ASERT-Threat-Intelligence-Report-2016-03-The-Four-Element-Sword-Engagement
ASERT-Threat-Intelligence-Report-2016-03-The-Four-Element-Sword-Engagement
ASERT-Threat-Intelligence-Report-2016-03-The-Four-Element-Sword-Engagement
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>ASERT</strong> <strong>Threat</strong> <strong>Intelligence</strong> <strong>Report</strong> <strong>2016</strong>-<strong>03</strong>: <strong>The</strong> <strong>Four</strong>-<strong>Element</strong> <strong>Sword</strong> <strong>Engagement</strong><br />
<strong>The</strong> bait file document metadata indicates that it was created and modified by <br />
“HighSea” on 12/31/2015, the same day that the file was uploaded to Virus <br />
Total and the same day other threat activity was observed against the Tibetan <br />
community. <strong>The</strong> name “HighSea” appears in other malicious document <br />
metadata profiled within this report. <br />
IOC’s<br />
C2: 198.55.120[.]143 tcp/7386 <br />
MD5 (malicious RTF): facd2fbf26e974bdeae3e4db19753f<strong>03</strong> <br />
MD5 (T9000, BC29.tmp): e4e8493898d94f737ff4dc8fab743a4a <br />
Bait filename (~tmp.doc): One Tibetan Protester is Freed, Two Others Are Jailed.doc <br />
MD5 (~tmp.doc): 751196ce79dacd906eec9b5a1c92890b <br />
SHA-‐256: (malicious RTF): 1140e06fa8580cf869744b01cc<strong>03</strong>7c2d2d2b5af7f26f5b3448d9a536674d681c <br />
© Copyright <strong>2016</strong> Arbor Networks, Inc. All rights reserved. 29