1499 lines
No EOL
48 KiB
JSON
1499 lines
No EOL
48 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2019-10-07",
|
|
"extends_uuid": "",
|
|
"info": "Operation Ghost - White Paper",
|
|
"publish_timestamp": "1622612225",
|
|
"published": true,
|
|
"threat_level_id": "1",
|
|
"timestamp": "1622553001",
|
|
"uuid": "5d9b516c-e5f0-4e7c-a958-5d8c0a019371",
|
|
"Orgc": {
|
|
"name": "ESET",
|
|
"uuid": "55f6ea5e-51ac-4344-bc8c-4170950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#12e100",
|
|
"name": "misp-galaxy:threat-actor=\"APT 29\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Execution through Module Load - T1129\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460074",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51aa-15c8-4405-af09-68700a019371",
|
|
"value": "4ba559c403ff3f5cc2571ae0961eaff6cf0a50f6"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460074",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51aa-ace8-4da0-8312-68700a019371",
|
|
"value": "cf14ac569a63df214128f375c12d90e535770395"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460074",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51aa-9458-4ae0-9484-68700a019371",
|
|
"value": "539d021cd17d901539a5e1132ecaab7164ed5db5"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460074",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51aa-6afc-451f-bab9-68700a019371",
|
|
"value": "0e25ee58b119dd48b7c9931879294ac3fc433f50"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460074",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51aa-12dc-4dcc-9417-68700a019371",
|
|
"value": "d625c7ce9dc7e56a29ec9a81650280edc6189616"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-0580-40ee-9b20-5d8c0a019371",
|
|
"value": "0a5a7dd4ad0f2e50f3577f8d43a4c55ddc1d80cf"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-51b0-4b23-ae70-5d8c0a019371",
|
|
"value": "f7fd63c0534d2f717fd5325d4397597c9ee4065f"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-73f8-40d1-bb26-5d8c0a019371",
|
|
"value": "194d8e2ae4c723ce5fe11c4d9cfefbba32dcf766"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-09fc-40b5-8a60-5d8c0a019371",
|
|
"value": "64d6c11fff2c2aadaacee01b294afcc751316176"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371",
|
|
"value": "6acc0b1230303f8cf46152697d3036d69ea5a849"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460097",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51c1-e304-4f81-907a-5d8c0a019371",
|
|
"value": "170be45669026f3c1fc5ba2d48817dbf950da3f6"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "RegDuke backdoor",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460111",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51cf-0878-4c96-be15-5c5f0a019371",
|
|
"value": "5905c55189c683bc37258aec28e916c41948cd1c"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "MiniDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460132",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51e4-1e94-460f-be39-5d8c0a019371",
|
|
"value": "b05caba461000c6ebd8b237f318577e9bccd6047"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "MiniDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460132",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51e4-4a34-44ca-9a39-5d8c0a019371",
|
|
"value": "718c2ce6170d6ca505297b41de072d8d3b873456"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460150",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51f6-2f00-44e4-b4dc-68530a019371",
|
|
"value": "a88da2dd033775f7abc8d6fb3ad5dd48efbeade1"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460150",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b51f6-ce40-4e22-96e3-68530a019371",
|
|
"value": "db19171b239ef6de8e83b2926eadc652e74a5afa"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "FatDuke Loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460165",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b5205-1218-43d1-9cad-5c610a019371",
|
|
"value": "9e96b00e9f7eb94a944269108b9e02d97142eedc"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460178",
|
|
"to_ids": false,
|
|
"type": "sha1",
|
|
"uuid": "5d9b5212-dd04-4116-8f9a-68700a019371",
|
|
"value": "af2b46d4371ce632e2669fea1959ee8af4ec39ce"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-47f4-4e45-ae18-68700a019371",
|
|
"value": "Win32/Agent.ZWH"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-13e0-488a-b58d-68700a019371",
|
|
"value": "Win32/Agent.AAPY"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-50dc-48fd-987d-68700a019371",
|
|
"value": "Win64/Agent.OL"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-2f2c-4a50-b04d-68700a019371",
|
|
"value": "MSIL/Tiny.BG"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-4388-4d08-8fff-68700a019371",
|
|
"value": "MSIL/Agent.TGC"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-dbec-4dda-a107-68700a019371",
|
|
"value": "MSIL/Agent.SVP"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-5dfc-4b5e-8514-68700a019371",
|
|
"value": "MSIL/Agent.SXO"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-b3f8-4c0c-af39-68700a019371",
|
|
"value": "MSIL/Agent.SYC"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-9fb4-4c4f-adfe-68700a019371",
|
|
"value": "MSIL/Agent.CAW"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-2ce8-4cbc-a8aa-68700a019371",
|
|
"value": "Win32/Agent.TSG"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-8d30-48e8-ab45-68700a019371",
|
|
"value": "Win32/Agent.TUF"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-eddc-4911-b1b5-68700a019371",
|
|
"value": "Win32/Agent.TSH"
|
|
},
|
|
{
|
|
"category": "Antivirus detection",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460262",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d9b5266-ccf4-4375-92c4-68700a019371",
|
|
"value": "Win32/Agent.AART"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-4ba0-4020-9d93-244b0a019371",
|
|
"value": "http://ibb.co/hVhaAq"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-6ec4-4c3f-8491-244b0a019371",
|
|
"value": "http://imgur.com/1RzfF7r"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-02dc-4d44-baee-244b0a019371",
|
|
"value": "http://imgur.com/6wjspWp"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-08c4-4135-b041-244b0a019371",
|
|
"value": "http://imgur.com/d4ObKL0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-e778-4c75-a841-244b0a019371",
|
|
"value": "http://imgur.com/D6U06Ci"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-d990-4a08-b579-244b0a019371",
|
|
"value": "http://imgur.com/GZSK9zI"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-c0dc-4d7c-9d79-244b0a019371",
|
|
"value": "http://imgur.com/wcMk7a2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-19f8-4153-9e84-244b0a019371",
|
|
"value": "http://imgur.com/WMTwSMJ"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-4754-4a4a-bc66-244b0a019371",
|
|
"value": "http://imgur.com/WOKHonk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-e4a8-42be-9860-244b0a019371",
|
|
"value": "http://imgur.com/XFa7Ee1"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-34c8-45be-b9c6-244b0a019371",
|
|
"value": "http://jack998899jack.imgbb.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-1c78-424a-8957-244b0a019371",
|
|
"value": "http://simp.ly/publish/pBn8Jt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-684c-45e0-bf7d-244b0a019371",
|
|
"value": "http://thinkery.me/billywilliams/5a0170161cb602262f000d2c"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-4b70-4e3c-97d7-244b0a019371",
|
|
"value": "http://twitter.com/aimeefleming25"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-af58-4b15-bc0c-244b0a019371",
|
|
"value": "http://twitter.com/hen_rivero"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-7e08-40df-bc6d-244b0a019371",
|
|
"value": "http://twitter.com/JamesScott1990"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-f4d4-499e-9ad1-244b0a019371",
|
|
"value": "http://twitter.com/KarimM_traveler"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-23a8-4073-a28b-244b0a019371",
|
|
"value": "http://twitter.com/lerg5pvo1i"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-ee28-414f-b997-244b0a019371",
|
|
"value": "http://twitter.com/m63vhd7ach3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-2a28-4405-8359-244b0a019371",
|
|
"value": "http://twitter.com/MarlinTarin"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-8e90-4f56-a4f2-244b0a019371",
|
|
"value": "http://twitter.com/np8j7ovqdl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-57c0-4f8b-b4fd-244b0a019371",
|
|
"value": "http://twitter.com/q5euqysfu5"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-ebd8-4e88-8f89-244b0a019371",
|
|
"value": "http://twitter.com/qistp743li"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-1fd8-449a-bcca-244b0a019371",
|
|
"value": "http://twitter.com/t8t842io2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-f204-4212-9bf0-244b0a019371",
|
|
"value": "http://twitter.com/ua6ivyxkfv"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-f86c-4c2c-8488-244b0a019371",
|
|
"value": "http://twitter.com/utyi5asko02"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-3374-45d5-9e50-244b0a019371",
|
|
"value": "http://twitter.com/vgmmmyqaq"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-43e8-42db-9dff-244b0a019371",
|
|
"value": "http://twitter.com/vvwc63tgz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-8d00-4008-a567-244b0a019371",
|
|
"value": "http://twitter.com/wekcddkg2ra"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-92e8-4fb5-a248-244b0a019371",
|
|
"value": "http://twitter.com/xzg3a2e2z"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571218510",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-d0ac-4e23-8073-244b0a019371",
|
|
"value": "http://www.evernote.com/shard/s675/sh/6686ff4e-8896-499b-8cdb-a2bbf2cc4db9/fc7fbe66c820f17c30147235e95d31b8"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-dd60-40ae-8193-244b0a019371",
|
|
"value": "http://www.fotolog.com/g1h4wuiz6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-5b00-4262-a7b8-244b0a019371",
|
|
"value": "http://www.fotolog.com/gf3z425rr0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-7810-479d-83f3-244b0a019371",
|
|
"value": "http://www.fotolog.com/i4ntff47xfw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-1d58-475f-b0a1-244b0a019371",
|
|
"value": "http://www.fotolog.com/joannevil/121000000000030009/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-e1e0-4b90-ac29-244b0a019371",
|
|
"value": "http://www.fotolog.com/o2rh2s2x7pu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-fa88-455d-81df-244b0a019371",
|
|
"value": "http://www.fotolog.com/q4tusizx9xb"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-f454-4a69-800d-244b0a019371",
|
|
"value": "http://www.fotolog.com/rypnil03sl6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-8a20-4d7c-9c2b-244b0a019371",
|
|
"value": "http://www.fotolog.com/shx8hypubt"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-cc94-4a3f-8188-244b0a019371",
|
|
"value": "http://www.fotolog.com/u99aliw5g"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-6850-4edc-a27a-244b0a019371",
|
|
"value": "http://www.fotolog.com/uq44y4j19m8"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-9718-4951-a03f-244b0a019371",
|
|
"value": "http://www.fotolog.com/vq21p34"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-b344-4e20-83df-244b0a019371",
|
|
"value": "http://www.fotolog.com/vz1g3wmwu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-bcb0-4d3c-8399-244b0a019371",
|
|
"value": "http://www.fotolog.com/zu2of5vyfl6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-af10-419a-a616-244b0a019371",
|
|
"value": "http://www.google.com/?gws_rd=ssl#q=Heiofjskghwe+Hjwefkbqw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-32e4-4037-907f-244b0a019371",
|
|
"value": "http://www.kiwibox.com/AfricanRugby/info/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-2990-4c1a-af9d-244b0a019371",
|
|
"value": "http://www.kiwibox.com/GaryPhotographe/info/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-ce34-4474-8848-244b0a019371",
|
|
"value": "http://www.reddit.com/user/BeaumontV/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Public webpage used by PolyglotDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460288",
|
|
"to_ids": false,
|
|
"type": "url",
|
|
"uuid": "5d9b5280-8ef8-4149-8f81-244b0a019371",
|
|
"value": "http://www.reddit.com/user/StevensThomasWis/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-d71c-4634-b0cd-5d8c0a019371",
|
|
"value": "acciaio.com.br"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-9690-4856-93cc-5d8c0a019371",
|
|
"value": "ceycarb.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-aed4-4bd9-a01f-5d8c0a019371",
|
|
"value": "coachandcook.at"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-ecbc-47bd-9803-5d8c0a019371",
|
|
"value": "fisioterapiabb.it"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-ffac-4393-a3bd-5d8c0a019371",
|
|
"value": "lorriratzlaff.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-78ac-44c7-939a-5d8c0a019371",
|
|
"value": "mavin21c.dothome.co.kr"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-279c-4661-a5cf-5d8c0a019371",
|
|
"value": "motherlodebulldogclub.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-8b04-4f83-9e97-5d8c0a019371",
|
|
"value": "powerpolymerindustry.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-08fc-46c2-bb47-5d8c0a019371",
|
|
"value": "publiccouncil.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-a39c-4b8e-b592-5d8c0a019371",
|
|
"value": "rulourialuminiu.co.uk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-4584-4b2c-bf57-5d8c0a019371",
|
|
"value": "sistemikan.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PolyglotDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460313",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b5299-8a10-48d9-abd0-5d8c0a019371",
|
|
"value": "varuhusmc.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "MiniDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460339",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52b3-692c-42fd-8777-68ba0a019371",
|
|
"value": "ecolesndmessines.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "MiniDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460339",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52b3-a030-462c-841c-68ba0a019371",
|
|
"value": "salesappliances.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460356",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52c4-6a88-4f09-8ce9-646f0a019371",
|
|
"value": "busseylawoffice.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460356",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52c4-44c0-421c-bbf8-646f0a019371",
|
|
"value": "fairfieldsch.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460356",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52c4-d48c-473f-a0f5-646f0a019371",
|
|
"value": "ministernetwork.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460356",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52c4-ac58-483f-9134-646f0a019371",
|
|
"value": "skagenyoga.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460356",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52c4-a184-4467-b8a8-646f0a019371",
|
|
"value": "westmedicalgroup.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1570460370",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5d9b52d2-12f4-4be6-9e91-5c5f0a019371",
|
|
"value": "bandabonga.fr"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Research White Paper",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571855044",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5da6e0e8-c12c-42c3-a3c3-7b6a0a019371",
|
|
"value": "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1622553001",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4",
|
|
"value": "https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571322096",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da878f0-1300-4ce9-9e0a-2132ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571322096",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da878f0-6e74-4476-8910-2132ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13(KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571322096",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da878f0-69d0-4357-b2b1-2132ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571322096",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da878f0-6bd0-4eb2-9b79-2132ac1d4fa4",
|
|
"value": "Opera/9.80 (Windows NT 5.1; U; en-US) Presto/2.7.62 Version/11.01"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "LiteDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571322096",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da878f0-6990-4395-b64b-2132ac1d4fa4",
|
|
"value": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571319903",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da8705f-99a8-47bd-a02d-2180ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows; Windows NT 6.1) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571319903",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da8705f-7d18-4de8-b4e2-2180ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.35 Safari/537.36 OPR/24.0.1558.21"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1598525977",
|
|
"to_ids": false,
|
|
"type": "user-agent",
|
|
"uuid": "5da8705f-fc2c-405f-80a4-2180ac1d4fa4",
|
|
"value": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "FatDuke",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571319903",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da8705f-daa8-4319-9aea-2180ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571319814",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da86f11-6b00-48fc-9e42-2d68ac1d4fa4",
|
|
"value": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571319286",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "5da86085-6120-4903-b787-5986ac1d4fa4",
|
|
"value": "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-be44-4698-9b1c-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MSBuild\\4.0|MSBuildOverride-TasksPath"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-1678-4340-85c8-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MSBuild\\4.0|DefaultLibs"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-2efc-4817-9207-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\hw64-s1-1|RootPath"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-5818-4164-bc18-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\hw64-s1-1|APIModule"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-ffa8-451d-84a2-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\hw64-s1-1|Stack"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-a774-43ec-8f0e-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\0102|PathCPA"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-d6bc-4d24-9bfa-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\0102|CPAModule"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-ca38-4e38-894a-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MSBuild\\4.0|BinaryCache"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1571317309",
|
|
"to_ids": true,
|
|
"type": "regkey|value",
|
|
"uuid": "5da8663d-4f90-4517-a01f-571cac1d4fa4",
|
|
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\MediaSDK\\Dispatch\\0102|Init"
|
|
}
|
|
]
|
|
}
|
|
} |