misp-circl-feed/feeds/circl/misp/56240d98-a524-4386-8e43-8371950d210b.json

513 lines
No EOL
16 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2015-10-16",
"extends_uuid": "",
"info": "OSINT Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites by Citizen Labs",
"publish_timestamp": "1445418271",
"published": true,
"threat_level_id": "2",
"timestamp": "1450794987",
"uuid": "56240d98-a524-4386-8e43-8371950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#004646",
"name": "type:OSINT"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203375",
"to_ids": false,
"type": "link",
"uuid": "56240daf-5e40-4631-8a88-4416950d210b",
"value": "https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203458",
"to_ids": true,
"type": "hostname",
"uuid": "56240e02-0950-47e9-a84e-8371950d210b",
"value": "usafbi.websecexp.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203458",
"to_ids": true,
"type": "hostname",
"uuid": "56240e02-e808-4cb8-814b-8371950d210b",
"value": "usacia.websecexp.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203459",
"to_ids": true,
"type": "hostname",
"uuid": "56240e03-aeac-42f9-a84b-8371950d210b",
"value": "webhttps.websecexp.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203459",
"to_ids": true,
"type": "hostname",
"uuid": "56240e03-3c84-470b-842a-8371950d210b",
"value": "appeur.gnway.cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203544",
"to_ids": true,
"type": "md5",
"uuid": "56240e58-8374-4e94-a379-985e950d210b",
"value": "884d46c01c762ad6ddd2759fd921bf71"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203545",
"to_ids": true,
"type": "hostname",
"uuid": "56240e59-ebcc-4a9a-a330-985e950d210b",
"value": "t2.mailsecurityservice.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203545",
"to_ids": true,
"type": "hostname",
"uuid": "56240e59-a624-435b-b7ef-985e950d210b",
"value": "t1.mailsecurityservice.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203545",
"to_ids": true,
"type": "ip-dst",
"uuid": "56240e59-e278-45da-a1b4-985e950d210b",
"value": "118.193.212.98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203546",
"to_ids": true,
"type": "md5",
"uuid": "56240e5a-b864-4d11-b021-985e950d210b",
"value": "15c926d2602f65be0de65fa9c06aa6c6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203546",
"to_ids": true,
"type": "url",
"uuid": "56240e5a-2900-4ca4-aa61-985e950d210b",
"value": "http://client.mailsecurityservice.com/viewclient/connect.php?n=zxishanchu1106.exe."
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445417831",
"to_ids": true,
"type": "ip-dst",
"uuid": "56240eb7-8e04-40b4-97c2-7dd1950d210b",
"value": "198.44.190.85"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203640",
"to_ids": true,
"type": "domain",
"uuid": "56240eb8-0958-41fa-ab85-7dd1950d210b",
"value": "mailsecurityservice.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203640",
"to_ids": true,
"type": "domain",
"uuid": "56240eb8-e438-4d89-8c76-7dd1950d210b",
"value": "iyouthen.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445418249",
"to_ids": true,
"type": "ip-dst",
"uuid": "56240eb9-ac80-46dd-a90e-7dd1950d210b",
"value": "103.20.222.244"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203641",
"to_ids": true,
"type": "hostname",
"uuid": "56240eb9-608c-4b5d-aa05-7dd1950d210b",
"value": "gmail.iyouthen.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203642",
"to_ids": true,
"type": "ip-dst",
"uuid": "56240eba-d774-4119-b2d1-7dd1950d210b",
"value": "59.44.49.88"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445203642",
"to_ids": true,
"type": "md5",
"uuid": "56240eba-cea4-4d24-8d86-7dd1950d210b",
"value": "53f81415ccedf453d6e3ebcdc142b966"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358836",
"to_ids": true,
"type": "md5",
"uuid": "56266cf4-7bbc-4601-9b87-771f950d210b",
"value": "56f0e67d981024ddcc215543698f44fb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358837",
"to_ids": true,
"type": "sha1",
"uuid": "56266cf5-5d00-47a7-b5c0-771f950d210b",
"value": "bfaebb3e8a6768a2a5785ffa8dbb16cab43ba560"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358837",
"to_ids": true,
"type": "sha256",
"uuid": "56266cf5-767c-4172-8a63-771f950d210b",
"value": "30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358838",
"to_ids": true,
"type": "md5",
"uuid": "56266cf6-fc08-4dfe-8cb6-771f950d210b",
"value": "c4c147bdfddffec2eea6bf99661e69ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358838",
"to_ids": true,
"type": "md5",
"uuid": "56266cf6-41c4-44b4-a591-771f950d210b",
"value": "7e0081fba718fcd71753d3199a290f03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358838",
"to_ids": true,
"type": "md5",
"uuid": "56266cf6-1c00-4670-907b-771f950d210b",
"value": "6701662097e274f3cd089ceec35471d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358839",
"to_ids": true,
"type": "md5",
"uuid": "56266cf7-da80-4dc4-9132-771f950d210b",
"value": "699b3d90b050cae37f65c855ec7f616a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358839",
"to_ids": true,
"type": "md5",
"uuid": "56266cf7-e870-453d-8a9a-771f950d210b",
"value": "5710d567d98a8f4a6682859ce3a35336"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445358840",
"to_ids": true,
"type": "md5",
"uuid": "56266cf8-5e70-4f2e-8240-771f950d210b",
"value": "49ceba3347d39870f15f2ab0391af234"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1445418264",
"to_ids": false,
"type": "link",
"uuid": "56275518-82a4-42d4-b18a-4498950d210b",
"value": "https://passivetotal.org/passive/103.20.222.244"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794987",
"to_ids": true,
"type": "link",
"uuid": "56795feb-2f6c-419e-9ed4-45bd950d210f",
"value": "https://www.virustotal.com/file/30995fe31f48d253ed864ce8f155222c251e7b5c7841597d1478324794de11cf/analysis/1447248301/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794987",
"to_ids": true,
"type": "sha256",
"uuid": "56795feb-f20c-45cd-a22a-4db1950d210f",
"value": "44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 5710d567d98a8f4a6682859ce3a35336",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794988",
"to_ids": true,
"type": "sha1",
"uuid": "56795fec-2cb0-4de1-a7c0-42d7950d210f",
"value": "355e7fd36a18253358e6175842c7309f79629570"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794988",
"to_ids": true,
"type": "link",
"uuid": "56795fec-abfc-48ce-894e-4347950d210f",
"value": "https://www.virustotal.com/file/44f0ea8043a9498604a237dddd673d618d4a61eed9d3e42b6fbaa648f55aa5e6/analysis/1447876975/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794988",
"to_ids": true,
"type": "sha256",
"uuid": "56795fec-0150-4dbc-ac02-422b950d210f",
"value": "d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7e0081fba718fcd71753d3199a290f03",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794988",
"to_ids": true,
"type": "sha1",
"uuid": "56795fec-7e3c-478a-a737-45fb950d210f",
"value": "4d994872ad4032282d140ac0a19844de6f252141"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794989",
"to_ids": true,
"type": "link",
"uuid": "56795fed-cb88-486d-b125-4cc8950d210f",
"value": "https://www.virustotal.com/file/d71138f169907f6c87a36f2dfe2d0696e74e59b39c717c6d58ca43942caf049f/analysis/1438899341/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794989",
"to_ids": true,
"type": "sha256",
"uuid": "56795fed-25fc-46f2-80d4-4fe3950d210f",
"value": "365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: c4c147bdfddffec2eea6bf99661e69ee",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794989",
"to_ids": true,
"type": "sha1",
"uuid": "56795fed-c0e0-4847-a03d-4fde950d210f",
"value": "926b3576e75b49169e4fec6cbd070f02c8f33ed0"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794990",
"to_ids": true,
"type": "link",
"uuid": "56795fee-8410-463e-ae7e-4d19950d210f",
"value": "https://www.virustotal.com/file/365eeb1d5d8282188e5bbfadfda184e612eef61c2398b7c18cad4c31ce7225d1/analysis/1445244286/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794990",
"to_ids": true,
"type": "sha256",
"uuid": "56795fee-83a4-4b57-b858-4018950d210f",
"value": "2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 15c926d2602f65be0de65fa9c06aa6c6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794990",
"to_ids": true,
"type": "sha1",
"uuid": "56795fee-d458-46aa-ac57-4785950d210f",
"value": "3425cdc99e28661d6c510a5167488ce0a6952b6a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794990",
"to_ids": true,
"type": "link",
"uuid": "56795fee-5084-4386-999a-4445950d210f",
"value": "https://www.virustotal.com/file/2cc4090638a28cde73e18e973e1f2b2ec24d3fa4ea1326dc0d715d5fef8b4a79/analysis/1442294210/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794991",
"to_ids": true,
"type": "sha256",
"uuid": "56795fef-dd6c-4d72-9a96-48fe950d210f",
"value": "3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 884d46c01c762ad6ddd2759fd921bf71",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794991",
"to_ids": true,
"type": "sha1",
"uuid": "56795fef-89cc-4dbc-86ff-435d950d210f",
"value": "d201b130232e0ea411daa23c1ba2892fe6468712"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1450794991",
"to_ids": true,
"type": "link",
"uuid": "56795fef-a068-4e7c-82ad-47fb950d210f",
"value": "https://www.virustotal.com/file/3124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe/analysis/1450088702/"
}
]
}
}