{ "Event": { "analysis": "2", "date": "2015-06-17", "extends_uuid": "", "info": "[Threat Intel] The Spring Dragon APT", "protected": false, "publish_timestamp": "1780039808", "published": true, "threat_level_id": "1", "timestamp": "1772901976", "uuid": "aacd65ff-cd94-43b7-8a65-0777ff74614d", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LOTUS PANDA\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740372282", "to_ids": false, "type": "link", "uuid": "30825aee-3e3b-48ed-90b5-c73cba1af5d6", "value": "https://securelist.com/the-spring-dragon-apt/70726/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500179", "to_ids": true, "type": "url", "uuid": "15e06ad2-5b8e-4d92-a449-f52cc436349a", "value": "http://www.bkav2010.net/support/flashplayer/downloads.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500201", "to_ids": true, "type": "url", "uuid": "85bdb30b-ddad-415b-9227-9afe5ca04332", "value": "http://96.47.234.246/support/flashplayer/install_flashplayer.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740372350", "to_ids": false, "type": "vulnerability", "uuid": "34b2461d-f922-4cd6-bc3b-76af10ae38b5", "value": "CVE-2012-0158" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500336", "uuid": "16c635ef-48b6-47a6-8235-f9612aaca6ad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500336", "to_ids": true, "type": "md5", "uuid": "a9f85a0b-04e6-490f-9e55-72dc13e040ee", "value": "a42c966e26f3577534d03248551232f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746500264", "to_ids": true, "type": "sha1", "uuid": "bbeab19c-3b27-4b17-94fe-4888885d993d", "value": "747b16d5394c51062a26dc00a84c0e995fb059d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746500264", "to_ids": true, "type": "sha256", "uuid": "3065fe1c-0548-4255-aa01-083f9ba10ace", "value": "a09243ea407084013009d8267d3de1b0e6a9b345d47214e0b46023a34438c2f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746500263", "to_ids": true, "type": "ssdeep", "uuid": "5dc7cae2-785d-4768-b6d2-54f36c35cf0d", "value": "1536:QbqCvZCmSkhokghQPh12s3k7iDPDklMe5FfIn:Q5ZC9khonAkiMGe5FfI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746500263", "to_ids": false, "type": "size-in-bytes", "uuid": "45090d2a-910d-423e-ad18-32e2cbf56ce8", "value": "79360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746500263", "to_ids": true, "type": "vhash", "uuid": "6831d70f-8dfa-4e3d-8d0b-e13210d4a204", "value": "174056655d15151028z56rzb1z46z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746500263", "to_ids": true, "type": "filename", "uuid": "b4962da3-b7f8-47f0-b498-b0f0f9194ee5", "value": "wincex.dll" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 18/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746500263", "to_ids": false, "type": "text", "uuid": "f7125416-fbc9-43d7-83f9-b94f8292f693", "value": "Type Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Deselia.A!dha\nVT Total Detection:51/72\nFirst Submission:2016-05-02T04:30:36.000000+00:00\nLast Submission:2021-11-08T12:32:37.000000+00:00" } ] } ] } }