381 lines
No EOL
14 KiB
JSON
381 lines
No EOL
14 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-08-04",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - NANHAISHU RATing the South China Sea",
|
|
"publish_timestamp": "1470319345",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1470319332",
|
|
"uuid": "57a33020-bc70-4f69-96f9-118b950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "First seen 2015-01-13",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319166",
|
|
"to_ids": true,
|
|
"type": "filename|sha1",
|
|
"uuid": "57a34524-d4ac-4726-93e7-22a8950d210f",
|
|
"value": "DOJ Staff bonus January 13, 2015.xls|a17769e8a2ac48f83076e3e1b6b24d71e6431d43"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319204",
|
|
"to_ids": true,
|
|
"type": "filename|sha1",
|
|
"uuid": "57a34582-8218-4ef3-92aa-22a4950d210f",
|
|
"value": "The draft Foley Hoag reform of the distribution of shares and the remuneration system.xls|c66165a2fda061a2dc6415b99668c0b802bb26a0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319228",
|
|
"to_ids": true,
|
|
"type": "filename|sha1",
|
|
"uuid": "57a34582-65fc-45a6-abff-22a4950d210f",
|
|
"value": "Salary and Bonus Data.xls|da799a043e077fd7bde1eaa1a1fa32fd32bcfb25"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319245",
|
|
"to_ids": true,
|
|
"type": "filename|sha1",
|
|
"uuid": "57a34583-b91c-42ae-973e-22a4950d210f",
|
|
"value": "AELM Entertainment budget and Attendance allowance.xls|da3a8d1ea5b245f612da17ec7b252c45fd75adae"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318110",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a3461e-63e4-43aa-ba6d-22a4950d210f",
|
|
"value": "mines.port0.org|54.87.87.13"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318111",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a3461f-38f0-4b14-a80b-22a4950d210f",
|
|
"value": "mines.port0.org|103.238.224.218"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "c66165a2fda061a2dc6415b99668c0b802bb26a0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318147",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a34643-5a6c-40e0-98e3-22a9950d210f",
|
|
"value": "eholidays.mooo.com|54.87.87.13"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "c66165a2fda061a2dc6415b99668c0b802bb26a0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318147",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a34643-c924-4e5a-903e-22a9950d210f",
|
|
"value": "eholidays.mooo.com|103.238.224.218"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318398",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a3473e-0b34-46a7-a522-1cb7950d210f",
|
|
"value": "humans.mooo.info|54.242.66.219"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470318398",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a3473e-37b4-40a5-9930-1cb7950d210f",
|
|
"value": "humans.mooo.info|103.238.224.218"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "da3a8d1ea5b245f612da17ec7b252c45fd75adae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319000",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a34998-ba54-4cff-bf49-22ae950d210f",
|
|
"value": "presentation.twilightparadox.com|64.62.189.196"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "da3a8d1ea5b245f612da17ec7b252c45fd75adae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319000",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a34998-0918-41f5-8b46-22ae950d210f",
|
|
"value": "presentation.twilightparadox.com|103.238.224.218"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319068",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a349dc-fad4-4d78-8806-22ae950d210f",
|
|
"value": "mintty.ignorelist.com|64.62.189.221"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319068",
|
|
"to_ids": true,
|
|
"type": "domain|ip",
|
|
"uuid": "57a349dc-d358-419b-a9d8-22ae950d210f",
|
|
"value": "mintty.ignorelist.com|103.238.224.218"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319100",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "57a349fc-40f8-4218-970f-22b3950d210f",
|
|
"value": "%appdata%\\Microsoft\\Network\\network.js"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319100",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "57a349fc-de7c-4f8a-9c75-22b3950d210f",
|
|
"value": "%appdata%\\Microsoft\\Protect\\CRED"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319128",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "57a34a18-8724-4dd0-8e04-22b3950d210f",
|
|
"value": "%regrun%\\network"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319128",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "57a34a18-7d8c-45de-a405-22b3950d210f",
|
|
"value": "%regrun%\\protect"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "External reference",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319265",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34aa1-1038-4900-952d-22b0950d210f",
|
|
"value": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319304",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34ac8-2f7c-40f0-87ed-118b950d210f",
|
|
"value": "https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319332",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57a34ae4-6ec4-4df6-8404-22b402de0b81",
|
|
"value": "b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319332",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57a34ae4-5750-4fc5-aa9f-22b402de0b81",
|
|
"value": "97da0784fddfef932d7d31884f088b40"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-10-02 - Xchecked via VT: da3a8d1ea5b245f612da17ec7b252c45fd75adae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319332",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34ae4-12b8-4f62-ab4d-22b402de0b81",
|
|
"value": "https://www.virustotal.com/file/b0de26080a84ba0b15ea3f471fe6be5392efe770c53dbe5c0a8ed439b05731c6/analysis/1445948371/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57a34ae5-61ac-40c3-bbbf-22b402de0b81",
|
|
"value": "fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57a34ae5-ae24-4413-8de2-22b402de0b81",
|
|
"value": "e1f88bc02e9bd15cecc7ae97a009e0d2"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-05-27 - Xchecked via VT: da799a043e077fd7bde1eaa1a1fa32fd32bcfb25",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34ae5-de80-4f90-99b7-22b402de0b81",
|
|
"value": "https://www.virustotal.com/file/fd5706a5e45d2e0805221c3336c75167980916f39826eb6312aea7ea807d4ec0/analysis/1455828112/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57a34ae5-2d0c-4bce-aeb9-22b402de0b81",
|
|
"value": "e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57a34ae5-4d90-4304-8b72-22b402de0b81",
|
|
"value": "d1de5bf033ee31da7babc6fa270f55bb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "https://blogs.mcafee.com/mcafee-labs/stealthycyberespionagecampaign-attackswith-socialengineering/ - 2015-04-07 - Xchecked via VT: c66165a2fda061a2dc6415b99668c0b802bb26a0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319333",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34ae5-7574-446f-bed9-22b402de0b81",
|
|
"value": "https://www.virustotal.com/file/e2c115679bcad87692506d6d9e7a985c59f59e36fd658b8927386474cbcc38ca/analysis/1456251302/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319334",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57a34ae6-85e8-4129-851b-22b402de0b81",
|
|
"value": "9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319334",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57a34ae6-d5d4-4764-886b-22b402de0b81",
|
|
"value": "c0326d13c9619ebf6ee302cebda6cbfe"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "First seen 2015-01-13 - Xchecked via VT: a17769e8a2ac48f83076e3e1b6b24d71e6431d43",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1470319334",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57a34ae6-b7a0-49dd-a6fe-22b402de0b81",
|
|
"value": "https://www.virustotal.com/file/9696478b1484a0182644050d9adece9404f51eac193c4629a2bea9669a2fe5ef/analysis/1470315364/"
|
|
}
|
|
]
|
|
}
|
|
} |