{ "Event": { "analysis": "1", "date": "2026-04-13", "extends_uuid": "", "info": "[Threat Intel] 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure", "protected": false, "publish_timestamp": "1776682899", "published": true, "threat_level_id": "3", "timestamp": "1776682899", "uuid": "d367acdf-3f73-423a-8c30-e5b3b7ead01f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#ed66f6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": "" }, { "colour": "#3eb869", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#029dd6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Extensions - T1176\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#bce57a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#62e1b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Session Hijacking - T1185\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#08221e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#1b0068", "local": false, "name": "rectifyq:topic=\"cloud\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776222007", "to_ids": false, "type": "link", "uuid": "d85b0c4b-7bc5-4092-bd98-f32698e87c71", "value": "https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776222007", "to_ids": false, "type": "text", "uuid": "42d021dc-3d7b-4b48-8ecc-ee2ae88be5dc", "value": "A coordinated campaign of 108 malicious Chrome extensions operated through shared command-and-control infrastructure at cloudapi[.]stream has been identified, collectively accounting for approximately 20,000 installations. The campaign spans multiple threat categories: 54 extensions steal Google account identities via OAuth2, one extension actively exfiltrates Telegram Web sessions every 15 seconds, and 45 extensions contain a universal backdoor enabling arbitrary URL execution on browser startup. Published under five distinct publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt), these extensions masquerade as legitimate tools including Telegram sidebar clients, slot games, YouTube and TikTok enhancers, and translation utilities. All extensions route stolen credentials, user identities, and browsing data to servers controlled by the same operator, with infrastructure confirming a Malware-as-a-Service business model." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776222007", "to_ids": false, "type": "text", "uuid": "5315c676-7b0a-4651-83d0-ea9a81794d69", "value": "Name: 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure\nAuthor: AlienVault\nAdversary: \nTags: [\"session hijacking\", \"chrome extensions\", \"google identity theft\", \"browser backdoor\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1113\", \"T1056.001\", \"T1059.007\", \"T1539\", \"T1074.001\", \"T1204.002\", \"T1176\", \"T1005\", \"T1140\", \"T1567\", \"T1219\", \"T1185\", \"T1102\", \"T1528\", \"T1041\", \"T1566\", \"T1027\", \"T1573\", \"T1071.001\", \"T1105\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654812", "to_ids": true, "type": "domain", "uuid": "704649ec-b9bc-4049-b64c-0950884ac816", "value": "profile.name", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654833", "to_ids": true, "type": "domain", "uuid": "16ec25c1-86a2-4238-94bc-be2855fd306b", "value": "message.data", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654854", "to_ids": true, "type": "hostname", "uuid": "24c15c55-ea51-4202-9e9c-8ec8e67d0b8d", "value": "chrome.runtime.id", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654875", "to_ids": true, "type": "domain", "uuid": "7223110d-7a52-485c-b2e9-489558b61b56", "value": "cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654896", "to_ids": true, "type": "hostname", "uuid": "730405a0-00d6-422c-adf1-9edf97ed82c8", "value": "crm.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654917", "to_ids": true, "type": "hostname", "uuid": "6e646415-2947-4a76-9ce3-f277cf37e74e", "value": "multiaccount.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654938", "to_ids": true, "type": "ip-dst", "uuid": "062e2ea4-3500-4f2b-8f53-48f4bba04901", "value": "144.126.135.238", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654960", "to_ids": true, "type": "url", "uuid": "e1cfd26e-3a61-4cac-8099-3a571dbc21a3", "value": "http://api.cloudapi.stream:8443/Register", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654981", "to_ids": true, "type": "url", "uuid": "0d90949d-f2d1-4a1a-a000-8ff3163802a0", "value": "http://api.cloudapi.stream:8443/Translation", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655002", "to_ids": true, "type": "url", "uuid": "1b3f5b7c-2b21-44fa-9fcd-71436d38b095", "value": "http://cloudapi.stream/install/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655023", "to_ids": true, "type": "url", "uuid": "7faf1ecf-93ce-441a-9a74-134507e65f85", "value": "http://cloudapi.stream/uninstall/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655044", "to_ids": true, "type": "url", "uuid": "7e48ba24-ddd7-46ce-8203-94a717f4b068", "value": "http://mines.cloudapi.stream/auth_google", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655065", "to_ids": true, "type": "url", "uuid": "e702beb9-3898-4086-8985-8034c6e90c84", "value": "http://mines.cloudapi.stream/slot_test/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655087", "to_ids": true, "type": "url", "uuid": "498e3d5f-df18-4a6a-b7cd-68ca92ee8366", "value": "http://mines.cloudapi.stream/user_info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655108", "to_ids": true, "type": "url", "uuid": "2dfd62dd-c13e-4d07-998d-e87f3748402e", "value": "http://tg.cloudapi.stream/count_sessions.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655129", "to_ids": true, "type": "url", "uuid": "9765229a-dc86-4de3-91de-b70c84641922", "value": "http://tg.cloudapi.stream/delete_session.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655151", "to_ids": true, "type": "url", "uuid": "c65f8f56-6044-45ec-8312-86f749d49b0a", "value": "http://tg.cloudapi.stream/get_session.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655172", "to_ids": true, "type": "url", "uuid": "dc6b6e2c-b5ff-456a-bd10-89aa99bf8917", "value": "http://tg.cloudapi.stream/get_sessions.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655193", "to_ids": true, "type": "url", "uuid": "348794d3-0360-483c-823e-50a51e1dac7e", "value": "http://tg.cloudapi.stream/save_session.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655214", "to_ids": true, "type": "url", "uuid": "8ac9ba04-2bba-4f96-8481-ed52cadac4f1", "value": "http://tg.cloudapi.stream/save_title.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655235", "to_ids": true, "type": "url", "uuid": "2ce7d624-9e0c-4a01-a74e-80ec0e9e984a", "value": "http://top.rodeo/notify.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655256", "to_ids": true, "type": "url", "uuid": "3fd38120-48c4-4f6b-bb36-7789c694bdff", "value": "http://top.rodeo/server/remote.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655277", "to_ids": true, "type": "url", "uuid": "269e2123-cb89-45d9-b986-2f7b1a4ccd64", "value": "http://top.rodeo/server/remote3.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655298", "to_ids": true, "type": "domain", "uuid": "6cf69ea3-7348-4050-be97-9e4a9a379ad7", "value": "interalt.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655320", "to_ids": true, "type": "domain", "uuid": "12278bdb-820c-4189-be27-4e3bc02251d8", "value": "nashprom.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655341", "to_ids": true, "type": "domain", "uuid": "9d7d7685-eca1-4741-b1a9-57b9f8f0fc3d", "value": "profile.email", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655362", "to_ids": true, "type": "domain", "uuid": "80f80797-53cb-4991-9c63-ad9cea7fceb9", "value": "webuk.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776222008", "to_ids": true, "type": "email-src", "uuid": "6a75ccfc-c895-440a-a3cd-bf4ded678e7d", "value": "support@top.rodeo" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655384", "to_ids": true, "type": "hostname", "uuid": "b28f2348-f8b3-44cd-a3c6-8dfc5fa0b957", "value": "api.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655405", "to_ids": true, "type": "hostname", "uuid": "8b192542-9c35-4d9b-accb-ff415b4b6390", "value": "cdn.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655426", "to_ids": true, "type": "hostname", "uuid": "644418ba-68ed-47b1-b1bf-bc8656a67dd5", "value": "chat.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655448", "to_ids": true, "type": "hostname", "uuid": "2645f66f-69a2-424e-bbe1-2518ae2a0756", "value": "coin-miner.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655469", "to_ids": true, "type": "hostname", "uuid": "3bf30d58-4005-4892-a641-a1bd6658997e", "value": "gamewss.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655490", "to_ids": true, "type": "hostname", "uuid": "e9fd195d-41ec-438e-93e2-06ef2b00653b", "value": "goldminer.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655512", "to_ids": true, "type": "hostname", "uuid": "d23436ec-d910-49e2-8fca-29efec2233f3", "value": "herculessportslegend.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655533", "to_ids": true, "type": "hostname", "uuid": "bae8b4b8-56dc-42d7-adc5-a018bf7cdc38", "value": "metal.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655554", "to_ids": true, "type": "hostname", "uuid": "e4c25cf5-572a-4fc8-ad48-11ed9baeda76", "value": "mines.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655575", "to_ids": true, "type": "hostname", "uuid": "c8f2dcce-6e43-4f26-a594-2a73a9a61484", "value": "tg.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655596", "to_ids": true, "type": "hostname", "uuid": "a1b99792-c213-475b-97b0-aa6a9fdd03a2", "value": "topup.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655617", "to_ids": true, "type": "hostname", "uuid": "f0d66d8d-1842-45e8-b8da-74790e2a6851", "value": "wheel.cloudapi.stream", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655638", "to_ids": true, "type": "domain", "uuid": "f8632afc-af2b-44aa-8759-81f6518fb2e7", "value": "top.rodeo", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655659", "to_ids": true, "type": "url", "uuid": "ed3a9eaf-0fa3-4bb7-ba6f-975e2f0a0a14", "value": "tg.cloudapi.stream/save_session.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655680", "to_ids": true, "type": "url", "uuid": "d23cf421-ad05-43ca-9436-8c46563bca3e", "value": "tg.cloudapi.stream/count_sessions.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655701", "to_ids": true, "type": "url", "uuid": "fc9e2327-4c94-4ea9-95f1-9f1175cc5f6c", "value": "tg.cloudapi.stream/get_sessions.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655722", "to_ids": true, "type": "url", "uuid": "eca1091a-e230-4246-b0e2-367d94de754c", "value": "tg.cloudapi.stream/get_session.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655743", "to_ids": true, "type": "url", "uuid": "61a886e8-24eb-420b-a192-689762ae7917", "value": "tg.cloudapi.stream/delete_session.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655764", "to_ids": true, "type": "url", "uuid": "cd288362-334e-4e8b-94a8-463a0093dbf0", "value": "tg.cloudapi.stream/save_title.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655786", "to_ids": true, "type": "url", "uuid": "3ac104c9-da41-48f5-8042-c677235c3519", "value": "mines.cloudapi.stream/auth_google", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655807", "to_ids": true, "type": "url", "uuid": "c3463a2a-3acc-4345-b0ff-fceba5bd7b26", "value": "mines.cloudapi.stream/user_info", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655828", "to_ids": true, "type": "url", "uuid": "17092126-0197-4ea3-914e-8f2d777e53b4", "value": "mines.cloudapi.stream/slot_test/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655849", "to_ids": true, "type": "url", "uuid": "f57a9dbe-fa4f-40f7-aee0-85d47482246c", "value": "api.cloudapi.stream:8443/Register", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655870", "to_ids": true, "type": "url", "uuid": "2753a9fd-ebe5-4fdf-be5d-5675c814bbab", "value": "api.cloudapi.stream:8443/Translation", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655891", "to_ids": true, "type": "url", "uuid": "1f22fbde-768b-4a38-a24c-77fe37b3b562", "value": "top.rodeo/server/remote.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655912", "to_ids": true, "type": "url", "uuid": "ba45096b-f155-4ab7-a295-44de8c942505", "value": "top.rodeo/server/remote3.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655932", "to_ids": true, "type": "url", "uuid": "05cb6d24-54b6-4973-8b68-d3e46638b4f1", "value": "top.rodeo/notify.php", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655953", "to_ids": true, "type": "url", "uuid": "19a4dbbc-6f5a-42c2-84b1-7eaff1f2ead2", "value": "cloudapi.stream/install/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776655974", "to_ids": true, "type": "url", "uuid": "3da12b7f-f7df-440b-b940-da879878b4e2", "value": "cloudapi.stream/uninstall/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "69aeb11f-08a9-4c59-afa5-60e11d531255", "value": "kiev3381917@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "2ca500fb-92fc-4554-a292-1f11fac04daf", "value": "formatron.service@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "ed998182-c4b7-45f4-b91d-229fe790a20e", "value": "nashprom.info@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "358cc41d-6b04-4829-a64d-968ecdd56dd2", "value": "viktornadiezhdin@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "a84b1640-026d-4103-a5b5-b2f01dd7a539", "value": "slava.nadejdin.kiev@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776650794", "to_ids": true, "type": "email-src", "uuid": "5af3ec12-4569-4dcd-8d69-3e3961f06587", "value": "nadejdinv@gmail.com" } ] } }