{ "Event": { "analysis": "0", "date": "2024-08-23", "extends_uuid": "", "info": "Fake booking.com service website gathering PII including passport", "publish_timestamp": "1724404149", "published": true, "threat_level_id": "3", "timestamp": "1724404100", "uuid": "489836ca-1176-4799-a698-877dc53b085f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Hospitality\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Identify people of interest - T1269\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1268\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Identify sensitive personnel information - T1274\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "Initial IP used for the setup of the malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1724402790", "to_ids": true, "type": "ip-dst", "uuid": "70b55dc9-5e51-455a-8aa4-e1e308514e9f", "value": "93.157.63.150" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1724402820", "to_ids": true, "type": "domain", "uuid": "6256e4f9-529d-4c62-9e7b-c9352b3727f4", "value": "1fcaa.sbs" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1724402821", "to_ids": true, "type": "domain", "uuid": "320d0f08-228c-46b5-82d3-60299d8fe8bd", "value": "1fcca.pw" } ], "Object": [ { "comment": "Email src trying to get PII documents", "deleted": false, "description": "Email object describing an email with meta-information", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "19", "timestamp": "1724403391", "uuid": "cbda1fcf-aa3d-41b1-a896-6b9602b31b1c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "from", "timestamp": "1724403391", "to_ids": true, "type": "email-src", "uuid": "c0514f41-c0ab-4b4d-94cc-df55f0972b7f", "value": "michael.gutbier@posteo.com" } ] }, { "comment": "Enriched via the url_import module", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1724403803", "uuid": "0c14752c-cb54-45e0-bd0f-55778c8e6354", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1724403803", "to_ids": true, "type": "url", "uuid": "46bdcb92-7e9f-4a32-a582-2fe57a652bb3", "value": "https://booking-0ef4-8213-ae7f-3fec3e22.1facc.pw/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "tld", "timestamp": "1724403803", "to_ids": false, "type": "text", "uuid": "46f21676-63dd-4cd6-abce-a47a329bdc53", "value": "pw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "subdomain", "timestamp": "1724403803", "to_ids": false, "type": "text", "uuid": "e3e2b103-2d60-4abc-bbc0-517c3d291cb2", "value": "booking-0ef4-8213-ae7f-3fec3e22" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "resource_path", "timestamp": "1724403803", "to_ids": false, "type": "text", "uuid": "fdcf3a2f-ea01-4d19-8257-7921e65f0e79", "value": "/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "host", "timestamp": "1724403803", "to_ids": true, "type": "hostname", "uuid": "d58f7986-54b9-4b38-ad46-93f7722c44aa", "value": "booking-0ef4-8213-ae7f-3fec3e22.1facc.pw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain_without_tld", "timestamp": "1724403803", "to_ids": false, "type": "text", "uuid": "f3134ddb-fb41-4aa5-8d5e-040e1c0d0edc", "value": "1facc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1724403803", "to_ids": true, "type": "domain", "uuid": "632380de-b334-42d9-83b0-dd9857b928a8", "value": "1facc.pw" } ] } ] } }