "55d2ec2a-a434-4f1d-b1e2-9804950d210b",
"value": "16346b95e6deef9da7fe796c31b9dec4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886379",
"to_ids": true,
"type": "md5",
"uuid": "55d2ec2b-4958-4ca6-9c55-9804950d210b",
"value": "fc554a0ad7cf9d4f47ec4f297dbde375"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886379",
"to_ids": true,
"type": "md5",
"uuid": "55d2ec2b-08cc-438a-973c-9804950d210b",
"value": "a8714aac274a18f1724d9702d40030bf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886379",
"to_ids": true,
"type": "md5",
"uuid": "55d2ec2b-b49c-4e7e-aaa9-9804950d210b",
"value": "d9a7c4a100cfefef995785f707be895c"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886394",
"to_ids": true,
"type": "hostname",
"uuid": "55d2ec3a-84b8-4b12-88ea-7c5e950d210b",
"value": "toornt.servegame.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886394",
"to_ids": true,
"type": "hostname",
"uuid": "55d2ec3a-b1e4-436b-a630-7c5e950d210b",
"value": "updateo.servegame.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886394",
"to_ids": true,
"type": "hostname",
"uuid": "55d2ec3a-d668-4526-be3a-7c5e950d210b",
"value": "egypttv.sytes.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886394",
"to_ids": true,
"type": "hostname",
"uuid": "55d2ec3a-f498-428a-84c1-7c5e950d210b",
"value": "skype.servemp3.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886394",
"to_ids": true,
"type": "hostname",
"uuid": "55d2ec3a-f1b0-4307-930f-7c5e950d210b",
"value": "natco2.no-ip.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886428",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5c-4a24-422c-895c-9673950d210b",
"value": "209.200.39.48"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886429",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5d-c21c-43ad-822a-9673950d210b",
"value": "209.200.39.88"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886429",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5d-c4e4-43fb-9584-9673950d210b",
"value": "173.225.126.166"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886429",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5d-c8e0-4024-96bd-9673950d210b",
"value": "173.225.126.103"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886429",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5d-8ef8-420d-931a-9673950d210b",
"value": "209.200.39.220"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886429",
"to_ids": true,
"type": "ip-dst",
"uuid": "55d2ec5d-36c0-4e7f-86ca-9673950d210b",
"value": "173.225.126.179"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1498161545",
"to_ids": true,
"type": "yara",
"uuid": "55d2ec7e-be34-4690-ba35-966f950d210b",
"value": "rule Molerats_certs\n{\nmeta:\n author = \"FireEye Labs\"\n description = \"this rule detections code signed with certificates used by the Molerats actor\"\n\nstrings:\n $cert1 = {06 50 11 A5 BC BF 83 C0 93 28 16 5E 7E 85 27 75}\n $cert2 = {03 e1 e1 aa a5 bc a1 9f ba 8c 42 05 8b 4a bf 28}\n $cert3 = {0c c0 35 9c 9c 3c da 00 d7 e9 da 2d c6 ba 7b 6d}\n\ncondition:\n 1 of ($cert*)\n}"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886515",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb3-aba8-4a4e-a1e9-876d950d210b",
"value": "9dff139bbbe476770294fb86f4e156ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886515",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb3-ede8-46c1-ada5-876d950d210b",
"value": "6350d1039742b87b7917a5e26de2c25c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886515",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb3-d644-402a-98d5-876d950d210b",
"value": "b0a9abc76a2b4335074a13939c59bfc9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886516",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb4-cbbc-4cba-9aeb-876d950d210b",
"value": "5b740b4623b2d1049c0036a6aae684b0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886516",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb4-443c-42fa-b9dc-876d950d210b",
"value": "cf31aea415e7013e85d1687a1c0f5daa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886516",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb4-20d8-4a64-b332-876d950d210b",
"value": "973b5f2a5608d243e7305ee4f9249302"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886516",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb4-5fd4-4777-b900-876d950d210b",
"value": "e85fc76362c2e9dc7329fddda8acc89e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886516",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb4-cee0-4dc1-b27e-876d950d210b",
"value": "b05603938a888018d4dcdc551c4be8ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439886517",
"to_ids": true,
"type": "md5",
"uuid": "55d2ecb5-23b4-4842-be8d-876d950d210b",
"value": "9ef9a631160b96322010a5238defc673"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846383",
"to_ids": true,
"type": "sha1",
"uuid": "56c673ef-24a8-47b3-b427-4249950d210f",
"value": "4662aa7b63d4377c38c38c6ed092b88e13883150"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via a8714aac274a18f1724d9702d40030bf)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846385",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f1-b2dc-42aa-b601-599c950d210f",
"value": "d5da2c4e6024056ca07958d8b6336d17f7109cf8"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via d9a7c4a100cfefef995785f707be895c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846386",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f2-ed28-4341-be11-5f51950d210f",
"value": "2ae0ba3873b44d2bacf026ad547e65b69fbbb641"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846388",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f4-a5c4-4f07-ab2f-c650950d210f",
"value": "cbd95c2d6209e7db9cb5af62b986d6fdf3b0b032"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846389",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f5-bf90-4d53-9f6d-5f51950d210f",
"value": "336151283faff1cd5bd9ced42b8cf9e15c3bffc7"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846391",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f7-1394-4e3b-a50c-59a1950d210f",
"value": "a684da91db91fe1b8b4c1d842d739da85e065e45"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846392",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f8-76c8-4d94-b222-4bdb950d210f",
"value": "e27729038d209e9b67577387f8164d5e7c5b921d"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846393",
"to_ids": true,
"type": "sha1",
"uuid": "56c673f9-79d4-4d33-93c3-c650950d210f",
"value": "eebf9abe5c8aea61bc083e44089accb5dca36041"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846394",
"to_ids": true,
"type": "sha1",
"uuid": "56c673fa-57f0-4ce3-980b-c652950d210f",
"value": "52fae7e11829a4e3979ae719c92f44ffd102b4d8"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 9ef9a631160b96322010a5238defc673)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846396",
"to_ids": true,
"type": "sha1",
"uuid": "56c673fc-f658-4f61-a69c-c653950d210f",
"value": "a2c051fac0f5f5b42a5b7ec94411a70c16dc239c"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846384",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f0-e658-4060-a4b0-599f950d210f",
"value": "b745cf098e8643fb92723dedaef3343ec659baa288fffe847e961a8e62c2075f"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via a8714aac274a18f1724d9702d40030bf)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846386",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f2-de38-4262-92c5-c654950d210f",
"value": "4f3bd6a74ddb04a5c4ae2f0b7290e1fe06123fbb681039962b3b291d143ebbc3"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via d9a7c4a100cfefef995785f707be895c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846387",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f3-c984-4362-b914-5ca1950d210f",
"value": "bc2c1e2d23058a9277e8f3550fb7b0dfbb2c6e8a19e7981e24a72ea725682ecf"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846388",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f4-4f5c-4a34-904c-59a3950d210f",
"value": "faf73608255525a2a62825178f79d592a7a7a2597385d7887178d89cc67e7265"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846390",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f6-698c-4590-8c77-4556950d210f",
"value": "48d671f419d957e4a1cd1a0cc54a0cd72b259b9558c2e95cf6d06850bf12e0f8"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846391",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f7-164c-44e8-8ec5-5ca1950d210f",
"value": "34c13f37fa7f31b0143509b1545ab5b248def00827880708103ce427621fdfa6"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846393",
"to_ids": true,
"type": "sha256",
"uuid": "56c673f9-1d4c-4328-ade7-c653950d210f",
"value": "4754fb852c5c82c8b94ae6a0cbb2edd1e82b369b0fdbc3bf8a04bed293b0f4fe"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846394",
"to_ids": true,
"type": "sha256",
"uuid": "56c673fa-2610-4a95-b832-599d950d210f",
"value": "23aa514a00838624795a13bcc0b7ff54d462a3cf12c53a00ee877424a180dd81"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846395",
"to_ids": true,
"type": "sha256",
"uuid": "56c673fb-e8a8-4807-a7a3-4cd5950d210f",
"value": "9bdbfd5a70750f02b094786710fefb50ba839ed50ca3546dedd39cb92cc5156b"
},
{
"category": "Payload delivery",
"comment": "Automatically added (via 9ef9a631160b96322010a5238defc673)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455846396",
"to_ids": true,
"type": "sha256",
"uuid": "56c673fc-74b8-4e7a-8b7c-59a3950d210f",
"value": "6766177387cd1deda85fcda715fa6ffac3216c206e11857ac5d719ff408d930d"
}
]
}
}