{ "type": "URL", "indicator": "https://hedam.shop/simple/Enquiry.7z", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://hedam.shop/simple/Enquiry.7z", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3958123299, "indicator": "https://hedam.shop/simple/Enquiry.7z", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "66d81f146f00d5c462419815", "name": "Emansrepo Stealer: Multi-Vector Attack Chains", "description": "A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data, credit card information, and files, sending them to the attacker's email. The attack chain has evolved, becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described, involving HTML files, AutoIt scripts, and PowerShell commands. The stealer's behavior is divided into three parts, targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods, emphasizing the importance of cybersecurity awareness for organizations.", "modified": "2024-10-04T08:00:18.113000", "created": "2024-09-04T08:49:24.563000", "tags": [ "phishing", "emansrepo", "infostealer", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 108, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 21, "URL": 5, "email": 12, "hostname": 2 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 386994, "modified_text": "606 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66df81905ecd080c020f1c3e", "name": "Weekly OSINT Highlights, 9 September 2024", "description": "", "modified": "2024-10-09T23:04:10.597000", "created": "2024-09-09T23:15:28.810000", "tags": [ "OSINT" ], "references": [ "https://community.riskiq.com/article/563312a4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 378, "hostname": 6, "URL": 19, "FileHash-SHA256": 29, "FileHash-SHA1": 1 }, "indicator_count": 433, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "601 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66de924cb8becf4c669f2d06", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "A multi-Vector attack campaign that steals data from victims via email has been observed by FortiGuard Labs, a security firm, and is currently being investigated by the US National Security Agency (NSA).", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T06:14:36.217000", "tags": [ "infostealer", "security attack", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware", "prysmax", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Prysmax", "display_name": "Prysmax", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "hostname": 2, "domain": 3, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "601 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d96b1e6eaf1ce03ed68a6e", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "", "modified": "2024-10-05T08:02:37.282000", "created": "2024-09-05T08:26:06.772000", "tags": [ "infostealer", "security attack", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21, "URL": 5, "hostname": 2, "domain": 3, "email": 12 }, "indicator_count": 81, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d92f2ce3f5440bcb5f13c3", "name": "Emansrepo Stealer", "description": "P a g e 2.5m (0.9m) - a total of 1.7m - is the full text of a document released by the European Commission on Wednesday, 7 September 2024.", "modified": "2024-10-05T04:04:30.360000", "created": "2024-09-05T04:10:20.720000", "tags": [ "hashes", "sha256", "cyber", "threat", "september", "time", "crypto cyber", "defence", "classification", "confidential" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d7a83c0af321e3f6290262", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "A multi-Vector attack campaign that steals data from victims via email has been observed by FortiGuard Labs, a security firm, and is currently being investigated by the US National Security Agency (NSA).", "modified": "2024-10-04T00:00:06.579000", "created": "2024-09-04T00:22:20.978000", "tags": [ "security attack", "infostealer", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware", "prysmax", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Prysmax", "display_name": "Prysmax", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChrisTan0", "id": "262536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 21, "URL": 5, "domain": 3, "email": 12, "hostname": 2 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "607 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains", "https://community.riskiq.com/article/563312a4" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Emansrepo", "Remcos" ], "industries": [], "unique_indicators": 50 }, "other": { "adversary": [], "malware_families": [ "Prysmax", "Emansrepo", "Remcos" ], "industries": [], "unique_indicators": 492 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hedam.shop", "whois": "http://whois.domaintools.com/hedam.shop", "domain": "hedam.shop", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "66d81f146f00d5c462419815", "name": "Emansrepo Stealer: Multi-Vector Attack Chains", "description": "A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data, credit card information, and files, sending them to the attacker's email. The attack chain has evolved, becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described, involving HTML files, AutoIt scripts, and PowerShell commands. The stealer's behavior is divided into three parts, targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods, emphasizing the importance of cybersecurity awareness for organizations.", "modified": "2024-10-04T08:00:18.113000", "created": "2024-09-04T08:49:24.563000", "tags": [ "phishing", "emansrepo", "infostealer", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1552.001", "name": "Credentials In Files", "display_name": "T1552.001 - Credentials In Files" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 108, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 21, "URL": 5, "email": 12, "hostname": 2 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 386994, "modified_text": "606 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66df81905ecd080c020f1c3e", "name": "Weekly OSINT Highlights, 9 September 2024", "description": "", "modified": "2024-10-09T23:04:10.597000", "created": "2024-09-09T23:15:28.810000", "tags": [ "OSINT" ], "references": [ "https://community.riskiq.com/article/563312a4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 378, "hostname": 6, "URL": 19, "FileHash-SHA256": 29, "FileHash-SHA1": 1 }, "indicator_count": 433, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "601 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66de924cb8becf4c669f2d06", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "A multi-Vector attack campaign that steals data from victims via email has been observed by FortiGuard Labs, a security firm, and is currently being investigated by the US National Security Agency (NSA).", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T06:14:36.217000", "tags": [ "infostealer", "security attack", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware", "prysmax", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Prysmax", "display_name": "Prysmax", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "hostname": 2, "domain": 3, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "601 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d96b1e6eaf1ce03ed68a6e", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "", "modified": "2024-10-05T08:02:37.282000", "created": "2024-09-05T08:26:06.772000", "tags": [ "infostealer", "security attack", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21, "URL": 5, "hostname": 2, "domain": 3, "email": 12 }, "indicator_count": 81, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d92f2ce3f5440bcb5f13c3", "name": "Emansrepo Stealer", "description": "P a g e 2.5m (0.9m) - a total of 1.7m - is the full text of a document released by the European Commission on Wednesday, 7 September 2024.", "modified": "2024-10-05T04:04:30.360000", "created": "2024-09-05T04:10:20.720000", "tags": [ "hashes", "sha256", "cyber", "threat", "september", "time", "crypto cyber", "defence", "classification", "confidential" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 21 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d7a83c0af321e3f6290262", "name": "Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs", "description": "A multi-Vector attack campaign that steals data from victims via email has been observed by FortiGuard Labs, a security firm, and is currently being investigated by the US National Security Agency (NSA).", "modified": "2024-10-04T00:00:06.579000", "created": "2024-09-04T00:22:20.978000", "tags": [ "security attack", "infostealer", "fortiguard labs threat research", "dasmake", "fortinet", "emansrepo", "november", "fortiguard", "fortigate", "fortimail", "forticlient", "fortiedr", "fortiguard cdr", "service", "team", "malware", "prysmax", "remcos" ], "references": [ "https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emansrepo", "display_name": "Emansrepo", "target": null }, { "id": "Prysmax", "display_name": "Prysmax", "target": null }, { "id": "Remcos", "display_name": "Remcos", "target": null } ], "attack_ids": [ { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChrisTan0", "id": "262536", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 21, "URL": 5, "domain": 3, "email": 12, "hostname": 2 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "607 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://hedam.shop/simple/Enquiry.7z", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://hedam.shop/simple/Enquiry.7z", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780458344.0991824 }