misp-circl-feed/feeds/circl/misp/5a2804a1-9eb4-4d70-82f4-4032950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1512578550", "Object": [{"comment": "Phishing sent to Jawar Mohammed (Executive Director of the Oromia Media Network)", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281339-37b0-4576-98d7-4262950d210f", "sharing_group_id": "0", "timestamp": "1512575801", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281339-1d54-418e-98d0-4262950d210f", "timestamp": "1512575801", "to_ids": true, "value": "sbo.radio88@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281339-9de0-4039-b254-4262950d210f", "timestamp": "1512575801", "to_ids": false, "value": "Fw: Confidential video made public", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281339-86dc-4eff-8b53-4262950d210f", "timestamp": "1512575801", "to_ids": false, "value": "sbo radio", "disable_correlation": false, "object_relation": "from-display-name", "type": "email-src-display-name"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "Phishing sent to Jawar Mohammed (Executive Director of the Oromia Media Network)", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a28139e-373c-4efa-b88b-4894950d210f", "sharing_group_id": "0", "timestamp": "1512575902", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a28139f-6868-47a2-b2e6-4990950d210f", "timestamp": "1512575903", "to_ids": true, "value": "sbo.radio88@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a28139f-aa54-431d-87e0-4e1e950d210f", "timestamp": "1512575903", "to_ids": false, "value": "Video hints Eritrea and Ethiopia war is highly likely to continue", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}, {"comment": "", "category": "Payload delivery", "uuid": "5a28139f-c5d0-4f07-89db-462e950d210f", "timestamp": "1512575903", "to_ids": false, "value": "sbo radio", "disable_correlation": false, "object_relation": "from-display-name", "type": "email-src-display-name"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "Real Flash Player update bundled with spyware", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "uuid": "5a28150d-ea50-4358-b92b-4570950d210f", "sharing_group_id": "0", "timestamp": "1512576320", "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "template_version": "4", "ObjectReference": [{"comment": "Malicious URL in the content of the mail", "object_uuid": "5a28150d-ea50-4358-b92b-4570950d210f", "uuid": "5a28153d-ae54-4d67-b3a2-ab72950d210f", "timestamp": "1512576317", "referenced_uuid": "5a281339-37b0-4576-98d7-4262950d210f", "relationship_type": "included-in"}], "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a28150e-7be4-4c7a-ac56-410a950d210f", "timestamp": "1512576270", "to_ids": true, "value": "http://getadobeplayer.com/flashplayer/download/index7371.html", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a28150e-8370-4798-abf4-4fdc950d210f", "timestamp": "1512576270", "to_ids": true, "value": "getadobeplayer.com", "disable_correlation": false, "object_relation": "domain", "type": "domain"}, {"comment": "", "category": "Other", "uuid": "5a28150e-11f8-484c-a2e8-4f6f950d210f", "timestamp": "1512576270", "to_ids": false, "value": "http", "disable_correlation": true, "object_relation": "scheme", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a28150e-a210-4624-bb50-482d950d210f", "timestamp": "1512576270", "to_ids": false, "value": "/download/index7371.html", "disable_correlation": false, "object_relation": "resource_path", "type": "text"}], "distribution": "5", "meta-category": "network", "name": "url"}, {"comment": "Link to a video trying to trick the user to install a malicious flash player", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "uuid": "5a2815be-5734-430d-b413-4b67950d210f", "sharing_group_id": "0", "timestamp": "1512576497", "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "template_version": "4", "ObjectReference": [{"comment": "Link in the body of the email", "object_uuid": "5a2815be-5734-430d-b413-4b67950d210f", "uuid": "5a2815ee-8cd4-43ea-9992-4248950d210f", "timestamp": "1512576494", "referenced_uuid": "5a28139e-373c-4efa-b88b-4894950d210f", "relationship_type": "included-in"}], "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a2815be-5050-4b2a-b0d7-49f7950d210f", "timestamp": "1512576446", "to_ids": true, "value": "http://www.eastafro.net/eritrea-ethiopia-border-clash-video.html", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a2815be-4c48-4cd0-a2aa-4898950d210f", "timestamp": "1512576446", "to_ids": true, "value": "www.eastafro.net", "disable_correlation": false, "object_relation": "host", "type": "hostname"}, {"comment": "", "category": "Other", "uuid": "5a2815be-f96c-4f9a-a267-479c950d210f", "timestamp": "1512576446", "to_ids": false, "value": "http", "disable_correlation": true, "object_relation": "scheme", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a2815be-c720-4b4c-b785-4d10950d210f", "timestamp": "1512576446", "to_ids": false, "value": "/eritrea-ethiopia-border-clash-video.html", "disable_correlation": false, "object_relation": "resource_path", "type": "text"}], "distribution": "5", "meta-category": "network", "name": "url"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281a62-ccbc-4442-ab6f-4fb2950d210f", "sharing_group_id": "0", "timestamp": "1512577634", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281a62-aa20-4b82-a2a5-45c4950d210f", "timestamp": "1512577634", "to_ids": true, "value": "eliassamare@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281a62-21e0-4677-a7e6-4f7a950d210f", "timestamp": "1512577634", "to_ids": false, "value": "Ethiopia Struggling with inside Challenges!", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281a9b-2088-4927-bebb-a867950d210f", "sharing_group_id": "0", "timestamp": "1512577691", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281a9b-febc-47a3-b04d-a867950d210f", "timestamp": "1512577691", "to_ids": true, "value": "eliassamare@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281a9b-4de0-4dbd-b56b-a867950d210f", "timestamp": "1512577691", "to_ids": false, "value": "Tsorona Conflict Video!", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281aca-9c14-412d-a6ea-ab72950d210f", "sharing_group_id": "0", "timestamp": "1512577738", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281acb-9688-4d83-8b9a-ab72950d210f", "timestamp": "1512577739", "to_ids": true, "value": "eliassamare@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281acb-2000-41b9-9613-ab72950d210f", "timestamp": "1512577739", "to_ids": false, "value": "UN Report and Diaspora Reaction!", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281af0-f578-403a-adac-4144950d210f", "sharing_group_id": "0", "timestamp": "1512577776", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281af0-10c8-4714-a621-41e9950d210f", "timestamp": "1512577776", "to_ids": true, "value": "eliassamare@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281af0-07e8-4884-95bf-4471950d210f", "timestamp": "1512577776", "to_ids": false, "value": "Ethiopia and Current Options!", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281b15-0198-4277-a942-2118950d210f", "sharing_group_id": "0", "timestamp": "1512577813", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281b15-ee8c-43e5-9923-2118950d210f", "timestamp": "1512577813", "to_ids": true, "value": "wadewadejoe@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281b15-e7d0-407a-9f98-2118950d210f", "timestamp": "1512577813", "to_ids": false, "value": "Congrats \u2013 \u12e8\u12a2\u1233\u1275 \u134d\u122c\u12ce\u127d", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281b40-3e3c-4f54-8ab6-a867950d210f", "sharing_group_id": "0", "timestamp": "1512577856", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281b41-f458-4d02-8460-a867950d210f", "timestamp": "1512577857", "to_ids": true, "value": "awetnaeyu@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281b41-6394-4bb1-becb-a867950d210f", "timestamp": "1512577857", "to_ids": false, "value": "Egypt-Ethiopia new tension!", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281b61-96e0-40e1-b3d6-eca7950d210f", "sharing_group_id": "0", "timestamp": "1512577889", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281b61-52fc-47b8-a863-eca7950d210f", "timestamp": "1512577889", "to_ids": true, "value": "lekanuguse2014@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281b61-f08c-41f2-8427-eca7950d210f", "timestamp": "1512577889", "to_ids": false, "value": "Gov official interrogated following leakage of national security meeting minutes", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "Targeting Etana Habte", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281ba2-81a0-42a8-aaae-4345950d210f", "sharing_group_id": "0", "timestamp": "1512577954", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281ba3-7520-49ee-8fa5-45d2950d210f", "timestamp": "1512577955", "to_ids": true, "value": "shigut.gelleta@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281ba3-7b6c-4b5e-b8e3-4c46950d210f", "timestamp": "1512577955", "to_ids": false, "value": "Let\u2019s stop EU & the World Bank from funding $500 m to Ethiopia", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "Targeting Etana Habte", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "uuid": "5a281bd4-bfc0-4c14-b244-a93f950d210f", "sharing_group_id": "0", "timestamp": "1512578004", "description": "Email object describing an email with meta-information", "template_version": "7", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281bd4-5380-4f60-8835-a93f950d210f", "timestamp": "1512578004", "to_ids": true, "value": "networkoromostudies2015@gmail.com", "disable_correlation": false, "object_relation": "from", "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281bd4-1920-4781-bc95-a93f950d210f", "timestamp": "1512578004", "to_ids": false, "value": "Fwd: MONOSANTO (A multinational company)\u2019s plan on Oromia", "disable_correlation": false, "object_relation": "subject", "type": "email-subject"}], "distribution": "5", "meta-category": "network", "name": "email"}, {"comment": "", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "uuid": "5a281d17-7db4-4902-b4eb-a867950d210f", "sharing_group_id": "0", "timestamp": "1512578327", "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "template_version": "4", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a281d17-fa44-497c-b29c-a867950d210f", "timestamp": "1512578327", "to_ids": true, "value": "http://pssts1.nozonenet.com/ts8/ts8.php", "disable_correlation": false, "object_relation": "url", "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a281d17-2e14-49ba-b4be-a867950d210f", "timestamp": "1512578327", "to_ids": true, "value": "pssts1.nozonenet.com", "disable_correlation": false, "object_relation": "host", "type": "hostname"}, {"comment": "", "category": "Other", "uuid": "5a281d17-682c-4b34-8c98-a867950d210f", "timestamp": "1512578327", "to_ids": false, "value": "http", "disable_correlation": true, "object_relation": "scheme", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a281d17-3244-4b6c-93bf-a867950d210f", "timestamp": "1512578327", "to_ids": false, "value": "/ts8/ts8.php", "disable_correlation": false, "object_relation": "resource_path", "type": "text"}], "distribution": "5", "meta-category": "network", "name": "url"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a281d6d-10b0-4008-9a73-4548950d210f", "sharing_group_id": "0", "timestamp": "1512578477", "description": "File object describing a file with meta-information", "template_version": "6", "ObjectReference": [{"comment": "", "object_uuid": "5a281d6d-10b0-4008-9a73-4548950d210f", "uuid": "5a281daa-ae00-4ec3-9e3e-4251950d210f", "timestamp": "1512578474", "referenced_uuid": "5a281d17-7db4-4902-b4eb-a867950d210f", "relationship_type": "communicates-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a281d6d-c220-4479-a60e-4fc8950d210f", "timestamp": "1512578413", "to_ids": true, "value": "c7b4b97369a2ca77e916d5175d162dc2b823763b", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281d6d-5e6c-49f9-b152-4279950d210f", "timestamp": "1512578413", "to_ids": true, "value": "c76d2a8c1c8865b1aa6512e13b77cbc7446022b7be3378f7233c5ca4a5e58116", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5a281d6d-12f4-414d-94b8-4653950d210f", "timestamp": "1512578413", "to_ids": true, "value": "376f28fb0aa650d6220a9d722cdb108d", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5a281d6d-1398-42a8-9656-49fa950d210f", "timestamp": "1512578425", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "Attribute": [{"comment": "Orginal report", "category": "External analysis", "uuid": "5a280530-cb0c-4c08-9599-4f60950d210f", "timestamp": "1512572208", "to_ids": false, "value": "https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "impersonating diretube.com", "category": "Network activity", "uuid": "5a281c5c-ee8c-4a72-887e-4251950d210f", "timestamp": "1512578183", "to_ids": true, "value": "diretube.co.uk", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "impersonating meskerem.net", "category": "Network activity", "uuid": "5a281c5c-db70-4261-8faa-4251950d210f", "timestamp": "1512578169", "to_ids": true, "value": "meskereme.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a281cd2-f650-4a15-996b-a8d0950d210f", "timestamp": "1512578258", "to_ids": true, "value": "time-local.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a281cd2-0aac-4616-825d-a8d0950d210f", "timestamp": "1512578258", "to_ids": true, "value": "time-local.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "The samples from getadobeplayer.com", "category": "Payload delivery", "uuid": "5a281df3-aed0-49c1-a5c2-eca8950d210f", "timestamp": "1512578547", "to_ids": true, "value": "568d8c43815fa9608974071c49d68232", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "The samples from getadobeplayer.com", "category": "Payload delivery", "uuid": "5a281df3-ef2c-431b-98e5-eca8950d210f", "timestamp": "1512578547", "to_ids": true, "value": "80b7121c4ecac1c321ca2e3f507104c2", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "The samples from getadobeplayer.com", "category": "Payload delivery", "uuid": "5a281df3-9dbc-4cd5-9ef2-eca8950d210f", "timestamp": "1512578547", "to_ids": true, "value": "8d6ce1a256acf608d82db6539bf73ae7", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "The samples from getadobeplayer.com", "category": "Payload delivery", "uuid": "5a281df3-03a4-4556-951a-eca8950d210f", "timestamp": "1512578547", "to_ids": true, "value": "840c4299f9cd5d4df46ee708c2c8247c", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "The samples from getadobeplayer.com", "category": "Payload delivery", "uuid": "5a281df3-6514-4e08-bfb3-eca8950d210f", "timestamp": "1512578547", "to_ids": true, "value": "961730964fd76c93603fb8f0d445c6f2", "disable_correlation": false, "object_relation": null, "type": "md5"}], "extends_uuid": "", "published": false, "date": "2017-12-06", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a2804a1-9eb4-4d70-82f4-4032950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink