y5qa5B
y5qa5B
y5qa5B
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ASERT Threat Intelligence Report 2016-03: The Four-Element Sword Engagement<br />
The e-‐mail was sent on Thursday Dec 31, 2015 at 19:08:25 +0800 (HKT) and was submitted to Virus Total from <br />
Taiwan. The Chinese language text in the mail message, when translated to English, mentions a meteor <br />
shower and the Hong Kong Space Museum. This is a different approach than threat actors providing the usual <br />
geopolitical content, but perhaps the intent was to provide some item that may be considered personally <br />
interesting to the target. <br />
The attachment filename “ 與 天 空 有 約 !12 個 2016 年 不 可 錯 過 的 天 文<br />
現 象 mm.doc” roughly translates from Chinese as “About the sky ! 12 <br />
2016 astronomical phenomenon not to be missed”. <br />
The Word document metadata, to the left, shows our now-‐familiar <br />
timeframe of December 31, 2015 and a name of “webAdmin” as the <br />
document author and modifier. Depending upon the generation <br />
scenario at play, such document metadata may or may not be useful, <br />
but is being included inside this report to provide potential indicators <br />
that may help track down other APT activity. <br />
14 Proprietary and Confidential Information of Arbor Networks, Inc.