adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/b0135754-b115-47c4-811c-e6840fe03f50.json

1232 lines
41 KiB
JSON
Raw Permalink Normal View History

chg: [feeder] updated
2023-12-14 13:47:04 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2021-12-17",
"extends_uuid": "",
"info": "Serverless InfoStealer delivered in Est European Countries",
"publish_timestamp": "1689165963",
"published": true,
"threat_level_id": "1",
"timestamp": "1687347426",
"uuid": "b0135754-b115-47c4-811c-e6840fe03f50",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:clear",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687261546",
"to_ids": true,
"type": "filename",
"uuid": "32089aee-e968-4036-81ba-7624c35ac4d7",
"value": "hulalalMCROSOFT.vbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687336148",
"to_ids": true,
"type": "url",
"uuid": "630568fd-a16f-4923-b962-8cd4501da921",
"value": "http://crypters.coolpage.biz/rumps/Rumppp.txt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687336148",
"to_ids": true,
"type": "url",
"uuid": "8d6c5ed1-d204-4162-9a77-48d8ecce0bae",
"value": "https://bitbucket.org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12"
},
{
"category": "Network activity",
"comment": "hogya - harsh singh",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687336148",
"to_ids": true,
"type": "url",
"uuid": "b8419835-5db0-46da-862c-a33bcdf87ae8",
"value": "https://bitbucket.org/hogya/workspace/snippets/"
},
{
"category": "Network activity",
"comment": "choasknight",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687336148",
"to_ids": true,
"type": "url",
"uuid": "32aaa5eb-08ff-4692-905d-3a9299c82689",
"value": "https://bitbucket.org/choasknight/workspace/snippets/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687342349",
"to_ids": true,
"type": "url",
"uuid": "d6cdd00c-6cf1-4508-a334-c1675389c4a1",
"value": "https://1230948%1230948%1230948%1230948%1230948%1230948@bitly.]com/dsasabshjkahsadnjksalhndjksa"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "9bb9ce3d-4c87-4219-8dd9-c06451060545",
"value": "https://bitly.com/dghiaksgdbshagdh"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "8756bc58-f42c-4a7f-b871-4b0f43ca2f7d",
"value": "https://bitly.com/etwuiqdbshadbsgha"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "e08a796c-8241-41f5-a0f9-f44d041bf61d",
"value": "https://bitly.com/etyqwuidgshaja"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "6c67ea83-da1f-428f-b8b1-555c5a592098",
"value": "https://bitly.com/etywuiqdbhsnadg"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "d12a405a-4d7e-4fb7-8c91-1e548af5c7fd",
"value": "https://bitly.com/etywuiqdhbsgjj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "650497e7-700d-4b67-a051-e49e6839a537",
"value": "https://bitly.com/etywuiqdhjkasdnbvh"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "b03e958f-4e52-4af2-b54f-556a3d4d282c",
"value": "https://bitly.com/eyuiasdbnjkasdhkashd"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "0798a83f-44c4-4634-a2f7-b6ecd8b2da0e",
"value": "https://bitly.com/eyuiqwdbhasgdjsha"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "684fb21a-5b06-4aa4-8bfe-84f2fa5ac53f",
"value": "https://bitly.com/eyuiqwdhjkasdbsadgb"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "e572f482-7f0c-4529-9c2f-2e4a22658916",
"value": "https://bitly.com/eyuiqwdhksbgjsha"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "6ed047d8-0795-4ec0-bb7a-ebe14c6ff0ec",
"value": "https://bitly.com/eyuiqwdhsgaddasvdj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "4737f676-4ff6-4e82-94f0-9102eecec537",
"value": "https://bitly.com/eyuiqwhdjkasdghj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "d4d540c5-f33f-484d-b06f-fac919ecb26b",
"value": "https://bitly.com/eywuiqdbnamsdgjh"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "44d29af2-c1d6-4d07-80c8-946e7ed0c6cb",
"value": "https://bitly.com/eywuiqdhjkasdbgmh"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "d33e7116-1ba7-49e5-abb5-9acf804a9587",
"value": "https://bitly.com/eywuiqdhnjkasbdjsghah"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "da3189cc-0235-484f-8e85-977fb1a61d73",
"value": "https://bitly.com/qywuiehasgdshaj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "3404c521-413b-4e73-9fa7-e82ce9376f94",
"value": "https://bitly.com/twyiqgshagsja"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "892d430e-0ca6-4ce3-9439-8e8b075f91e6",
"value": "https://bitly.com/yeuioqwhdkjasgd"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "76ff4fc7-0106-4a1c-a63a-ca3472e06907",
"value": "https://bitly.com/yeuiwqhdbasnvgjha"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687343292",
"to_ids": true,
"type": "url",
"uuid": "2c893001-4778-4534-bab8-a6c850f47dfc",
"value": "https://bitly.com/yqweikkajsbdjsgadhasdbg"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344839",
"to_ids": true,
"type": "url",
"uuid": "01af4767-33bc-4aba-9973-6a353cf5fb23",
"value": "https://madarbloghogya.blogspot.com/p/longdickback1.]html"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344839",
"to_ids": true,
"type": "url",
"uuid": "5e5b9a25-2628-47be-8eeb-cdeef3f9d37f",
"value": "https://madarbloghogya.blogspot.com/p/rothwellback.]html"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "1b5726d6-3d8f-4b47-b3ef-56235ccdce9f",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/bxkkpz/4118f44550b85bec2ae65d3e55bf77b2101991c8/files/calib111"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "dc902153-1115-4531-ba86-757cc9dc5faa",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/dxkkpr/2a7b31d0309cf290a0a4c692077fd013669991b2/files/charles11"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "461e1888-aaa6-4102-908e-180c14af2cb3",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/7XkkMb/3cb71404b16fd36f48bb66d71c61d6055fe8fbd3/files/dark1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "489aa087-aac8-4054-8e17-1abb1ec7a59a",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkMx/5b19e6bac2c7b95e36211bb737603c38bcc64885/files/ghul1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "96a96090-6a9a-423a-9324-996c005570ca",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/Epgg7x/90823c7b15d8d3c9aa74b74766a264f2cdaff147/files/long11"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "0d6f1f05-eceb-4ab8-b8bd-c4749ae2d79a",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqjX/1cf020a5bcfd0f3a613b1356558b4e5c67136435/files/mrk"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "358c78da-7fe5-44f6-a565-d4a1cf951e34",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEMa/2c4fbe9f83764ed4c53961886e563861399257d5/files/muti"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "2f004a3e-d63f-4130-bda9-3ebd027256a9",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/A9MM7b/b1f5d79e5438016d91d7a42680532aed1cff8657/files/qw2"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "7969287f-795d-4366-a389-05cd0fc2d6b4",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "b0eab0d8-740b-4ff4-965c-859d99c71ddd",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgk/81cf1a8c4f8ec324adf7e8729c8c19d6f3191d34/files/van1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "9db74dc5-3f89-400a-9d04-2d1722bc14bb",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/7Xkkdr/71b71d4e957ac56cd5bc6d1558b81f44210cd884/files/calib-1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "137206b4-41e7-49a8-b8a7-15f04a3f0f51",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLe/b4e47bf432d722a20ecd7b8d532de88c5274468e/files/charles123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "b455dce0-4048-453f-a0ef-9fec55e74505",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgA/236882c179c87120ea611078d65f6af854a3da76/files/dark123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "031ce0aa-1884-4419-92c5-a5f2f299d279",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbx/b985a138bfcc230075309d6393d9a77a013146d2/files/ghul123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "22a021ca-484b-4818-8f97-39c264c0004f",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEdx/fd5b2f66e22535e681f5d9b75f380f15645e8ea5/files/long132"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "38ff91e7-5d34-43b5-92cc-4ba1fe0b09a4",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLk/30b96224276ce0482b9ca6a8e8d51b1a80af06dc/files/mrk123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "87e83393-5003-478e-9085-ade6c2762d09",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgg/947b59abdf17355aa212f65cc26ed3a0a694dd30/files/muti001"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "cbb6d961-abc3-43aa-8e25-f77c15dd710e",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbj/93313de40a32b1c85bf7c5ef52d103808e400c89/files/qwe22"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "85ba72a9-3a60-4979-bfbf-ef263bc4160c",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/LpMMnx/78c83d16ba68da5bd2cdc3a25e26e367c7b10f05/files/roth123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "f85057a4-3d7e-43c7-bf69-a5b7b7f84ae6",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkda/da9c321b635563490e760230601e6da016df6172/files/van123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "8ad343a2-3853-4287-8918-2659eca905cc",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqay/1b716492745a665eea93dd18261a7a3c9f8ac85f/files/reza"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "6ed9fe69-d3d5-4876-95de-5559f3083639",
"value": "https://bitbucket.]org/!api/2.0/snippets/hogya/exEE5y/c407ebf390895c289726d38e17ace212689e34f8/files/reza-111"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "68059aa3-b7f5-405c-b49e-64535aa3f928",
"value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/6XEXAo/6602fb280c0f18337286988b9af658023a7cc994/files/test"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "c2f6630d-41bb-45ba-97f7-745091064e38",
"value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/kxqxxA/5864261b6610d863302b06c528fe1a85d4db7072/files/darkhorse"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687344920",
"to_ids": true,
"type": "url",
"uuid": "27a2e274-3a77-4c26-b0fe-f657823ebb8d",
"value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/yXEXXn/2b8cdcdeaa63834b21dba9c15a50226a5629a888/files/darkhorsepart2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "3937a026-6732-4b7d-abb2-85d29c590a1d",
"value": "014d5412e803d0abe1bdf1f29d02e389603ad5c30e449920f6995748e9310542"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "780ae267-d937-4acd-a291-95777bc324b5",
"value": "19451a668953bd2a206283163714425ed75f822b8ac915f1e04b966671a1a23c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "1fac7fd2-1168-4a1f-945c-f0ee32dfb502",
"value": "27b7e68d5d728b339dc5d8fbc6a9f4194da0ba1ffc471d58c3cabf2a2ebd426d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "48903724-1866-454b-889b-5ce503d0d571",
"value": "29a4107734ec549b59d5babd945ceb6c254375011165d34e70e86553c27581c8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "34a61b72-2558-4259-9cff-ca63f27078ed",
"value": "36f26fffbe92ea0a9fbd25908fd12af52f2dad967a1369c77ef97e76c1638ca3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "754e5066-1cf1-4043-9213-ebfe4047372c",
"value": "414f56a4bbedb067cfa571d107103f705d742d10e2fe7163c97d6925e62ea853"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "87903ba3-0efc-468f-ac75-52898b7e8f73",
"value": "468f28807ef4d3e8cbd812d808b9573fb87ba83a037503c9c14f032ca08deb2e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "14a3d130-019a-44ec-8748-3a413daa0eea",
"value": "54f8342dec4a0b60e369292eee00cb6b8676ec48973a3a345a217febb0f3488e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "514c5895-c0be-4be5-afff-966e646e8a15",
"value": "5665e106ce98224e6f1d02a49c86e01778ed630ab53b55f5ed50126bd1666c06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "f3727a52-8a65-4981-88f6-e59a19859276",
"value": "639f108d6fa7469827be4396f086b95158ee28a7eec6867cedaf2d4007a3784b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "f56444b5-bdf9-4797-b119-d498ca952a2b",
"value": "6d492bbc2e972b9720bb9463733ed550236742341952e0d5a31c0f0220beffdd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "125c6d4e-f6d4-418f-906c-52d84f1e7716",
"value": "81698424c325e40c1cd537719a228cf99fcacd1b954e717f27c4ba32c5cd83fd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "2a40d59f-db23-4321-9d8c-c42c975bfeb1",
"value": "89d2bfac1aa9427857b229ec9f1acae69a865bb33a88f33e7264e82bd4463b35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "bf4b8df7-30ab-47b7-8ab1-7613904b16f1",
"value": "8a17d0e4a4f310a8aeb27a2e30cfc463c2d5a2bfa2772b0a5d5700b4c1e1c3bd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "b5d5d93a-efe0-4b92-a598-f0469238c1d8",
"value": "8ed21a5bfe917fcba312ed2b630deadba0a4d623f4bccf74dd80149b176d414e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "6fa62a80-10d3-4231-8a91-93821b26d441",
"value": "9c3ecaecc2339b973eacaa4da07dae33964c75c7766f36c862c988491d4ecbb0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "7194dc14-19a1-4e15-b6c4-e719d2173fe0",
"value": "9f4a60a9f9c8ac29814bf0e94360ca1502973ad2530bb66f8c4e2b75977d7311"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "37e5410d-b856-407f-87f9-8af2b9d5e912",
"value": "a3d8bc6d455eaeca2f0fbe462f6348c0f61242dc7bde1c48d27b33f1d8cf1d9d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "2363aa94-f60a-42bf-bea3-a991125de5aa",
"value": "a98f6606e576078f0735d504dfd4c4276fd91d918117a29334ff41107c3d269e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "4921aa93-bf1f-482f-8c45-86493772fb90",
"value": "acd370830c92939272a8503ef834d5892108133de131407d10c7435e1514208b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "e18c8e9e-a022-4d12-9fc1-a459bdcea74c",
"value": "bc1254a16b628102bb13c3501d2c52063f16c7857419455790863beec30f31e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "d80daa77-cafc-4a98-980e-32d6c4a49510",
"value": "c4d3db664407cd7dde28b6490dc2cbaafad0b91740bf51b480b1f4c324834fd1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "a0d545d3-2b52-4c76-a9b2-e8812eb70bfa",
"value": "d0d36b28f2d009efd9ebf8006d5a937bdf61e408166d7d811ed01bc4a6cc61ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "18612900-27a4-4e2c-b1a1-bdfa8550108e",
"value": "d3b83d76e76c22b2881a3e5b86afbfd020b631584ed0a40f67d5820a572bc5f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "851bb9d1-2476-401a-a4f3-159d373eae4c",
"value": "d4ee5546b462eb2cf6f88ca39fcc208904d02488782ab0285c06e1e35c1a754e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "59291766-0fde-4d8b-bf2e-e6717da8de96",
"value": "fe5811c318713cbdf188b2fae370dd8827715fd9e0e5a1ee367823343d0d5a0f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "38714092-3e5e-4cd1-9033-05f1a6bcd33b",
"value": "e2a2f3d6aae6a4ca060d5f761591f6edb9db80677bdd7bb9ba71f8c88b0dbf38"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "de80555f-cbfd-410f-86f1-f5079e658295",
"value": "bb5bdc809fe22bdc88652c5ca93aba8c90798d55e62d7fc0cbc44740bf6bf1d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "7201dd76-373a-4ef3-ae32-ed5e2d9954b4",
"value": "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347351",
"to_ids": true,
"type": "sha256",
"uuid": "60d47caf-e4a8-40c9-9bd2-1d95bcc979cf",
"value": "94ac4b5dc33bd0374952731853642a4eca8bdb9be12b861297d7dd8f0e527c19"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "c70724eb-b1a5-431c-92cb-63d501c114ed",
"value": "http://69.174.99.181/webpanel-calib/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "274428fa-9e17-4088-9180-80d7b0928cdb",
"value": "http://69.174.99.181/webpanel-charles/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "04eef561-3636-43cc-858c-3664aa62f0ba",
"value": "http://69.174.99.181/webpanel-dark/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "528e61dd-f4ed-4771-b6d5-1afac360565b",
"value": "http://69.174.99.181/webpanel-ghul/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "d4ff3f40-de55-46f1-8c6b-c1ab576707c0",
"value": "http://69.174.99.181/webpanel-greg/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "a885c8ec-1181-4c63-860d-51c900e368ea",
"value": "http://69.174.99.181/webpanel-long/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "5f57c44c-f15e-4da3-b506-49a2b55ac7ed",
"value": "http://69.174.99.181/webpanel-mrk/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "6c8187a6-aebf-4c7a-9dbb-5544994f6df9",
"value": "http://69.174.99.181/webpanel-muti/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "9edae6cf-b14a-4342-b86c-0514f9801aa7",
"value": "http://69.174.99.181/webpanel-reza/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "770e7b1a-7aa9-48a5-b59f-9da26a65fdaa",
"value": "http://69.174.99.181/webpanel-roth/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "23c9db84-2c6e-4d2f-b276-b1a045f5611f",
"value": "http://69.174.99.181/webpanel-trade/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "dbd6f45e-3c19-455c-b011-865719bd32ce",
"value": "http://69.174.99.181/webpanel-van/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1687347426",
"to_ids": true,
"type": "url",
"uuid": "92197b09-0f1a-4407-b999-52c680bf03aa",
"value": "http://69.174.99.181/webpanel-zoe/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1687261292",
"uuid": "af3be992-38a1-4658-83ef-815740dddd20",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1687261292",
"to_ids": false,
"type": "link",
"uuid": "8a3ad064-de1d-40aa-ab74-6ab83b3ba159",
"value": "https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1687261292",
"to_ids": false,
"type": "text",
"uuid": "3aa32c47-1ff2-4665-bcbb-352028f449c6",
"value": "Threat actors' consistency over time represents an indication of effectiveness and experience, resulting in an increasing risk for targeted companies. \r\n\r\nThe Yoroi Malware ZLAB is tracking the threat actor Aggah (TH-157) since 2019, along with PaloAlto UNIT42, HP and Juniper Networks, and the persistency of its malicious operation over time reveals a structured information stealing infrastructure, a worldwide campaign capable of quickly varying its distribution technique. \r\n\r\nWe discovered new data theft and reconnaissance operations targeting multiple victims worldwide, including Ukraine, Lithuania, and Italy. The whole campaign impacted hundreds of victims and lasted for two months. CERT Yoroi was able to track the malware distribution infrastructure which was abusing the Bitbucket code repository infrastructures to evade detection mechanism, URL and domain reputation security check. \r\n\r\nThe following article describes how TH-157 conducted this new wave of attacks along with all the indicators needed by security teams to hunt down active intrusions."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1687261292",
"to_ids": false,
"type": "text",
"uuid": "d8c7ec8b-0c83-4a9d-ab32-06ff30b2302d",
"value": "Report"
}
]
},
{
"comment": "Aggah Campaign November 2021 - Malicious PPA macro dropper \t",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1687261368",
"uuid": "1bf76bf3-2ac7-432d-8632-da0a3f879e2e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1687261368",
"to_ids": true,
"type": "sha256",
"uuid": "703bdee8-6d90-480a-b490-857dcb9989c5",
"value": "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1687261368",
"to_ids": true,
"type": "ssdeep",
"uuid": "4905453e-e47f-4f31-95a3-105299e990c1",
"value": "384:IKyo59LwWOIZlIjlaRKPPYglCLMvu61aUr/clFo39D:J59UWOI3mbkLhHmcjo"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1687261642",
"uuid": "9b0fd0fa-4b8f-4b68-8297-6060e5956dad",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1687261642",
"to_ids": true,
"type": "filename",
"uuid": "f302b958-9eb6-4211-a7c1-e1b9dbf3b986",
"value": "xxx1.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1687261642",
"to_ids": false,
"type": "text",
"uuid": "7e9faab8-d2bf-4a10-bb1d-1562ae45228e",
"value": "%PUBLIC%\\xxx1.txt"
}
]
}
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
}
Reference in a new issue Copy permalink