misp-circl-feed/feeds/circl/misp/5a5df98f-3ea4-4cd5-b1d5-47d5950d210f.json

738 lines
No EOL
22 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2017-06-14",
"extends_uuid": "",
"info": "OSINT Phantom of the Opaera: New KASPERAGENT Malware Campaign by ThreatConnect",
"publish_timestamp": "1516110415",
"published": true,
"threat_level_id": "2",
"timestamp": "1516110409",
"uuid": "5a5df98f-3ea4-4cd5-b1d5-47d5950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#f71212",
"local": "0",
"name": "APT",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108415",
"to_ids": false,
"type": "link",
"uuid": "5a5dfa7f-3e2c-4d2f-bfa2-62e5950d210f",
"value": "https://www.threatconnect.com/blog/kasperagent-malware-campaign/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108415",
"to_ids": false,
"type": "link",
"uuid": "5a5dfa7f-fdf0-4b29-b3b6-62e5950d210f",
"value": "https://app.threatconnect.com/auth/campaign/campaign.xhtml?campaign=4219181"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108415",
"to_ids": false,
"type": "link",
"uuid": "5a5dfa7f-e974-43a9-a4b8-62e5950d210f",
"value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219182"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108415",
"to_ids": false,
"type": "link",
"uuid": "5a5dfa7f-0d38-4c30-bfc2-62e5950d210f",
"value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219191"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108415",
"to_ids": false,
"type": "link",
"uuid": "5a5dfa7f-215c-42ac-8c84-62e5950d210f",
"value": "https://app.threatconnect.com/auth/incident/incident.xhtml?incident=4219223"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108723",
"to_ids": true,
"type": "pdb",
"uuid": "5a5dfaa7-cb80-4fd8-b424-46c0950d210f",
"value": "%USERPROFILE%\\Documents\\Visual Studio 2008\\Projects\\New folder (2)\\kasper\\Release\\kasper.pdb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108470",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfab6-c328-44c4-b3e4-bff6950d210f",
"value": "6843ae9eac03f69df301d024bfdefc88"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108470",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfab6-467c-45d8-adf9-bff6950d210f",
"value": "4fe7561f63a71ca73c26cb95b28eaee8"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108498",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfad2-24a0-46cc-9257-46be950d210f",
"value": "treestower.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108498",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfad2-3e88-469e-ad8e-4917950d210f",
"value": "mailsinfo.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108524",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfaec-a0b8-44c2-8802-c1be950d210f",
"value": "2de25306a58d8a5b6cbe8d5e2fc5f3c5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108524",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfaec-7b28-4d37-89dc-c1be950d210f",
"value": "windowsnewupdates.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108524",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfaec-d4c8-4f95-928c-c1be950d210f",
"value": "c66f88d2d76d79210d568d7ad7896b45"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108564",
"to_ids": true,
"type": "imphash",
"uuid": "5a5dfb14-0a08-4f8b-abf7-44a3950d210f",
"value": "0b4e44256788783634a2b1dadf4f9784"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108565",
"to_ids": true,
"type": "imphash",
"uuid": "5a5dfb15-9e3c-4d8f-9580-4b34950d210f",
"value": "e44f0bd2adfb9cbcabcad314d27accfc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108591",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a5dfb2f-f3f0-40a4-8746-62e5950d210f",
"value": "195.154.110.237"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108613",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfb45-d0f0-4f3c-9010-476e950d210f",
"value": "upfile2box.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108613",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfb45-b754-4fc6-9687-4265950d210f",
"value": "7aga.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108649",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a5dfb69-23a8-4879-9a3f-4356950d210f",
"value": "144.76.107.83"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108650",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfb6a-08c0-4d3a-aff7-4c82950d210f",
"value": "www.treestower.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108650",
"to_ids": true,
"type": "domain",
"uuid": "5a5dfb6a-90e4-423a-8ffa-4c58950d210f",
"value": "www.windowsnewupdates.com"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108650",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb6a-7ad8-4026-94c1-4596950d210f",
"value": "6e853f78c47dfd4cc726a47b0098d1b1"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108651",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb6b-b78c-4f37-a92f-4db9950d210f",
"value": "6843ae9eac03f69df301d024bfdefc88"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108651",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb6b-1070-4ec8-9123-4e38950d210f",
"value": "4fe7561f63a71ca73c26cb95b28eaee8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108652",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb6c-9bd0-47b2-8f40-44c3950d210f",
"value": "bf587707b44e46208a53817a4718d384"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108652",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb6c-5b5c-40d0-b251-4f33950d210f",
"value": "2de25306a58d8a5b6cbe8d5e2fc5f3c5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108653",
"to_ids": true,
"type": "url",
"uuid": "5a5dfb6d-1038-4ce4-8d79-4e4d950d210f",
"value": "http://www.windowsnewupdates.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108653",
"to_ids": true,
"type": "url",
"uuid": "5a5dfb6d-cd94-4687-a84a-44b6950d210f",
"value": "http://www.windowsnewupdates.com/dad5/sign.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108653",
"to_ids": true,
"type": "url",
"uuid": "5a5dfb6d-b354-4f56-a4ff-4a5f950d210f",
"value": "http://www.treestower.com/images/17457790_12836.jpg"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108654",
"to_ids": true,
"type": "url",
"uuid": "5a5dfb6e-f0c0-4718-9153-4f79950d210f",
"value": "http://www.windowsnewupdates.com/dad5/addCity.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108654",
"to_ids": true,
"type": "url",
"uuid": "5a5dfb6e-2e90-47c2-be61-4411950d210f",
"value": "http://www.windowsnewupdates.com/dad5/town.php"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108686",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb8e-8ecc-4905-9fac-4347950d210f",
"value": "339261a97e4cb123f15c77cb916c0ed2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108687",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb8f-cbf4-42c3-b2b0-4725950d210f",
"value": "48f39fe48f6fdae46dda189a904b5ad2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516108687",
"to_ids": true,
"type": "md5",
"uuid": "5a5dfb8f-f5e0-4e15-b049-4ae2950d210f",
"value": "f6ac341729d42893a06db8d55aaaabae"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110255",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01af-a050-4383-91ca-4711950d210f",
"value": "53135d1b2488ce356a9dfbbfa717dd8a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110256",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b0-9b30-4098-bfa7-4795950d210f",
"value": "30bfc2f4776451fb04fe272e372db82f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110256",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b0-2bf0-4137-b3d4-4d9e950d210f",
"value": "0734f5ff152d851a4c0655d06cc43530"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110256",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b0-1adc-461c-8f3b-4d66950d210f",
"value": "a3fc6b4fed7c1d5ffd242ed39a9f6c8f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110257",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b1-5120-4c22-ad0c-4994950d210f",
"value": "fbf143b2d34c43bf50d713054f5b6035"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110257",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b1-f4d0-48e3-8428-4309950d210f",
"value": "568b97515f969b14bc727e8961fd65c9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110258",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b2-da38-4971-9d68-4954950d210f",
"value": "135d87dc18f703238eca6e360dd6e050"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110258",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b2-e094-41be-a734-406d950d210f",
"value": "73148c69c283eb85517419c4b7e60c46"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110259",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b3-4240-47b2-b3f1-4b06950d210f",
"value": "96cc23b77c36cec0c34ade9b740b7b87"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110259",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b3-e060-4ca3-91d5-414f950d210f",
"value": "32747103d34b6e773f81e24091d8e80d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110260",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b4-1bc8-4cf7-829d-4867950d210f",
"value": "8ff090029aaf77c16d4a24fef6393264"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110260",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b4-51e0-4f60-8abd-4c21950d210f",
"value": "7ed9addc8ee29425551e673f4a8d7f2a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110260",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b4-7958-4e69-b9fb-4e1f950d210f",
"value": "85349063104b084ffb24d09d4c6e4bd7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110261",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b5-4f6c-435b-bebd-43d5950d210f",
"value": "ae6afaf92e7cf3689ca74b6350f0a9fa"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110261",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b5-5af4-4987-b16d-474e950d210f",
"value": "e673c6e1d6c546c5c4abb8124ffe505b"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110261",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b5-60d8-4c8a-8537-4fe7950d210f",
"value": "34d04aaa2c2b2455c9f988f2de5fab04"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110262",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b6-cc68-4c40-9bb0-4d91950d210f",
"value": "b8fb0f329654ec91cc6931667c4a3e39"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110262",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b6-6de8-4471-8258-4f2c950d210f",
"value": "d8fad23d13d5247484ce129cee85cc5e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110263",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b7-b8b0-4798-8fa8-4728950d210f",
"value": "a9caa2009bc2b4cd078f193d0c5a80b0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110263",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b7-9a40-4d83-b384-4238950d210f",
"value": "9afcf5029f67230514d366d212d375a5"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110263",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01b7-2c20-4bca-b050-4465950d210f",
"value": "0e2aa5771dc87ca50d04efe5826aaf5c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110290",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d2-7364-4dbb-85e2-4840950d210f",
"value": "6bb42841c16ab82e3acc63c7a6d87801"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110291",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d3-4cac-485a-b6dc-4ca7950d210f",
"value": "a8fc19b2c8efe81b09813292d31ec1eb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110291",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d3-ad20-47ac-a406-4641950d210f",
"value": "980b1125805ccc351f3abde4fce133e0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110291",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d3-15a4-48d0-a318-43d8950d210f",
"value": "016eb6d8dad949c95bc2929f80d174b3"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110292",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d4-5f30-4988-a81c-408c950d210f",
"value": "200c6f2b28dc75d8454dedd85b23bc56"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110292",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d4-f468-47b9-825b-4a6a950d210f",
"value": "5d44e3a13d8c976d30178688e8535ec5"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110293",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d5-3350-4572-81bb-4840950d210f",
"value": "cd27b0a11e6eb4006d7be41df850b9ee"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516110293",
"to_ids": true,
"type": "md5",
"uuid": "5a5e01d5-aa8c-43a8-985e-4944950d210f",
"value": "8adcc9e5e9137612418b6042f028640e"
}
]
}
}