2023-12-14 13:47:04 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "0" ,
"date" : "2021-12-17" ,
"extends_uuid" : "" ,
"info" : "Serverless InfoStealer delivered in Est European Countries" ,
"publish_timestamp" : "1689165963" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1687347426" ,
"uuid" : "b0135754-b115-47c4-811c-e6840fe03f50" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:clear" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687261546" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "32089aee-e968-4036-81ba-7624c35ac4d7" ,
"value" : "hulalalMCROSOFT.vbs"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687336148" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "630568fd-a16f-4923-b962-8cd4501da921" ,
"value" : "http://crypters.coolpage.biz/rumps/Rumppp.txt"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687336148" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "8d6c5ed1-d204-4162-9a77-48d8ecce0bae" ,
"value" : "https://bitbucket.org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12"
} ,
{
"category" : "Network activity" ,
"comment" : "hogya - harsh singh" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687336148" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "b8419835-5db0-46da-862c-a33bcdf87ae8" ,
"value" : "https://bitbucket.org/hogya/workspace/snippets/"
} ,
{
"category" : "Network activity" ,
"comment" : "choasknight" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687336148" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "32aaa5eb-08ff-4692-905d-3a9299c82689" ,
"value" : "https://bitbucket.org/choasknight/workspace/snippets/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687342349" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d6cdd00c-6cf1-4508-a334-c1675389c4a1" ,
"value" : "https://1230948%1230948%1230948%1230948%1230948%1230948@bitly.]com/dsasabshjkahsadnjksalhndjksa"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "9bb9ce3d-4c87-4219-8dd9-c06451060545" ,
"value" : "https://bitly.com/dghiaksgdbshagdh"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "8756bc58-f42c-4a7f-b871-4b0f43ca2f7d" ,
"value" : "https://bitly.com/etwuiqdbshadbsgha"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "e08a796c-8241-41f5-a0f9-f44d041bf61d" ,
"value" : "https://bitly.com/etyqwuidgshaja"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "6c67ea83-da1f-428f-b8b1-555c5a592098" ,
"value" : "https://bitly.com/etywuiqdbhsnadg"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d12a405a-4d7e-4fb7-8c91-1e548af5c7fd" ,
"value" : "https://bitly.com/etywuiqdhbsgjj"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "650497e7-700d-4b67-a051-e49e6839a537" ,
"value" : "https://bitly.com/etywuiqdhjkasdnbvh"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "b03e958f-4e52-4af2-b54f-556a3d4d282c" ,
"value" : "https://bitly.com/eyuiasdbnjkasdhkashd"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "0798a83f-44c4-4634-a2f7-b6ecd8b2da0e" ,
"value" : "https://bitly.com/eyuiqwdbhasgdjsha"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "684fb21a-5b06-4aa4-8bfe-84f2fa5ac53f" ,
"value" : "https://bitly.com/eyuiqwdhjkasdbsadgb"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "e572f482-7f0c-4529-9c2f-2e4a22658916" ,
"value" : "https://bitly.com/eyuiqwdhksbgjsha"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "6ed047d8-0795-4ec0-bb7a-ebe14c6ff0ec" ,
"value" : "https://bitly.com/eyuiqwdhsgaddasvdj"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "4737f676-4ff6-4e82-94f0-9102eecec537" ,
"value" : "https://bitly.com/eyuiqwhdjkasdghj"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d4d540c5-f33f-484d-b06f-fac919ecb26b" ,
"value" : "https://bitly.com/eywuiqdbnamsdgjh"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "44d29af2-c1d6-4d07-80c8-946e7ed0c6cb" ,
"value" : "https://bitly.com/eywuiqdhjkasdbgmh"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d33e7116-1ba7-49e5-abb5-9acf804a9587" ,
"value" : "https://bitly.com/eywuiqdhnjkasbdjsghah"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "da3189cc-0235-484f-8e85-977fb1a61d73" ,
"value" : "https://bitly.com/qywuiehasgdshaj"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "3404c521-413b-4e73-9fa7-e82ce9376f94" ,
"value" : "https://bitly.com/twyiqgshagsja"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "892d430e-0ca6-4ce3-9439-8e8b075f91e6" ,
"value" : "https://bitly.com/yeuioqwhdkjasgd"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "76ff4fc7-0106-4a1c-a63a-ca3472e06907" ,
"value" : "https://bitly.com/yeuiwqhdbasnvgjha"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687343292" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "2c893001-4778-4534-bab8-a6c850f47dfc" ,
"value" : "https://bitly.com/yqweikkajsbdjsgadhasdbg"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344839" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "01af4767-33bc-4aba-9973-6a353cf5fb23" ,
"value" : "https://madarbloghogya.blogspot.com/p/longdickback1.]html"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344839" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5e5b9a25-2628-47be-8eeb-cdeef3f9d37f" ,
"value" : "https://madarbloghogya.blogspot.com/p/rothwellback.]html"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "1b5726d6-3d8f-4b47-b3ef-56235ccdce9f" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/bxkkpz/4118f44550b85bec2ae65d3e55bf77b2101991c8/files/calib111"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "dc902153-1115-4531-ba86-757cc9dc5faa" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/dxkkpr/2a7b31d0309cf290a0a4c692077fd013669991b2/files/charles11"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "461e1888-aaa6-4102-908e-180c14af2cb3" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/7XkkMb/3cb71404b16fd36f48bb66d71c61d6055fe8fbd3/files/dark1"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "489aa087-aac8-4054-8e17-1abb1ec7a59a" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkMx/5b19e6bac2c7b95e36211bb737603c38bcc64885/files/ghul1"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "96a96090-6a9a-423a-9324-996c005570ca" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/Epgg7x/90823c7b15d8d3c9aa74b74766a264f2cdaff147/files/long11"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "0d6f1f05-eceb-4ab8-b8bd-c4749ae2d79a" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqjX/1cf020a5bcfd0f3a613b1356558b4e5c67136435/files/mrk"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "358c78da-7fe5-44f6-a565-d4a1cf951e34" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEMa/2c4fbe9f83764ed4c53961886e563861399257d5/files/muti"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "2f004a3e-d63f-4130-bda9-3ebd027256a9" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/A9MM7b/b1f5d79e5438016d91d7a42680532aed1cff8657/files/qw2"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "7969287f-795d-4366-a389-05cd0fc2d6b4" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "b0eab0d8-740b-4ff4-965c-859d99c71ddd" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgk/81cf1a8c4f8ec324adf7e8729c8c19d6f3191d34/files/van1"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "9db74dc5-3f89-400a-9d04-2d1722bc14bb" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/7Xkkdr/71b71d4e957ac56cd5bc6d1558b81f44210cd884/files/calib-1"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "137206b4-41e7-49a8-b8a7-15f04a3f0f51" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLe/b4e47bf432d722a20ecd7b8d532de88c5274468e/files/charles123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "b455dce0-4048-453f-a0ef-9fec55e74505" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgA/236882c179c87120ea611078d65f6af854a3da76/files/dark123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "031ce0aa-1884-4419-92c5-a5f2f299d279" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbx/b985a138bfcc230075309d6393d9a77a013146d2/files/ghul123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "22a021ca-484b-4818-8f97-39c264c0004f" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEdx/fd5b2f66e22535e681f5d9b75f380f15645e8ea5/files/long132"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "38ff91e7-5d34-43b5-92cc-4ba1fe0b09a4" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLk/30b96224276ce0482b9ca6a8e8d51b1a80af06dc/files/mrk123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "87e83393-5003-478e-9085-ade6c2762d09" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgg/947b59abdf17355aa212f65cc26ed3a0a694dd30/files/muti001"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "cbb6d961-abc3-43aa-8e25-f77c15dd710e" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbj/93313de40a32b1c85bf7c5ef52d103808e400c89/files/qwe22"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "85ba72a9-3a60-4979-bfbf-ef263bc4160c" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/LpMMnx/78c83d16ba68da5bd2cdc3a25e26e367c7b10f05/files/roth123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "f85057a4-3d7e-43c7-bf69-a5b7b7f84ae6" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkda/da9c321b635563490e760230601e6da016df6172/files/van123"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "8ad343a2-3853-4287-8918-2659eca905cc" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqay/1b716492745a665eea93dd18261a7a3c9f8ac85f/files/reza"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "6ed9fe69-d3d5-4876-95de-5559f3083639" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/hogya/exEE5y/c407ebf390895c289726d38e17ace212689e34f8/files/reza-111"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "68059aa3-b7f5-405c-b49e-64535aa3f928" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/choasknight/6XEXAo/6602fb280c0f18337286988b9af658023a7cc994/files/test"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "c2f6630d-41bb-45ba-97f7-745091064e38" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/choasknight/kxqxxA/5864261b6610d863302b06c528fe1a85d4db7072/files/darkhorse"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687344920" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "27a2e274-3a77-4c26-b0fe-f657823ebb8d" ,
"value" : "https://bitbucket.]org/!api/2.0/snippets/choasknight/yXEXXn/2b8cdcdeaa63834b21dba9c15a50226a5629a888/files/darkhorsepart2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "3937a026-6732-4b7d-abb2-85d29c590a1d" ,
"value" : "014d5412e803d0abe1bdf1f29d02e389603ad5c30e449920f6995748e9310542"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "780ae267-d937-4acd-a291-95777bc324b5" ,
"value" : "19451a668953bd2a206283163714425ed75f822b8ac915f1e04b966671a1a23c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1fac7fd2-1168-4a1f-945c-f0ee32dfb502" ,
"value" : "27b7e68d5d728b339dc5d8fbc6a9f4194da0ba1ffc471d58c3cabf2a2ebd426d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "48903724-1866-454b-889b-5ce503d0d571" ,
"value" : "29a4107734ec549b59d5babd945ceb6c254375011165d34e70e86553c27581c8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "34a61b72-2558-4259-9cff-ca63f27078ed" ,
"value" : "36f26fffbe92ea0a9fbd25908fd12af52f2dad967a1369c77ef97e76c1638ca3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "754e5066-1cf1-4043-9213-ebfe4047372c" ,
"value" : "414f56a4bbedb067cfa571d107103f705d742d10e2fe7163c97d6925e62ea853"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "87903ba3-0efc-468f-ac75-52898b7e8f73" ,
"value" : "468f28807ef4d3e8cbd812d808b9573fb87ba83a037503c9c14f032ca08deb2e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "14a3d130-019a-44ec-8748-3a413daa0eea" ,
"value" : "54f8342dec4a0b60e369292eee00cb6b8676ec48973a3a345a217febb0f3488e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "514c5895-c0be-4be5-afff-966e646e8a15" ,
"value" : "5665e106ce98224e6f1d02a49c86e01778ed630ab53b55f5ed50126bd1666c06"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f3727a52-8a65-4981-88f6-e59a19859276" ,
"value" : "639f108d6fa7469827be4396f086b95158ee28a7eec6867cedaf2d4007a3784b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f56444b5-bdf9-4797-b119-d498ca952a2b" ,
"value" : "6d492bbc2e972b9720bb9463733ed550236742341952e0d5a31c0f0220beffdd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "125c6d4e-f6d4-418f-906c-52d84f1e7716" ,
"value" : "81698424c325e40c1cd537719a228cf99fcacd1b954e717f27c4ba32c5cd83fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2a40d59f-db23-4321-9d8c-c42c975bfeb1" ,
"value" : "89d2bfac1aa9427857b229ec9f1acae69a865bb33a88f33e7264e82bd4463b35"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "bf4b8df7-30ab-47b7-8ab1-7613904b16f1" ,
"value" : "8a17d0e4a4f310a8aeb27a2e30cfc463c2d5a2bfa2772b0a5d5700b4c1e1c3bd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b5d5d93a-efe0-4b92-a598-f0469238c1d8" ,
"value" : "8ed21a5bfe917fcba312ed2b630deadba0a4d623f4bccf74dd80149b176d414e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6fa62a80-10d3-4231-8a91-93821b26d441" ,
"value" : "9c3ecaecc2339b973eacaa4da07dae33964c75c7766f36c862c988491d4ecbb0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "7194dc14-19a1-4e15-b6c4-e719d2173fe0" ,
"value" : "9f4a60a9f9c8ac29814bf0e94360ca1502973ad2530bb66f8c4e2b75977d7311"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "37e5410d-b856-407f-87f9-8af2b9d5e912" ,
"value" : "a3d8bc6d455eaeca2f0fbe462f6348c0f61242dc7bde1c48d27b33f1d8cf1d9d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2363aa94-f60a-42bf-bea3-a991125de5aa" ,
"value" : "a98f6606e576078f0735d504dfd4c4276fd91d918117a29334ff41107c3d269e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4921aa93-bf1f-482f-8c45-86493772fb90" ,
"value" : "acd370830c92939272a8503ef834d5892108133de131407d10c7435e1514208b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e18c8e9e-a022-4d12-9fc1-a459bdcea74c" ,
"value" : "bc1254a16b628102bb13c3501d2c52063f16c7857419455790863beec30f31e2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "d80daa77-cafc-4a98-980e-32d6c4a49510" ,
"value" : "c4d3db664407cd7dde28b6490dc2cbaafad0b91740bf51b480b1f4c324834fd1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a0d545d3-2b52-4c76-a9b2-e8812eb70bfa" ,
"value" : "d0d36b28f2d009efd9ebf8006d5a937bdf61e408166d7d811ed01bc4a6cc61ab"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "18612900-27a4-4e2c-b1a1-bdfa8550108e" ,
"value" : "d3b83d76e76c22b2881a3e5b86afbfd020b631584ed0a40f67d5820a572bc5f2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "851bb9d1-2476-401a-a4f3-159d373eae4c" ,
"value" : "d4ee5546b462eb2cf6f88ca39fcc208904d02488782ab0285c06e1e35c1a754e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59291766-0fde-4d8b-bf2e-e6717da8de96" ,
"value" : "fe5811c318713cbdf188b2fae370dd8827715fd9e0e5a1ee367823343d0d5a0f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "38714092-3e5e-4cd1-9033-05f1a6bcd33b" ,
"value" : "e2a2f3d6aae6a4ca060d5f761591f6edb9db80677bdd7bb9ba71f8c88b0dbf38"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "de80555f-cbfd-410f-86f1-f5079e658295" ,
"value" : "bb5bdc809fe22bdc88652c5ca93aba8c90798d55e62d7fc0cbc44740bf6bf1d6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "7201dd76-373a-4ef3-ae32-ed5e2d9954b4" ,
"value" : "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347351" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "60d47caf-e4a8-40c9-9bd2-1d95bcc979cf" ,
"value" : "94ac4b5dc33bd0374952731853642a4eca8bdb9be12b861297d7dd8f0e527c19"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "c70724eb-b1a5-431c-92cb-63d501c114ed" ,
"value" : "http://69.174.99.181/webpanel-calib/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "274428fa-9e17-4088-9180-80d7b0928cdb" ,
"value" : "http://69.174.99.181/webpanel-charles/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "04eef561-3636-43cc-858c-3664aa62f0ba" ,
"value" : "http://69.174.99.181/webpanel-dark/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "528e61dd-f4ed-4771-b6d5-1afac360565b" ,
"value" : "http://69.174.99.181/webpanel-ghul/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d4ff3f40-de55-46f1-8c6b-c1ab576707c0" ,
"value" : "http://69.174.99.181/webpanel-greg/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "a885c8ec-1181-4c63-860d-51c900e368ea" ,
"value" : "http://69.174.99.181/webpanel-long/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5f57c44c-f15e-4da3-b506-49a2b55ac7ed" ,
"value" : "http://69.174.99.181/webpanel-mrk/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "6c8187a6-aebf-4c7a-9dbb-5544994f6df9" ,
"value" : "http://69.174.99.181/webpanel-muti/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "9edae6cf-b14a-4342-b86c-0514f9801aa7" ,
"value" : "http://69.174.99.181/webpanel-reza/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "770e7b1a-7aa9-48a5-b59f-9da26a65fdaa" ,
"value" : "http://69.174.99.181/webpanel-roth/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "23c9db84-2c6e-4d2f-b276-b1a045f5611f" ,
"value" : "http://69.174.99.181/webpanel-trade/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "dbd6f45e-3c19-455c-b011-865719bd32ce" ,
"value" : "http://69.174.99.181/webpanel-van/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1687347426" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "92197b09-0f1a-4407-b999-52c680bf03aa" ,
"value" : "http://69.174.99.181/webpanel-zoe/"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "7" ,
"timestamp" : "1687261292" ,
"uuid" : "af3be992-38a1-4658-83ef-815740dddd20" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1687261292" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8a3ad064-de1d-40aa-ab74-6ab83b3ba159" ,
"value" : "https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1687261292" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3aa32c47-1ff2-4665-bcbb-352028f449c6" ,
"value" : "Threat actors' consistency over time represents an indication of effectiveness and experience, resulting in an increasing risk for targeted companies. \r\n\r\nThe Yoroi Malware ZLAB is tracking the threat actor Aggah (TH-157) since 2019, along with PaloAlto UNIT42, HP and Juniper Networks, and the persistency of its malicious operation over time reveals a structured information stealing infrastructure, a worldwide campaign capable of quickly varying its distribution technique. \r\n\r\nWe discovered new data theft and reconnaissance operations targeting multiple victims worldwide, including Ukraine, Lithuania, and Italy. The whole campaign impacted hundreds of victims and lasted for two months. CERT Yoroi was able to track the malware distribution infrastructure which was abusing the Bitbucket code repository infrastructures to evade detection mechanism, URL and domain reputation security check. \r\n\r\nThe following article describes how TH-157 conducted this new wave of attacks along with all the indicators needed by security teams to hunt down active intrusions."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1687261292" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d8c7ec8b-0c83-4a9d-ab32-06ff30b2302d" ,
"value" : "Report"
}
]
} ,
{
"comment" : "Aggah Campaign November 2021 - Malicious PPA macro dropper \t" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1687261368" ,
"uuid" : "1bf76bf3-2ac7-432d-8632-da0a3f879e2e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1687261368" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "703bdee8-6d90-480a-b490-857dcb9989c5" ,
"value" : "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1687261368" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "4905453e-e47f-4f31-95a3-105299e990c1" ,
"value" : "384:IKyo59LwWOIZlIjlaRKPPYglCLMvu61aUr/clFo39D:J59UWOI3mbkLhHmcjo"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1687261642" ,
"uuid" : "9b0fd0fa-4b8f-4b68-8297-6060e5956dad" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1687261642" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "f302b958-9eb6-4211-a7c1-e1b9dbf3b986" ,
"value" : "xxx1.txt"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "fullpath" ,
"timestamp" : "1687261642" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7e9faab8-d2bf-4a10-bb1d-1562ae45228e" ,
"value" : "%PUBLIC%\\xxx1.txt"
}
]
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-12-14 13:47:04 +00:00
}