1 line
No EOL
6.9 KiB
JSON
1 line
No EOL
6.9 KiB
JSON
{"Event": {"info": "OSINT - AgentTesla Actors Email", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1570782678", "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5da02f32-bf20-431c-9a78-49e3950d210f", "timestamp": "1570778959", "to_ids": false, "value": "https://pastebin.com/w4YXK3Nx", "Tag": [{"colour": "#003860", "exportable": true, "name": "osint:source-type=\"pastie-website\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff3-8c80-40fd-a346-4cdd950d210f", "timestamp": "1570779123", "to_ids": true, "value": "bezbezkadena.operations@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff3-11c8-439b-bdf4-4787950d210f", "timestamp": "1570779123", "to_ids": true, "value": "harminde.dhesi@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff3-72e0-4ef4-a800-4b77950d210f", "timestamp": "1570779123", "to_ids": true, "value": "gouloisrnarcell@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff3-d588-4952-9220-42ab950d210f", "timestamp": "1570779123", "to_ids": true, "value": "joenwa1993@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff3-285c-4860-b921-4cdd950d210f", "timestamp": "1570779123", "to_ids": true, "value": "mey.etabi@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-cd78-4ce2-bac5-4c06950d210f", "timestamp": "1570779124", "to_ids": true, "value": "johnneybrown5@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-77c0-4cd7-bf63-40db950d210f", "timestamp": "1570779124", "to_ids": true, "value": "noahlee1777@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-5da0-4e66-b5c7-448f950d210f", "timestamp": "1570779124", "to_ids": true, "value": "bibauc95@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-19c0-43c8-aaa8-44ef950d210f", "timestamp": "1570779124", "to_ids": true, "value": "officeforwardings@yahoo.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-0b7c-4c8d-968f-4ed7950d210f", "timestamp": "1570779124", "to_ids": true, "value": "jasonroberts3947@tutanota.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-816c-4233-ad2e-453b950d210f", "timestamp": "1570779124", "to_ids": true, "value": "obicaoffice@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-920c-4995-911e-407a950d210f", "timestamp": "1570779124", "to_ids": true, "value": "export.skinternationalinc@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-d534-4dba-b5d3-46f2950d210f", "timestamp": "1570779124", "to_ids": true, "value": "ifeanyit037@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-1efc-4745-84b6-4711950d210f", "timestamp": "1570779124", "to_ids": true, "value": "christinely123@outlook.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-9dcc-4586-9c03-49a8950d210f", "timestamp": "1570779124", "to_ids": true, "value": "aldoepeaz@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-ea20-490e-bd03-49fa950d210f", "timestamp": "1570779124", "to_ids": true, "value": "futureassociate2019@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-c820-40b5-9608-47db950d210f", "timestamp": "1570779124", "to_ids": true, "value": "craiqabz@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-9338-4dd2-a145-4617950d210f", "timestamp": "1570779124", "to_ids": true, "value": "kingdomofficial101@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-1dec-4e1e-b726-433f950d210f", "timestamp": "1570779124", "to_ids": true, "value": "companybackup012@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-c7f4-47f3-93e3-483d950d210f", "timestamp": "1570779124", "to_ids": true, "value": "flexwealth101@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Email used by actors for Exfiltration.", "category": "Payload delivery", "uuid": "5da02ff4-b834-463a-9b53-4f23950d210f", "timestamp": "1570779124", "to_ids": true, "value": "atefqabl@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}], "extends_uuid": "", "published": false, "date": "2019-10-10", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5da02ef3-855c-4bf3-ba16-4ff9950d210f"}} |