{ "Event": { "analysis": "0", "date": "2021-12-17", "extends_uuid": "", "info": "Serverless InfoStealer delivered in Est European Countries", "publish_timestamp": "1689165963", "published": true, "threat_level_id": "1", "timestamp": "1687347426", "uuid": "b0135754-b115-47c4-811c-e6840fe03f50", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687261546", "to_ids": true, "type": "filename", "uuid": "32089aee-e968-4036-81ba-7624c35ac4d7", "value": "hulalalMCROSOFT.vbs" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687336148", "to_ids": true, "type": "url", "uuid": "630568fd-a16f-4923-b962-8cd4501da921", "value": "http://crypters.coolpage.biz/rumps/Rumppp.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687336148", "to_ids": true, "type": "url", "uuid": "8d6c5ed1-d204-4162-9a77-48d8ecce0bae", "value": "https://bitbucket.org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12" }, { "category": "Network activity", "comment": "hogya - harsh singh", "deleted": false, "disable_correlation": false, "timestamp": "1687336148", "to_ids": true, "type": "url", "uuid": "b8419835-5db0-46da-862c-a33bcdf87ae8", "value": "https://bitbucket.org/hogya/workspace/snippets/" }, { "category": "Network activity", "comment": "choasknight", "deleted": false, "disable_correlation": false, "timestamp": "1687336148", "to_ids": true, "type": "url", "uuid": "32aaa5eb-08ff-4692-905d-3a9299c82689", "value": "https://bitbucket.org/choasknight/workspace/snippets/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687342349", "to_ids": true, "type": "url", "uuid": "d6cdd00c-6cf1-4508-a334-c1675389c4a1", "value": "https://1230948%1230948%1230948%1230948%1230948%1230948@bitly.]com/dsasabshjkahsadnjksalhndjksa" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "9bb9ce3d-4c87-4219-8dd9-c06451060545", "value": "https://bitly.com/dghiaksgdbshagdh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "8756bc58-f42c-4a7f-b871-4b0f43ca2f7d", "value": "https://bitly.com/etwuiqdbshadbsgha" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "e08a796c-8241-41f5-a0f9-f44d041bf61d", "value": "https://bitly.com/etyqwuidgshaja" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "6c67ea83-da1f-428f-b8b1-555c5a592098", "value": "https://bitly.com/etywuiqdbhsnadg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "d12a405a-4d7e-4fb7-8c91-1e548af5c7fd", "value": "https://bitly.com/etywuiqdhbsgjj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "650497e7-700d-4b67-a051-e49e6839a537", "value": "https://bitly.com/etywuiqdhjkasdnbvh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "b03e958f-4e52-4af2-b54f-556a3d4d282c", "value": "https://bitly.com/eyuiasdbnjkasdhkashd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "0798a83f-44c4-4634-a2f7-b6ecd8b2da0e", "value": "https://bitly.com/eyuiqwdbhasgdjsha" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "684fb21a-5b06-4aa4-8bfe-84f2fa5ac53f", "value": "https://bitly.com/eyuiqwdhjkasdbsadgb" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "e572f482-7f0c-4529-9c2f-2e4a22658916", "value": "https://bitly.com/eyuiqwdhksbgjsha" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "6ed047d8-0795-4ec0-bb7a-ebe14c6ff0ec", "value": "https://bitly.com/eyuiqwdhsgaddasvdj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "4737f676-4ff6-4e82-94f0-9102eecec537", "value": "https://bitly.com/eyuiqwhdjkasdghj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "d4d540c5-f33f-484d-b06f-fac919ecb26b", "value": "https://bitly.com/eywuiqdbnamsdgjh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "44d29af2-c1d6-4d07-80c8-946e7ed0c6cb", "value": "https://bitly.com/eywuiqdhjkasdbgmh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "d33e7116-1ba7-49e5-abb5-9acf804a9587", "value": "https://bitly.com/eywuiqdhnjkasbdjsghah" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "da3189cc-0235-484f-8e85-977fb1a61d73", "value": "https://bitly.com/qywuiehasgdshaj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "3404c521-413b-4e73-9fa7-e82ce9376f94", "value": "https://bitly.com/twyiqgshagsja" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "892d430e-0ca6-4ce3-9439-8e8b075f91e6", "value": "https://bitly.com/yeuioqwhdkjasgd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "76ff4fc7-0106-4a1c-a63a-ca3472e06907", "value": "https://bitly.com/yeuiwqhdbasnvgjha" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687343292", "to_ids": true, "type": "url", "uuid": "2c893001-4778-4534-bab8-a6c850f47dfc", "value": "https://bitly.com/yqweikkajsbdjsgadhasdbg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344839", "to_ids": true, "type": "url", "uuid": "01af4767-33bc-4aba-9973-6a353cf5fb23", "value": "https://madarbloghogya.blogspot.com/p/longdickback1.]html" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344839", "to_ids": true, "type": "url", "uuid": "5e5b9a25-2628-47be-8eeb-cdeef3f9d37f", "value": "https://madarbloghogya.blogspot.com/p/rothwellback.]html" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "1b5726d6-3d8f-4b47-b3ef-56235ccdce9f", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/bxkkpz/4118f44550b85bec2ae65d3e55bf77b2101991c8/files/calib111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "dc902153-1115-4531-ba86-757cc9dc5faa", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/dxkkpr/2a7b31d0309cf290a0a4c692077fd013669991b2/files/charles11" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "461e1888-aaa6-4102-908e-180c14af2cb3", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/7XkkMb/3cb71404b16fd36f48bb66d71c61d6055fe8fbd3/files/dark1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "489aa087-aac8-4054-8e17-1abb1ec7a59a", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkMx/5b19e6bac2c7b95e36211bb737603c38bcc64885/files/ghul1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "96a96090-6a9a-423a-9324-996c005570ca", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/Epgg7x/90823c7b15d8d3c9aa74b74766a264f2cdaff147/files/long11" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "0d6f1f05-eceb-4ab8-b8bd-c4749ae2d79a", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqjX/1cf020a5bcfd0f3a613b1356558b4e5c67136435/files/mrk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "358c78da-7fe5-44f6-a565-d4a1cf951e34", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEMa/2c4fbe9f83764ed4c53961886e563861399257d5/files/muti" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "2f004a3e-d63f-4130-bda9-3ebd027256a9", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/A9MM7b/b1f5d79e5438016d91d7a42680532aed1cff8657/files/qw2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "7969287f-795d-4366-a389-05cd0fc2d6b4", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "b0eab0d8-740b-4ff4-965c-859d99c71ddd", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgk/81cf1a8c4f8ec324adf7e8729c8c19d6f3191d34/files/van1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "9db74dc5-3f89-400a-9d04-2d1722bc14bb", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/7Xkkdr/71b71d4e957ac56cd5bc6d1558b81f44210cd884/files/calib-1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "137206b4-41e7-49a8-b8a7-15f04a3f0f51", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLe/b4e47bf432d722a20ecd7b8d532de88c5274468e/files/charles123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "b455dce0-4048-453f-a0ef-9fec55e74505", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgA/236882c179c87120ea611078d65f6af854a3da76/files/dark123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "031ce0aa-1884-4419-92c5-a5f2f299d279", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbx/b985a138bfcc230075309d6393d9a77a013146d2/files/ghul123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "22a021ca-484b-4818-8f97-39c264c0004f", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEdx/fd5b2f66e22535e681f5d9b75f380f15645e8ea5/files/long132" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "38ff91e7-5d34-43b5-92cc-4ba1fe0b09a4", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLk/30b96224276ce0482b9ca6a8e8d51b1a80af06dc/files/mrk123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "87e83393-5003-478e-9085-ade6c2762d09", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgg/947b59abdf17355aa212f65cc26ed3a0a694dd30/files/muti001" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "cbb6d961-abc3-43aa-8e25-f77c15dd710e", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbj/93313de40a32b1c85bf7c5ef52d103808e400c89/files/qwe22" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "85ba72a9-3a60-4979-bfbf-ef263bc4160c", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/LpMMnx/78c83d16ba68da5bd2cdc3a25e26e367c7b10f05/files/roth123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "f85057a4-3d7e-43c7-bf69-a5b7b7f84ae6", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkda/da9c321b635563490e760230601e6da016df6172/files/van123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "8ad343a2-3853-4287-8918-2659eca905cc", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqay/1b716492745a665eea93dd18261a7a3c9f8ac85f/files/reza" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "6ed9fe69-d3d5-4876-95de-5559f3083639", "value": "https://bitbucket.]org/!api/2.0/snippets/hogya/exEE5y/c407ebf390895c289726d38e17ace212689e34f8/files/reza-111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "68059aa3-b7f5-405c-b49e-64535aa3f928", "value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/6XEXAo/6602fb280c0f18337286988b9af658023a7cc994/files/test" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "c2f6630d-41bb-45ba-97f7-745091064e38", "value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/kxqxxA/5864261b6610d863302b06c528fe1a85d4db7072/files/darkhorse" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687344920", "to_ids": true, "type": "url", "uuid": "27a2e274-3a77-4c26-b0fe-f657823ebb8d", "value": "https://bitbucket.]org/!api/2.0/snippets/choasknight/yXEXXn/2b8cdcdeaa63834b21dba9c15a50226a5629a888/files/darkhorsepart2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "3937a026-6732-4b7d-abb2-85d29c590a1d", "value": "014d5412e803d0abe1bdf1f29d02e389603ad5c30e449920f6995748e9310542" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "780ae267-d937-4acd-a291-95777bc324b5", "value": "19451a668953bd2a206283163714425ed75f822b8ac915f1e04b966671a1a23c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "1fac7fd2-1168-4a1f-945c-f0ee32dfb502", "value": "27b7e68d5d728b339dc5d8fbc6a9f4194da0ba1ffc471d58c3cabf2a2ebd426d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "48903724-1866-454b-889b-5ce503d0d571", "value": "29a4107734ec549b59d5babd945ceb6c254375011165d34e70e86553c27581c8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "34a61b72-2558-4259-9cff-ca63f27078ed", "value": "36f26fffbe92ea0a9fbd25908fd12af52f2dad967a1369c77ef97e76c1638ca3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "754e5066-1cf1-4043-9213-ebfe4047372c", "value": "414f56a4bbedb067cfa571d107103f705d742d10e2fe7163c97d6925e62ea853" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "87903ba3-0efc-468f-ac75-52898b7e8f73", "value": "468f28807ef4d3e8cbd812d808b9573fb87ba83a037503c9c14f032ca08deb2e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "14a3d130-019a-44ec-8748-3a413daa0eea", "value": "54f8342dec4a0b60e369292eee00cb6b8676ec48973a3a345a217febb0f3488e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "514c5895-c0be-4be5-afff-966e646e8a15", "value": "5665e106ce98224e6f1d02a49c86e01778ed630ab53b55f5ed50126bd1666c06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "f3727a52-8a65-4981-88f6-e59a19859276", "value": "639f108d6fa7469827be4396f086b95158ee28a7eec6867cedaf2d4007a3784b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "f56444b5-bdf9-4797-b119-d498ca952a2b", "value": "6d492bbc2e972b9720bb9463733ed550236742341952e0d5a31c0f0220beffdd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "125c6d4e-f6d4-418f-906c-52d84f1e7716", "value": "81698424c325e40c1cd537719a228cf99fcacd1b954e717f27c4ba32c5cd83fd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "2a40d59f-db23-4321-9d8c-c42c975bfeb1", "value": "89d2bfac1aa9427857b229ec9f1acae69a865bb33a88f33e7264e82bd4463b35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "bf4b8df7-30ab-47b7-8ab1-7613904b16f1", "value": "8a17d0e4a4f310a8aeb27a2e30cfc463c2d5a2bfa2772b0a5d5700b4c1e1c3bd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "b5d5d93a-efe0-4b92-a598-f0469238c1d8", "value": "8ed21a5bfe917fcba312ed2b630deadba0a4d623f4bccf74dd80149b176d414e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "6fa62a80-10d3-4231-8a91-93821b26d441", "value": "9c3ecaecc2339b973eacaa4da07dae33964c75c7766f36c862c988491d4ecbb0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "7194dc14-19a1-4e15-b6c4-e719d2173fe0", "value": "9f4a60a9f9c8ac29814bf0e94360ca1502973ad2530bb66f8c4e2b75977d7311" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "37e5410d-b856-407f-87f9-8af2b9d5e912", "value": "a3d8bc6d455eaeca2f0fbe462f6348c0f61242dc7bde1c48d27b33f1d8cf1d9d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "2363aa94-f60a-42bf-bea3-a991125de5aa", "value": "a98f6606e576078f0735d504dfd4c4276fd91d918117a29334ff41107c3d269e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "4921aa93-bf1f-482f-8c45-86493772fb90", "value": "acd370830c92939272a8503ef834d5892108133de131407d10c7435e1514208b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "e18c8e9e-a022-4d12-9fc1-a459bdcea74c", "value": "bc1254a16b628102bb13c3501d2c52063f16c7857419455790863beec30f31e2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "d80daa77-cafc-4a98-980e-32d6c4a49510", "value": "c4d3db664407cd7dde28b6490dc2cbaafad0b91740bf51b480b1f4c324834fd1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "a0d545d3-2b52-4c76-a9b2-e8812eb70bfa", "value": "d0d36b28f2d009efd9ebf8006d5a937bdf61e408166d7d811ed01bc4a6cc61ab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "18612900-27a4-4e2c-b1a1-bdfa8550108e", "value": "d3b83d76e76c22b2881a3e5b86afbfd020b631584ed0a40f67d5820a572bc5f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "851bb9d1-2476-401a-a4f3-159d373eae4c", "value": "d4ee5546b462eb2cf6f88ca39fcc208904d02488782ab0285c06e1e35c1a754e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "59291766-0fde-4d8b-bf2e-e6717da8de96", "value": "fe5811c318713cbdf188b2fae370dd8827715fd9e0e5a1ee367823343d0d5a0f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "38714092-3e5e-4cd1-9033-05f1a6bcd33b", "value": "e2a2f3d6aae6a4ca060d5f761591f6edb9db80677bdd7bb9ba71f8c88b0dbf38" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "de80555f-cbfd-410f-86f1-f5079e658295", "value": "bb5bdc809fe22bdc88652c5ca93aba8c90798d55e62d7fc0cbc44740bf6bf1d6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "7201dd76-373a-4ef3-ae32-ed5e2d9954b4", "value": "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347351", "to_ids": true, "type": "sha256", "uuid": "60d47caf-e4a8-40c9-9bd2-1d95bcc979cf", "value": "94ac4b5dc33bd0374952731853642a4eca8bdb9be12b861297d7dd8f0e527c19" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "c70724eb-b1a5-431c-92cb-63d501c114ed", "value": "http://69.174.99.181/webpanel-calib/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "274428fa-9e17-4088-9180-80d7b0928cdb", "value": "http://69.174.99.181/webpanel-charles/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "04eef561-3636-43cc-858c-3664aa62f0ba", "value": "http://69.174.99.181/webpanel-dark/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "528e61dd-f4ed-4771-b6d5-1afac360565b", "value": "http://69.174.99.181/webpanel-ghul/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "d4ff3f40-de55-46f1-8c6b-c1ab576707c0", "value": "http://69.174.99.181/webpanel-greg/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "a885c8ec-1181-4c63-860d-51c900e368ea", "value": "http://69.174.99.181/webpanel-long/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "5f57c44c-f15e-4da3-b506-49a2b55ac7ed", "value": "http://69.174.99.181/webpanel-mrk/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "6c8187a6-aebf-4c7a-9dbb-5544994f6df9", "value": "http://69.174.99.181/webpanel-muti/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "9edae6cf-b14a-4342-b86c-0514f9801aa7", "value": "http://69.174.99.181/webpanel-reza/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "770e7b1a-7aa9-48a5-b59f-9da26a65fdaa", "value": "http://69.174.99.181/webpanel-roth/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "23c9db84-2c6e-4d2f-b276-b1a045f5611f", "value": "http://69.174.99.181/webpanel-trade/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "dbd6f45e-3c19-455c-b011-865719bd32ce", "value": "http://69.174.99.181/webpanel-van/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1687347426", "to_ids": true, "type": "url", "uuid": "92197b09-0f1a-4407-b999-52c680bf03aa", "value": "http://69.174.99.181/webpanel-zoe/" } ], "Object": [ { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "7", "timestamp": "1687261292", "uuid": "af3be992-38a1-4658-83ef-815740dddd20", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1687261292", "to_ids": false, "type": "link", "uuid": "8a3ad064-de1d-40aa-ab74-6ab83b3ba159", "value": "https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1687261292", "to_ids": false, "type": "text", "uuid": "3aa32c47-1ff2-4665-bcbb-352028f449c6", "value": "Threat actors' consistency over time represents an indication of effectiveness and experience, resulting in an increasing risk for targeted companies. \r\n\r\nThe Yoroi Malware ZLAB is tracking the threat actor Aggah (TH-157) since 2019, along with PaloAlto UNIT42, HP and Juniper Networks, and the persistency of its malicious operation over time reveals a structured information stealing infrastructure, a worldwide campaign capable of quickly varying its distribution technique. \r\n\r\nWe discovered new data theft and reconnaissance operations targeting multiple victims worldwide, including Ukraine, Lithuania, and Italy. The whole campaign impacted hundreds of victims and lasted for two months. CERT Yoroi was able to track the malware distribution infrastructure which was abusing the Bitbucket code repository infrastructures to evade detection mechanism, URL and domain reputation security check. \r\n\r\nThe following article describes how TH-157 conducted this new wave of attacks along with all the indicators needed by security teams to hunt down active intrusions." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1687261292", "to_ids": false, "type": "text", "uuid": "d8c7ec8b-0c83-4a9d-ab32-06ff30b2302d", "value": "Report" } ] }, { "comment": "Aggah Campaign November 2021 - Malicious PPA macro dropper \t", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1687261368", "uuid": "1bf76bf3-2ac7-432d-8632-da0a3f879e2e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1687261368", "to_ids": true, "type": "sha256", "uuid": "703bdee8-6d90-480a-b490-857dcb9989c5", "value": "17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1687261368", "to_ids": true, "type": "ssdeep", "uuid": "4905453e-e47f-4f31-95a3-105299e990c1", "value": "384:IKyo59LwWOIZlIjlaRKPPYglCLMvu61aUr/clFo39D:J59UWOI3mbkLhHmcjo" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1687261642", "uuid": "9b0fd0fa-4b8f-4b68-8297-6060e5956dad", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1687261642", "to_ids": true, "type": "filename", "uuid": "f302b958-9eb6-4211-a7c1-e1b9dbf3b986", "value": "xxx1.txt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1687261642", "to_ids": false, "type": "text", "uuid": "7e9faab8-d2bf-4a10-bb1d-1562ae45228e", "value": "%PUBLIC%\\xxx1.txt" } ] } ] } }