{ "Event": { "analysis": "0", "date": "2026-04-10", "extends_uuid": "", "info": "[Threat Intel] Operation GhostCargo", "protected": false, "publish_timestamp": "1776175460", "published": true, "threat_level_id": "3", "timestamp": "1776175460", "uuid": "b7096c88-3e38-4881-852e-758e35bfd750", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Financial Theft - T1657\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#b07a0b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Search Open Websites/Domains - T1593\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776027168", "to_ids": false, "type": "link", "uuid": "af6567f9-1377-4a22-9d61-c40f5315c20d", "value": "https://www.syntx.com.my/blog/operation-ghostcargo" }, { "category": "Network activity", "comment": "Barclays Bank phishing page", "deleted": false, "disable_correlation": false, "timestamp": "1776167721", "to_ids": true, "type": "url", "uuid": "f0d23ee7-d003-495a-bfcc-568e88a955c6", "value": "https://bnk.ing-boa.pro/en/en-bclys/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Courier phishing page", "deleted": false, "disable_correlation": false, "timestamp": "1776167742", "to_ids": true, "type": "url", "uuid": "19c3e9bb-50d7-4871-8b8a-1200a8c951de", "value": "https://jetexpressdeliveries.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167763", "to_ids": true, "type": "domain", "uuid": "b64b4972-a39f-4763-919d-6b935b34489c", "value": "ing-boa.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167784", "to_ids": true, "type": "domain", "uuid": "7441ea04-ab10-48ad-a9fd-895414171f3f", "value": "jetexpressdeliveries.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167805", "to_ids": true, "type": "ip-dst", "uuid": "96c82218-16d2-4ec0-bf7e-7f15cdbabce6", "value": "198.251.89.82", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776167826", "to_ids": true, "type": "ip-dst", "uuid": "c9c5b10b-79f4-4cd1-b027-66964c6a7f58", "value": "46.202.172.167", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Cloned for registration page", "deleted": false, "disable_correlation": false, "timestamp": "1776167847", "to_ids": true, "type": "url", "uuid": "a1b34ce4-f071-4ad1-9193-eabb5ced707c", "value": "www.westpremiumcu.com/secure/signup/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Cloned for login page", "deleted": false, "disable_correlation": false, "timestamp": "1776167868", "to_ids": true, "type": "url", "uuid": "b34ad6f3-c821-42d4-9436-df59187e62ac", "value": "www.westpremiumcu.com/secure/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Linked to the phishing page", "deleted": false, "disable_correlation": false, "timestamp": "1776167889", "to_ids": true, "type": "url", "uuid": "0b8cd943-a7e7-4f09-b96c-4156a25142fb", "value": "https://barcl.ays-uk.com/en/en-barclays/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }