{ "Event": { "analysis": "1", "date": "2024-04-18", "extends_uuid": "", "info": "[Threat Intel] The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider", "protected": false, "publish_timestamp": "1780039400", "published": true, "threat_level_id": "3", "timestamp": "1772901935", "uuid": "726d5c64-2003-426b-8899-be88e0b7aa0a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#f86e61", "local": false, "name": "misp-galaxy:target-information=\"Andorra\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": "" }, { "colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#b1b109", "local": false, "name": "misp-galaxy:target-information=\"Guatemala\"", "relationship_type": "" }, { "colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": "" }, { "colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#3c02c3", "local": false, "name": "misp-galaxy:target-information=\"Luxembourg\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bolivia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LabHost\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662462", "to_ids": false, "type": "link", "uuid": "a1dced82-f82a-4753-b688-42a6f0b53d64", "value": "https://www.trendmicro.com/en_us/research/24/d/labhost-takedown.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736662462", "to_ids": false, "type": "text", "uuid": "d877db11-1f2e-4033-abe3-ebdcfcb3a95f", "value": "The report details the takedown of the LabHost phishing-as-a-service (PhaaS) platform by law enforcement agencies. LabHost, active since 2021, offered various phishing tools and templates targeting banks, organizations, and service providers worldwide. With over 2,000 criminal users, it was responsible for deploying over 40,000 fraudulent sites that victimized hundreds of thousands of individuals. The report outlines LabHost's features, subscription tiers, an example attack flow, and the collaborative operation that led to its seizure and arrests of key users." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736662462", "to_ids": false, "type": "text", "uuid": "b0435ec7-dbc3-429d-9414-d25cf43471d7", "value": "Name: The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider\nAuthor: AlienVault\nAdversary: LabHost\nTags: [\"phishing\", \"takedown\", \"law-enforcement\", \"aitm\", \"phaas\"]\nTgtd countries: [\"Canada\", \"United States of America\", \"United Kingdom of Great Britain and Northern Ireland\", \"Andorra\", \"Argentina\", \"Australia\", \"Austria\", \"Bolivia, Plurinational State of\", \"Brazil\", \"Colombia\", \"France\", \"Germany\", \"Guatemala\", \"Hong Kong\", \"Ireland\", \"United Kingdom of Great Britain and Northern Ireland\", \"Italy\", \"Luxembourg\", \"Malaysia\", \"Mexico\", \"Netherlands\", \"Poland\", \"Portugal\", \"Russian Federation\", \"Saudi Arabia\", \"Spain\", \"Sweden\", \"United Arab Emirates\", \"Venezuela, Bolivarian Republic of\"]\nMlwr families: []\nAttack_ids: [\"T1192\", \"T1566\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736662462", "to_ids": false, "type": "threat-actor", "uuid": "ef991ed3-86ca-45dd-8b71-69e2398ed99f", "value": "LabHost" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740235570", "to_ids": true, "type": "domain", "uuid": "308dd827-31f3-40fc-8162-03b432905694", "value": "lab-host.ru", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740235600", "to_ids": true, "type": "domain", "uuid": "fba95824-5e7f-48cd-8906-d5740b8a5386", "value": "labhost.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740235622", "to_ids": true, "type": "domain", "uuid": "d3367026-36b6-4ca6-8a44-7996b8f23698", "value": "labhost.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740235651", "to_ids": true, "type": "domain", "uuid": "181b6983-4d9d-4e83-8131-29af07d4b10e", "value": "labhost.ru", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740235673", "to_ids": true, "type": "domain", "uuid": "2b855e2b-08ea-4491-84d0-bc18a2fa2942", "value": "labhost.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }