{ "Event": { "analysis": "2", "date": "2023-09-25", "extends_uuid": "", "info": "[Threat Intel] Spear-Phishing Stealer Targeting Malaysian: HSBC E-Mail Analysis", "protected": false, "publish_timestamp": "1780040200", "published": true, "threat_level_id": "2", "timestamp": "1780040200", "uuid": "16cf1b00-dd85-4dec-a1f6-bb7bcf8603e4", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788970", "to_ids": false, "type": "link", "uuid": "17c64ede-070e-4d19-8265-eb16e3293aed", "value": "https://www.x86fatah.com/2023/09/spear-phishing-stealer-targeting.html" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "url", "uuid": "93349de8-bfa9-477d-8ee6-1aefbd8154a0", "value": "https://northuistcottage.com/test.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "url", "uuid": "0dbc8cab-0202-4c8c-af77-ff02f2d4f753", "value": "https://northuistcottage.com/svr.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "url", "uuid": "105a4342-eb72-49b9-bc51-d9733c158179", "value": "https://marccos.com/test.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "url", "uuid": "1d2e9337-bcf4-4ec7-8cc4-3edf0f2f99a6", "value": "https://bometome.com/svr.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "url", "uuid": "6f163ca4-ba56-4902-9ebf-13a728568a4a", "value": "https://aadcdn.msauth.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040196", "to_ids": true, "type": "ip-dst", "uuid": "60179c3d-4374-4f96-993b-4c22251143fe", "value": "13.107.246.38", "Tag": [ { "colour": "#4d7cde", "local": false, "name": "asn:asn=\"8075\"", "relationship_type": "" }, { "colour": "#61ef58", "local": false, "name": "asn:as-owner=\"MICROSOFT-CORP-MSN-AS-BLOCK\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "hostname", "uuid": "b59e8b47-bfde-40b0-8b04-428141fc9a18", "value": "mout.kundenserver.de" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040198", "to_ids": true, "type": "ip-dst", "uuid": "b0b23560-f7e3-4aa8-a217-36cddb15256f", "value": "212.227.126.187", "Tag": [ { "colour": "#f3fcab", "local": false, "name": "asn:asn=\"8560\"", "relationship_type": "" }, { "colour": "#97689f", "local": false, "name": "asn:as-owner=\"IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE.\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "hostname", "uuid": "2838622e-90d8-470d-92de-f26a3173735c", "value": "mrelayeu.kundenserver.de" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780040200", "to_ids": true, "type": "ip-dst", "uuid": "459ea9cd-3d6e-402b-ac40-b91670b2aa38", "value": "50.114.60.104", "Tag": [ { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788984", "to_ids": true, "type": "domain", "uuid": "f8ac86d5-bff9-4907-abde-e0ce3ea7ae5a", "value": "kundenserver.de" } ] } }