513 lines
No EOL
16 KiB
JSON
513 lines
No EOL
16 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-10-16",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites by Citizen Labs",
|
|
"publish_timestamp": "1445418271",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1450794987",
|
|
"uuid": "56240d98-a524-4386-8e43-8371950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203375",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56240daf-5e40-4631-8a88-4416950d210b",
|
|
"value": "https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203458",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e02-0950-47e9-a84e-8371950d210b",
|
|
"value": "usafbi.websecexp.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203458",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e02-e808-4cb8-814b-8371950d210b",
|
|
"value": "usacia.websecexp.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203459",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e03-aeac-42f9-a84b-8371950d210b",
|
|
"value": "webhttps.websecexp.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203459",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e03-3c84-470b-842a-8371950d210b",
|
|
"value": "appeur.gnway.cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203544",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56240e58-8374-4e94-a379-985e950d210b",
|
|
"value": "884d46c01c762ad6ddd2759fd921bf71"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203545",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e59-ebcc-4a9a-a330-985e950d210b",
|
|
"value": "t2.mailsecurityservice.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203545",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240e59-a624-435b-b7ef-985e950d210b",
|
|
"value": "t1.mailsecurityservice.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203545",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56240e59-e278-45da-a1b4-985e950d210b",
|
|
"value": "118.193.212.98"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203546",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56240e5a-b864-4d11-b021-985e950d210b",
|
|
"value": "15c926d2602f65be0de65fa9c06aa6c6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203546",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "56240e5a-2900-4ca4-aa61-985e950d210b",
|
|
"value": "http://client.mailsecurityservice.com/viewclient/connect.php?n=zxishanchu1106.exe."
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445417831",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56240eb7-8e04-40b4-97c2-7dd1950d210b",
|
|
"value": "198.44.190.85"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203640",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56240eb8-0958-41fa-ab85-7dd1950d210b",
|
|
"value": "mailsecurityservice.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203640",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56240eb8-e438-4d89-8c76-7dd1950d210b",
|
|
"value": "iyouthen.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445418249",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56240eb9-ac80-46dd-a90e-7dd1950d210b",
|
|
"value": "103.20.222.244"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203641",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56240eb9-608c-4b5d-aa05-7dd1950d210b",
|
|
"value": "gmail.iyouthen.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203642",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56240eba-d774-4119-b2d1-7dd1950d210b",
|
|
"value": "59.44.49.88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445203642",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56240eba-cea4-4d24-8d86-7dd1950d210b",
|
|
"value": "53f81415ccedf453d6e3ebcdc142b966"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358836",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf4-7bbc-4601-9b87-771f950d210b",
|
|
"value": "56f0e67d981024ddcc215543698f44fb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358837",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56266cf5-5d00-47a7-b5c0-771f950d210b",
|
|
"value": "bfaebb3e8a6768a2a5785ffa8dbb16cab43ba560"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358837",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56266cf5-767c-4172-8a63-771f950d210b",
|
|
"value": "30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358838",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf6-fc08-4dfe-8cb6-771f950d210b",
|
|
"value": "c4c147bdfddffec2eea6bf99661e69ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358838",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf6-41c4-44b4-a591-771f950d210b",
|
|
"value": "7e0081fba718fcd71753d3199a290f03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358838",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf6-1c00-4670-907b-771f950d210b",
|
|
"value": "6701662097e274f3cd089ceec35471d2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358839",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf7-da80-4dc4-9132-771f950d210b",
|
|
"value": "699b3d90b050cae37f65c855ec7f616a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358839",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf7-e870-453d-8a9a-771f950d210b",
|
|
"value": "5710d567d98a8f4a6682859ce3a35336"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445358840",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56266cf8-5e70-4f2e-8240-771f950d210b",
|
|
"value": "49ceba3347d39870f15f2ab0391af234"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1445418264",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56275518-82a4-42d4-b18a-4498950d210b",
|
|
"value": "https://passivetotal.org/passive/103.20.222.244"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794987",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795feb-2f6c-419e-9ed4-45bd950d210f",
|
|
"value": "https://www.virustotal.com/file/30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf/analysis/1447248301/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794987",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56795feb-f20c-45cd-a22a-4db1950d210f",
|
|
"value": "44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794988",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56795fec-2cb0-4de1-a7c0-42d7950d210f",
|
|
"value": "355e7fd36a18253358e6175842c7309f79629570"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794988",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795fec-abfc-48ce-894e-4347950d210f",
|
|
"value": "https://www.virustotal.com/file/44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6/analysis/1447876975/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794988",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56795fec-0150-4dbc-ac02-422b950d210f",
|
|
"value": "d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794988",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56795fec-7e3c-478a-a737-45fb950d210f",
|
|
"value": "4d994872ad4032282d140ac0a19844de6f252141"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794989",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795fed-cb88-486d-b125-4cc8950d210f",
|
|
"value": "https://www.virustotal.com/file/d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f/analysis/1438899341/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794989",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56795fed-25fc-46f2-80d4-4fe3950d210f",
|
|
"value": "365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794989",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56795fed-c0e0-4847-a03d-4fde950d210f",
|
|
"value": "926b3576e75b49169e4fec6cbd070f02c8f33ed0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794990",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795fee-8410-463e-ae7e-4d19950d210f",
|
|
"value": "https://www.virustotal.com/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/analysis/1445244286/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794990",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56795fee-83a4-4b57-b858-4018950d210f",
|
|
"value": "2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794990",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56795fee-d458-46aa-ac57-4785950d210f",
|
|
"value": "3425cdc99e28661d6c510a5167488ce0a6952b6a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794990",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795fee-5084-4386-999a-4445950d210f",
|
|
"value": "https://www.virustotal.com/file/2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79/analysis/1442294210/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794991",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56795fef-dd6c-4d72-9a96-48fe950d210f",
|
|
"value": "3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794991",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56795fef-89cc-4dbc-86ff-435d950d210f",
|
|
"value": "d201b130232e0ea411daa23c1ba2892fe6468712"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1450794991",
|
|
"to_ids": true,
|
|
"type": "link",
|
|
"uuid": "56795fef-a068-4e7c-82ad-47fb950d210f",
|
|
"value": "https://www.virustotal.com/file/3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe/analysis/1450088702/"
|
|
}
|
|
]
|
|
}
|
|
} |