{ "Event": { "analysis": "1", "date": "2024-06-24", "extends_uuid": "", "info": "[Threat Intel] Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation", "protected": false, "publish_timestamp": "1780382059", "published": true, "threat_level_id": "1", "timestamp": "1780382059", "uuid": "91ec5b1f-2db7-4fd0-b3f1-5896939d72d5", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#bf2644", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server Software Component - T1505\"", "relationship_type": "" }, { "colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": "" }, { "colour": "#631fed", "local": false, "name": "misp-galaxy:target-information=\"Rwanda\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RedJuliett\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": "" }, { "colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746321421", "to_ids": false, "type": "link", "uuid": "e2a7fad3-1c67-4b90-8caa-2db3b64db55e", "value": "https://www.recordedfuture.com/research/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": false, "type": "text", "uuid": "5a7b0628-c072-40e4-a48b-d034799826a2", "value": "Chinese state-sponsored cyber-espionage group RedJuliett continues to target Taiwanese government, academic, technology companies and de facto embassies, according to a new report from Insikt Group." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": false, "type": "text", "uuid": "9fbbf1d9-017a-4b09-ba4e-a63fc661fab6", "value": "Name: Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation\nAuthor: AlienVault\nAdversary: RedJuliett\nTags: [\"redjuliett\", \"taiwan\", \"beijing\", \"laos\", \"kenya\", \"rwanda\", \"softether vpn\"]\nTgtd countries: [\"Taiwan\", \"Lao People's Democratic Republic\", \"Kenya\", \"Rwanda\", \"China\", \"Hong Kong\", \"Malaysia\", \"Korea, Republic of\", \"United States of America\", \"Djibouti\"]\nMlwr families: []\nAttack_ids: [\"T1068\", \"T1133\", \"T1190\", \"T1505\", \"T1583\", \"T1584\", \"T1595\"]\nIndustries: [\"Government\", \"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": false, "type": "threat-actor", "uuid": "033e2162-339b-4cc1-a267-99781105ce87", "value": "RedJuliett" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328194", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "f279620f-0c84-4574-afd3-d4de6e820fb9", "value": "0cc0ba859981e0c8142a4877f3af99d98dc0b707" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328202", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "4497bd02-4546-4b20-8a37-0308b4337cb4", "value": "2c95b971aa47dc4d94a3c52db74a3de11d9ba658" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328206", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "9c2e5ee1-8f7c-420f-b8a3-c52dbdc045f9", "value": "5437d0195c31bf7cedc9d90b8cb0074272bc55df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328208", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "9617cfd2-5cb8-488f-b649-a43d54eee85d", "value": "7992c0a816246b287d991c4ecf68f2d32e4bca18" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328210", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "330729d8-bd85-4d32-a305-55d93e69a31f", "value": "9f01fc7cad8cdd8d934e2d2f033d7199a5e96e4a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328212", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "85d4c3c8-994e-49fc-936e-0bc2e74a79e9", "value": "cc1f0cdc131dfafd43f60ff0e6a6089cd03e92f1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": true, "type": "hostname", "uuid": "cab40601-f81d-4b8d-997e-ee5142128e8e", "value": "cktime.ooguy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": true, "type": "hostname", "uuid": "11b8483c-16e0-456f-92d7-a89cd119bbde", "value": "www.dns361.tk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736660701", "to_ids": true, "type": "hostname", "uuid": "6b244528-2384-4095-9562-c922a292091c", "value": "www.sofeter.ml" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039380", "to_ids": true, "type": "ip-dst", "uuid": "50f786d0-662b-4d13-8c79-ee663747a7de", "value": "38.147.190.192", "Tag": [ { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039382", "to_ids": true, "type": "ip-dst", "uuid": "313e67ef-f09a-40ae-a2ea-f264646fb65e", "value": "61.238.103.155", "Tag": [ { "colour": "#8f2ee5", "local": false, "name": "asn:asn=\"10103\"", "relationship_type": "" }, { "colour": "#b6ca27", "local": false, "name": "asn:as-owner=\"HKBN-AS-AP HK Broadband Network Ltd.\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039384", "to_ids": true, "type": "ip-dst", "uuid": "64062f6b-1ea9-4b6e-91fd-c8ff4c42c585", "value": "122.10.89.230", "Tag": [ { "colour": "#44ec52", "local": false, "name": "asn:asn=\"134548\"", "relationship_type": "" }, { "colour": "#fce2d0", "local": false, "name": "asn:as-owner=\"DXTL-HK DXTL Tseung Kwan O Service\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039385", "to_ids": true, "type": "ip-dst", "uuid": "e9a52b92-7772-4ff6-9a29-df5f89ad3525", "value": "137.220.36.87", "Tag": [ { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039387", "to_ids": true, "type": "ip-dst", "uuid": "9b3badfa-2f29-449a-aa1e-dcc527efb4ce", "value": "140.120.98.115", "Tag": [ { "colour": "#9de049", "local": false, "name": "asn:asn=\"1659\"", "relationship_type": "" }, { "colour": "#4213d5", "local": false, "name": "asn:as-owner=\"ERX-TANET-ASN1 Taiwan Academic Network TANet Information Center\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328174", "to_ids": true, "type": "ip-dst", "uuid": "67c0fd6a-a6d3-4f1b-a957-76efdb64a86d", "value": "154.197.98.3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328174", "to_ids": true, "type": "ip-dst", "uuid": "de59bc95-8944-4744-83d6-04bea475b88d", "value": "154.197.99.202" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780382059", "to_ids": true, "type": "ip-dst", "uuid": "c32cac55-ee1d-4d92-89f0-cf81e66f244e", "value": "176.119.150.92", "Tag": [ { "colour": "#2dc6f1", "local": false, "name": "asn:asn=\"3258\"", "relationship_type": "" }, { "colour": "#c79458", "local": false, "name": "asn:as-owner=\"XTOM-JAPAN xTom Japan Corporation\"", "relationship_type": "" }, { "colour": "#bab83b", "local": false, "name": "asn:as-country=\"JP\"", "relationship_type": "" }, { "colour": "#e8b447", "local": false, "name": "misp-galaxy:country=\"japan\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746328343", "to_ids": false, "type": "vulnerability", "uuid": "b859e76b-f62d-43e6-a1e5-444fe69bc751", "value": "CVE-2016-5195" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770874615", "to_ids": false, "type": "comment", "uuid": "cae83fac-8284-433e-b9cf-21e98c12369e", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240624-RedJuliett/27.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770874615", "to_ids": false, "type": "comment", "uuid": "714cbe8c-0a44-49a0-9597-7d40c964e0b6", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240624-RedJuliett/28.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770874615", "to_ids": false, "type": "comment", "uuid": "ebde1a89-ff46-4dfb-b49a-bbd4525f65d4", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240624-RedJuliett/29.png" } ] } }