Reconnecting to live updates…

FormBook campaign

Severity: lowType: campaign

The FormBook campaign involves the distribution of the FormBook malware primarily through spearphishing email attachments. This malware is a known information stealer that targets Windows systems to exfiltrate sensitive data. Although the campaign is currently assessed with low severity and no known exploits in the wild, the use of spearphishing attachments poses a risk of initial compromise. European organizations, especially those with high email exposure and Windows-based environments, could be targeted. Mitigation requires enhanced email filtering, user awareness training focused on spearphishing, and endpoint detection capabilities tailored to identify FormBook behaviors. Countries with significant industrial, financial, and governmental sectors using Windows platforms are more likely to be affected. Given the ease of exploitation via user interaction and the potential for data theft, the suggested severity is medium. Defenders should prioritize detection of spearphishing attempts and implement strict controls on email attachments to reduce risk.

AI Analysis

Technical Summary

FormBook is a commercially available information-stealing malware that has been widely used in various cybercrime campaigns. The campaign referenced here involves the distribution of FormBook primarily through spearphishing email attachments, leveraging social engineering to trick users into opening malicious files. Once executed on a Windows system, FormBook collects a wide range of sensitive information including credentials, keystrokes, screenshots, and system information, which it then exfiltrates to attacker-controlled servers. The campaign is characterized by its use of targeted spearphishing techniques (MITRE ATT&CK patterns T1566.001 and T1193), indicating a focused approach to compromise. Although no specific affected versions or exploits are detailed, the campaign's low severity rating and lack of known exploits in the wild suggest it is currently not widespread or highly sophisticated. However, the persistent nature of FormBook and its capability to evade detection through obfuscation and anti-analysis techniques make it a continuing threat. The campaign's indicators are not provided, which limits immediate detection but highlights the need for behavioral monitoring. The threat level and analysis scores indicate moderate concern, emphasizing the importance of vigilance against spearphishing and malware infection vectors.

Potential Impact

For European organizations, the primary impact of a successful FormBook infection is the compromise of confidentiality through the theft of credentials, personal data, and potentially sensitive corporate information. This can lead to further intrusions, financial fraud, intellectual property theft, and reputational damage. The campaign's reliance on spearphishing means that organizations with large numbers of employees receiving external emails are at risk, especially if security awareness is low. The malware's ability to capture keystrokes and screenshots can expose login credentials to critical systems, including those related to finance, government, and critical infrastructure. While the campaign currently has a low severity rating, the potential for escalation exists if attackers leverage stolen credentials for lateral movement or ransomware deployment. The absence of patches means organizations must rely on detection and prevention controls. The impact on availability and integrity is limited but could increase if attackers use stolen data to disrupt operations or manipulate information.

Mitigation Recommendations

European organizations should implement multi-layered defenses against spearphishing and FormBook infections. Specific measures include: 1) Deploy advanced email filtering solutions that scan attachments for malicious content and block known FormBook signatures or suspicious file types commonly used in spearphishing. 2) Conduct targeted user awareness training emphasizing the risks of opening unsolicited attachments and recognizing spearphishing tactics. 3) Enable endpoint detection and response (EDR) tools capable of identifying FormBook behaviors such as credential dumping, keystroke logging, and unusual network exfiltration patterns. 4) Enforce strict application control policies to prevent execution of unauthorized binaries from email attachments or temporary directories. 5) Implement network segmentation and monitor outbound traffic for anomalies indicative of data exfiltration. 6) Maintain up-to-date threat intelligence feeds to detect emerging FormBook indicators. 7) Use multi-factor authentication (MFA) to reduce the impact of credential theft. 8) Regularly back up critical data and test incident response plans to ensure rapid containment if infection occurs.

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

file: 34.102.136.180
hash: 80
file: 162.241.252.197
hash: 80
file: 3.64.163.50
hash: 80
file: 38.54.177.114
hash: 80
file: 185.107.56.209
hash: 80
file: 34.117.168.233
hash: 80
file: 54.144.38.219
hash: 80
file: 208.91.197.27
hash: 80
file: 207.60.53.40
hash: 80
file: 66.235.200.146
hash: 80
file: 188.114.97.13
hash: 80
url: http://www.doordelivery.life/km37/
url: http://www.busybody.app/km37/
url: http://www.damcostafreda12.cat/km37/
url: http://www.blueridgebedracks.com/km37/
url: http://www.hilltopspice.com/km37/
url: http://www.addonysfitwear.com/km37/
url: http://www.bestridelabs.com/km37/
url: http://www.huashi366.com/km37/
url: http://www.1wihug.top/km37/
url: http://www.66563.se/km37/
url: http://www.96mvipmy.com/km37/
url: http://www.lab1207.com/km37/
url: http://www.80b80.app/km37/
url: http://www.graphicstudio53.com/km37/
url: http://www.xn--etherealsoires-mkb.com/km37/
url: http://www.bestrosetoy.com/km37/
url: http://www.discounthub.xyz/km37/
url: http://www.addmusthaveoppprofit.online/km37/
url: http://www.abovegame.biz/km37/
url: http://www.getv3apparel.com/km37/
url: http://www.designroom.app/km37/
url: http://www.apatriotspeaks.com/km37/
url: http://www.ayq6cn.shop/km37/
url: http://www.androidrehber.com/km37/
url: http://www.iratewonderhandstore.africa/km37/
url: http://www.chateaufinewines.com/km37/
url: http://www.fantiplumbing.com/km37/
url: http://www.furadventure.com/km37/
url: http://www.jogo.africa/km37/
url: http://www.dashfashion.store/km37/
url: http://www.family-doctor-54927.com/km37/
url: http://www.66y143.xyz/km37/
url: http://www.bokenco.com/km37/
url: http://www.lermansalesmarketing.com/km37/
url: http://www.mybunnylawn.com/km37/
url: http://www.innerlovefest.com/km37/
url: http://www.jiayi-x.com/km37/
url: http://www.azart-player.ru/km37/
url: http://www.motorsolutionswithmakro.co.uk/km37/
url: http://www.demonstrate-suppress.net/km37/
url: http://www.jaafil.com/km37/
url: http://www.coinnspoo.com/km37/
url: http://www.micdavevtuportal.africa/km37/
url: http://www.austmactrading.com/km37/
url: http://www.bxsh.cloud/km37/
url: http://www.ourfturehealth.org.uk/km37/
url: http://www.3dgamesource.com/km37/
url: http://www.capturecreativeproductions.com/km37/
url: http://www.vestby.net/km37/
url: http://www.uyruio.xyz/km37/
url: http://www.calandrainmanlaw.com/km37/
url: http://www.horsesnarrowboatsrabbits.com/km37/
url: http://www.moosemunch.boo/km37/
url: http://www.famousleaked.site/km37/
url: http://www.betonyventures.com/km37/
url: http://www.68i81.top/km37/
url: http://www.katskateringllc.com/km37/
url: http://www.wemakebelieve.africa/km37/
url: http://www.hissy.shop/km37/
url: http://www.eatit.click/km37/
url: http://www.awesomeessential.com/km37/
url: http://www.hbcumicbrophone.com/km37/
url: http://www.calliebarrows.online/km37/
url: http://www.brippa.store/km37/
url: http://www.chopsbyzarah.com/km37/
domain: uyruio.xyz
domain: busybody.app
domain: damcostafreda12.cat
domain: blueridgebedracks.com
domain: hilltopspice.com
domain: addonysfitwear.com
domain: bestridelabs.com
domain: huashi366.com
domain: 1wihug.top
domain: 66563.se
domain: 96mvipmy.com
domain: lab1207.com
domain: 80b80.app
domain: graphicstudio53.com
domain: xn--etherealsoires-mkb.com
domain: bestrosetoy.com
domain: discounthub.xyz
domain: addmusthaveoppprofit.online
domain: abovegame.biz
domain: getv3apparel.com
domain: designroom.app
domain: apatriotspeaks.com
domain: ayq6cn.shop
domain: androidrehber.com
domain: iratewonderhandstore.africa
domain: chateaufinewines.com
domain: fantiplumbing.com
domain: furadventure.com
domain: jogo.africa
domain: dashfashion.store
domain: family-doctor-54927.com
domain: 66y143.xyz
domain: bokenco.com
domain: lermansalesmarketing.com
domain: mybunnylawn.com
domain: innerlovefest.com
domain: jiayi-x.com
domain: azart-player.ru
domain: motorsolutionswithmakro.co.uk
domain: demonstrate-suppress.net
domain: jaafil.com
domain: coinnspoo.com
domain: micdavevtuportal.africa
domain: austmactrading.com
domain: bxsh.cloud
domain: ourfturehealth.org.uk
domain: 3dgamesource.com
domain: capturecreativeproductions.com
domain: vestby.net
domain: calandrainmanlaw.com
domain: horsesnarrowboatsrabbits.com
domain: moosemunch.boo
domain: famousleaked.site
domain: betonyventures.com
domain: 68i81.top
domain: katskateringllc.com
domain: wemakebelieve.africa
domain: hissy.shop
domain: eatit.click
domain: awesomeessential.com
domain: hbcumicbrophone.com
domain: calliebarrows.online
domain: brippa.store
domain: chopsbyzarah.com
malware-sample: SV00388388323788.arj|f515d29ebd892a5f8b19e571a75a6d34
file: SV00388388323788.arj
hash: f515d29ebd892a5f8b19e571a75a6d34
hash: c514799ffdc38d48b7e90b8b6a324c354d1fd2a2
hash: 5ba3876088c3578f7d369253d0c27454794282e420a106188fbee7e060a3cea1
size-in-bytes: 703515
file: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85
size-in-bytes: 184832
float: 7.4132217734106
hash: a9e30d6f94ac7d32de3e0d46bea63795
hash: a90acad4b9cd1d762c758721b0913c3e130d0e3c
hash: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85
hash: b68ba759b7f42362afd514aab8c2eeeb57e395a9e24b0faa3e2c1411bf6149f86722731d470390e3dce35e4183c9e283fd6b8c04792c1df46d4b0d0b50e0c2f8
malware-sample: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85|a9e30d6f94ac7d32de3e0d46bea63795
mime-type: data
ssdeep: 3072:NHJRT+khPd3g8gUp3oudAgrDq4AKV9FUzmlYKGEYuCraA1vwLZ:jxVoOTXq45V92vKjYuhgvo
text: { "keys": [ "7f1cf8a24c450f66b4d58bff70a4f51a739c6db4", "e02377d3a2c0370ad8cd43957487b0bfe3b3fd9e", "090f3f94d775d9a351558dca5130a9af3beb4f7b", "fb434171528eaf7d6fb502701a6fe4d9f0f47ecd", "925f0e6df989b15fcf430ee98f2e0fdc12c909c9", "413797622f6a40d9b170cd9a77480ccb5d6b61cc", "61f0ddfbe29c8e01c2672f5f2be3d46480f89655" ], "type": "formbook", "urls": [ { "url": "http://www.doordelivery.life/km37/" }, { "url": "http://www.busybody.app/km37/" }, { "url": "http://www.damcostafreda12.cat/km37/" }, { "url": "http://www.blueridgebedracks.com/km37/" }, { "url": "http://www.hilltopspice.com/km37/" }, { "url": "http://www.addonysfitwear.com/km37/" }, { "url": "http://www.bestridelabs.com/km37/" }, { "url": "http://www.huashi366.com/km37/" }, { "url": "http://www.1wihug.top/km37/" }, { "url": "http://www.66563.se/km37/" }, { "url": "http://www.96mvipmy.com/km37/" }, { "url": "http://www.lab1207.com/km37/" }, { "url": "http://www.80b80.app/km37/" }, { "url": "http://www.graphicstudio53.com/km37/" }, { "url": "http://www.xn--etherealsoires-mkb.com/km37/" }, { "url": "http://www.bestrosetoy.com/km37/" }, { "url": "http://www.discounthub.xyz/km37/" }, { "url": "http://www.addmusthaveoppprofit.online/km37/" }, { "url": "http://www.abovegame.biz/km37/" }, { "url": "http://www.getv3apparel.com/km37/" }, { "url": "http://www.designroom.app/km37/" }, { "url": "http://www.apatriotspeaks.com/km37/" }, { "url": "http://www.ayq6cn.shop/km37/" }, { "url": "http://www.androidrehber.com/km37/" }, { "url": "http://www.iratewonderhandstore.africa/km37/" }, { "url": "http://www.chateaufinewines.com/km37/" }, { "url": "http://www.fantiplumbing.com/km37/" }, { "url": "http://www.furadventure.com/km37/" }, { "url": "http://www.jogo.africa/km37/" }, { "url": "http://www.dashfashion.store/km37/" }, { "url": "http://www.family-doctor-54927.com/km37/" }, { "url": "http://www.66y143.xyz/km37/" }, { "url": "http://www.bokenco.com/km37/" }, { "url": "http://www.lermansalesmarketing.com/km37/" }, { "url": "http://www.mybunnylawn.com/km37/" }, { "url": "http://www.innerlovefest.com/km37/" }, { "url": "http://www.jiayi-x.com/km37/" }, { "url": "http://www.azart-player.ru/km37/" }, { "url": "http://www.motorsolutionswithmakro.co.uk/km37/" }, { "url": "http://www.demonstrate-suppress.net/km37/" }, { "url": "http://www.jaafil.com/km37/" }, { "url": "http://www.coinnspoo.com/km37/" }, { "url": "http://www.micdavevtuportal.africa/km37/" }, { "url": "http://www.austmactrading.com/km37/" }, { "url": "http://www.bxsh.cloud/km37/" }, { "url": "http://www.ourfturehealth.org.uk/km37/" }, { "url": "http://www.3dgamesource.com/km37/" }, { "url": "http://www.capturecreativeproductions.com/km37/" }, { "url": "http://www.vestby.net/km37/" }, { "url": "http://www.uyruio.xyz/km37/" }, { "url": "http://www.calandrainmanlaw.com/km37/" }, { "url": "http://www.horsesnarrowboatsrabbits.com/km37/" }, { "url": "http://www.moosemunch.boo/km37/" }, { "url": "http://www.famousleaked.site/km37/" }, { "url": "http://www.betonyventures.com/km37/" }, { "url": "http://www.68i81.top/km37/" }, { "url": "http://www.katskateringllc.com/km37/" }, { "url": "http://www.wemakebelieve.africa/km37/" }, { "url": "http://www.hissy.shop/km37/" }, { "url": "http://www.eatit.click/km37/" }, { "url": "http://www.awesomeessential.com/km37/" }, { "url": "http://www.hbcumicbrophone.com/km37/" }, { "url": "http://www.calliebarrows.online/km37/" }, { "url": "http://www.brippa.store/km37/" }, { "url": "http://www.chopsbyzarah.com/km37/" } ], "c2_url": "http://www.doordelivery.life/km37/", "domains": [ { "domain": "uyruio.xyz" } ], "version": "4.1", "signature": "FBNG", "real_c2_idxs": [ 126 ], "decoy_domains": [ { "domain": "busybody.app" }, { "domain": "damcostafreda12.cat" }, { "domain": "blueridgebedracks.com" }, { "domain": "hilltopspice.com" }, { "domain": "addonysfitwear.com" }, { "domain": "bestridelabs.com" }, { "domain": "huashi366.com" }, { "domain": "1wihug.top" }, { "domain": "66563.se" }, { "domain": "96mvipmy.com" }, { "domain": "lab1207.com" }, { "domain": "80b80.app" }, { "domain": "graphicstudio53.com" }, { "domain": "xn--etherealsoires-mkb.com" }, { "domain": "bestrosetoy.com" }, { "domain": "discounthub.xyz" }, { "domain": "addmusthaveoppprofit.online" }, { "domain": "abovegame.biz" }, { "domain": "getv3apparel.com" }, { "domain": "designroom.app" }, { "domain": "apatriotspeaks.com" }, { "domain": "ayq6cn.shop" }, { "domain": "androidrehber.com" }, { "domain": "iratewonderhandstore.africa" }, { "domain": "chateaufinewines.com" }, { "domain": "fantiplumbing.com" }, { "domain": "furadventure.com" }, { "domain": "jogo.africa" }, { "domain": "dashfashion.store" }, { "domain": "family-doctor-54927.com" }, { "domain": "66y143.xyz" }, { "domain": "bokenco.com" }, { "domain": "lermansalesmarketing.com" }, { "domain": "mybunnylawn.com" }, { "domain": "innerlovefest.com" }, { "domain": "jiayi-x.com" }, { "domain": "azart-player.ru" }, { "domain": "motorsolutionswithmakro.co.uk" }, { "domain": "demonstrate-suppress.net" }, { "domain": "jaafil.com" }, { "domain": "coinnspoo.com" }, { "domain": "micdavevtuportal.africa" }, { "domain": "austmactrading.com" }, { "domain": "bxsh.cloud" }, { "domain": "ourfturehealth.org.uk" }, { "domain": "3dgamesource.com" }, { "domain": "capturecreativeproductions.com" }, { "domain": "vestby.net" }, { "domain": "uyruio.xyz" }, { "domain": "calandrainmanlaw.com" }, { "domain": "horsesnarrowboatsrabbits.com" }, { "domain": "moosemunch.boo" }, { "domain": "famousleaked.site" }, { "domain": "betonyventures.com" }, { "domain": "68i81.top" }, { "domain": "katskateringllc.com" }, { "domain": "wemakebelieve.africa" }, { "domain": "hissy.shop" }, { "domain": "eatit.click" }, { "domain": "awesomeessential.com" }, { "domain": "hbcumicbrophone.com" }, { "domain": "calliebarrows.online" }, { "domain": "brippa.store" }, { "domain": "chopsbyzarah.com" } ] }
text: JSON

FormBook campaign

Severity: low

Type: campaign

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland

Indicators of Compromise

file: 34.102.136.180
hash: 80
file: 162.241.252.197
hash: 80
file: 3.64.163.50
hash: 80
file: 38.54.177.114
hash: 80
file: 185.107.56.209
hash: 80
file: 34.117.168.233
hash: 80
file: 54.144.38.219
hash: 80
file: 208.91.197.27
hash: 80
file: 207.60.53.40
hash: 80
file: 66.235.200.146
hash: 80
file: 188.114.97.13
hash: 80
url: http://www.doordelivery.life/km37/
url: http://www.busybody.app/km37/
url: http://www.damcostafreda12.cat/km37/
url: http://www.blueridgebedracks.com/km37/
url: http://www.hilltopspice.com/km37/
url: http://www.addonysfitwear.com/km37/
url: http://www.bestridelabs.com/km37/
url: http://www.huashi366.com/km37/
url: http://www.1wihug.top/km37/
url: http://www.66563.se/km37/
url: http://www.96mvipmy.com/km37/
url: http://www.lab1207.com/km37/
url: http://www.80b80.app/km37/
url: http://www.graphicstudio53.com/km37/
url: http://www.xn--etherealsoires-mkb.com/km37/
url: http://www.bestrosetoy.com/km37/
url: http://www.discounthub.xyz/km37/
url: http://www.addmusthaveoppprofit.online/km37/
url: http://www.abovegame.biz/km37/
url: http://www.getv3apparel.com/km37/
url: http://www.designroom.app/km37/
url: http://www.apatriotspeaks.com/km37/
url: http://www.ayq6cn.shop/km37/
url: http://www.androidrehber.com/km37/
url: http://www.iratewonderhandstore.africa/km37/
url: http://www.chateaufinewines.com/km37/
url: http://www.fantiplumbing.com/km37/
url: http://www.furadventure.com/km37/
url: http://www.jogo.africa/km37/
url: http://www.dashfashion.store/km37/
url: http://www.family-doctor-54927.com/km37/
url: http://www.66y143.xyz/km37/
url: http://www.bokenco.com/km37/
url: http://www.lermansalesmarketing.com/km37/
url: http://www.mybunnylawn.com/km37/
url: http://www.innerlovefest.com/km37/
url: http://www.jiayi-x.com/km37/
url: http://www.azart-player.ru/km37/
url: http://www.motorsolutionswithmakro.co.uk/km37/
url: http://www.demonstrate-suppress.net/km37/
url: http://www.jaafil.com/km37/
url: http://www.coinnspoo.com/km37/
url: http://www.micdavevtuportal.africa/km37/
url: http://www.austmactrading.com/km37/
url: http://www.bxsh.cloud/km37/
url: http://www.ourfturehealth.org.uk/km37/
url: http://www.3dgamesource.com/km37/
url: http://www.capturecreativeproductions.com/km37/
url: http://www.vestby.net/km37/
url: http://www.uyruio.xyz/km37/
url: http://www.calandrainmanlaw.com/km37/
url: http://www.horsesnarrowboatsrabbits.com/km37/
url: http://www.moosemunch.boo/km37/
url: http://www.famousleaked.site/km37/
url: http://www.betonyventures.com/km37/
url: http://www.68i81.top/km37/
url: http://www.katskateringllc.com/km37/
url: http://www.wemakebelieve.africa/km37/
url: http://www.hissy.shop/km37/
url: http://www.eatit.click/km37/
url: http://www.awesomeessential.com/km37/
url: http://www.hbcumicbrophone.com/km37/
url: http://www.calliebarrows.online/km37/
url: http://www.brippa.store/km37/
url: http://www.chopsbyzarah.com/km37/
domain: uyruio.xyz
domain: busybody.app
domain: damcostafreda12.cat
domain: blueridgebedracks.com
domain: hilltopspice.com
domain: addonysfitwear.com
domain: bestridelabs.com
domain: huashi366.com
domain: 1wihug.top
domain: 66563.se
domain: 96mvipmy.com
domain: lab1207.com
domain: 80b80.app
domain: graphicstudio53.com
domain: xn--etherealsoires-mkb.com
domain: bestrosetoy.com
domain: discounthub.xyz
domain: addmusthaveoppprofit.online
domain: abovegame.biz
domain: getv3apparel.com
domain: designroom.app
domain: apatriotspeaks.com
domain: ayq6cn.shop
domain: androidrehber.com
domain: iratewonderhandstore.africa
domain: chateaufinewines.com
domain: fantiplumbing.com
domain: furadventure.com
domain: jogo.africa
domain: dashfashion.store
domain: family-doctor-54927.com
domain: 66y143.xyz
domain: bokenco.com
domain: lermansalesmarketing.com
domain: mybunnylawn.com
domain: innerlovefest.com
domain: jiayi-x.com
domain: azart-player.ru
domain: motorsolutionswithmakro.co.uk
domain: demonstrate-suppress.net
domain: jaafil.com
domain: coinnspoo.com
domain: micdavevtuportal.africa
domain: austmactrading.com
domain: bxsh.cloud
domain: ourfturehealth.org.uk
domain: 3dgamesource.com
domain: capturecreativeproductions.com
domain: vestby.net
domain: calandrainmanlaw.com
domain: horsesnarrowboatsrabbits.com
domain: moosemunch.boo
domain: famousleaked.site
domain: betonyventures.com
domain: 68i81.top
domain: katskateringllc.com
domain: wemakebelieve.africa
domain: hissy.shop
domain: eatit.click
domain: awesomeessential.com
domain: hbcumicbrophone.com
domain: calliebarrows.online
domain: brippa.store
domain: chopsbyzarah.com
malware-sample: SV00388388323788.arj|f515d29ebd892a5f8b19e571a75a6d34
file: SV00388388323788.arj
hash: f515d29ebd892a5f8b19e571a75a6d34
hash: c514799ffdc38d48b7e90b8b6a324c354d1fd2a2
hash: 5ba3876088c3578f7d369253d0c27454794282e420a106188fbee7e060a3cea1
size-in-bytes: 703515
file: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85
size-in-bytes: 184832
float: 7.4132217734106
hash: a9e30d6f94ac7d32de3e0d46bea63795
hash: a90acad4b9cd1d762c758721b0913c3e130d0e3c
hash: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85
hash: b68ba759b7f42362afd514aab8c2eeeb57e395a9e24b0faa3e2c1411bf6149f86722731d470390e3dce35e4183c9e283fd6b8c04792c1df46d4b0d0b50e0c2f8
malware-sample: 84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85|a9e30d6f94ac7d32de3e0d46bea63795
mime-type: data
ssdeep: 3072:NHJRT+khPd3g8gUp3oudAgrDq4AKV9FUzmlYKGEYuCraA1vwLZ:jxVoOTXq45V92vKjYuhgvo
text: { "keys": [ "7f1cf8a24c450f66b4d58bff70a4f51a739c6db4", "e02377d3a2c0370ad8cd43957487b0bfe3b3fd9e", "090f3f94d775d9a351558dca5130a9af3beb4f7b", "fb434171528eaf7d6fb502701a6fe4d9f0f47ecd", "925f0e6df989b15fcf430ee98f2e0fdc12c909c9", "413797622f6a40d9b170cd9a77480ccb5d6b61cc", "61f0ddfbe29c8e01c2672f5f2be3d46480f89655" ], "type": "formbook", "urls": [ { "url": "http://www.doordelivery.life/km37/" }, { "url": "http://www.busybody.app/km37/" }, { "url": "http://www.damcostafreda12.cat/km37/" }, { "url": "http://www.blueridgebedracks.com/km37/" }, { "url": "http://www.hilltopspice.com/km37/" }, { "url": "http://www.addonysfitwear.com/km37/" }, { "url": "http://www.bestridelabs.com/km37/" }, { "url": "http://www.huashi366.com/km37/" }, { "url": "http://www.1wihug.top/km37/" }, { "url": "http://www.66563.se/km37/" }, { "url": "http://www.96mvipmy.com/km37/" }, { "url": "http://www.lab1207.com/km37/" }, { "url": "http://www.80b80.app/km37/" }, { "url": "http://www.graphicstudio53.com/km37/" }, { "url": "http://www.xn--etherealsoires-mkb.com/km37/" }, { "url": "http://www.bestrosetoy.com/km37/" }, { "url": "http://www.discounthub.xyz/km37/" }, { "url": "http://www.addmusthaveoppprofit.online/km37/" }, { "url": "http://www.abovegame.biz/km37/" }, { "url": "http://www.getv3apparel.com/km37/" }, { "url": "http://www.designroom.app/km37/" }, { "url": "http://www.apatriotspeaks.com/km37/" }, { "url": "http://www.ayq6cn.shop/km37/" }, { "url": "http://www.androidrehber.com/km37/" }, { "url": "http://www.iratewonderhandstore.africa/km37/" }, { "url": "http://www.chateaufinewines.com/km37/" }, { "url": "http://www.fantiplumbing.com/km37/" }, { "url": "http://www.furadventure.com/km37/" }, { "url": "http://www.jogo.africa/km37/" }, { "url": "http://www.dashfashion.store/km37/" }, { "url": "http://www.family-doctor-54927.com/km37/" }, { "url": "http://www.66y143.xyz/km37/" }, { "url": "http://www.bokenco.com/km37/" }, { "url": "http://www.lermansalesmarketing.com/km37/" }, { "url": "http://www.mybunnylawn.com/km37/" }, { "url": "http://www.innerlovefest.com/km37/" }, { "url": "http://www.jiayi-x.com/km37/" }, { "url": "http://www.azart-player.ru/km37/" }, { "url": "http://www.motorsolutionswithmakro.co.uk/km37/" }, { "url": "http://www.demonstrate-suppress.net/km37/" }, { "url": "http://www.jaafil.com/km37/" }, { "url": "http://www.coinnspoo.com/km37/" }, { "url": "http://www.micdavevtuportal.africa/km37/" }, { "url": "http://www.austmactrading.com/km37/" }, { "url": "http://www.bxsh.cloud/km37/" }, { "url": "http://www.ourfturehealth.org.uk/km37/" }, { "url": "http://www.3dgamesource.com/km37/" }, { "url": "http://www.capturecreativeproductions.com/km37/" }, { "url": "http://www.vestby.net/km37/" }, { "url": "http://www.uyruio.xyz/km37/" }, { "url": "http://www.calandrainmanlaw.com/km37/" }, { "url": "http://www.horsesnarrowboatsrabbits.com/km37/" }, { "url": "http://www.moosemunch.boo/km37/" }, { "url": "http://www.famousleaked.site/km37/" }, { "url": "http://www.betonyventures.com/km37/" }, { "url": "http://www.68i81.top/km37/" }, { "url": "http://www.katskateringllc.com/km37/" }, { "url": "http://www.wemakebelieve.africa/km37/" }, { "url": "http://www.hissy.shop/km37/" }, { "url": "http://www.eatit.click/km37/" }, { "url": "http://www.awesomeessential.com/km37/" }, { "url": "http://www.hbcumicbrophone.com/km37/" }, { "url": "http://www.calliebarrows.online/km37/" }, { "url": "http://www.brippa.store/km37/" }, { "url": "http://www.chopsbyzarah.com/km37/" } ], "c2_url": "http://www.doordelivery.life/km37/", "domains": [ { "domain": "uyruio.xyz" } ], "version": "4.1", "signature": "FBNG", "real_c2_idxs": [ 126 ], "decoy_domains": [ { "domain": "busybody.app" }, { "domain": "damcostafreda12.cat" }, { "domain": "blueridgebedracks.com" }, { "domain": "hilltopspice.com" }, { "domain": "addonysfitwear.com" }, { "domain": "bestridelabs.com" }, { "domain": "huashi366.com" }, { "domain": "1wihug.top" }, { "domain": "66563.se" }, { "domain": "96mvipmy.com" }, { "domain": "lab1207.com" }, { "domain": "80b80.app" }, { "domain": "graphicstudio53.com" }, { "domain": "xn--etherealsoires-mkb.com" }, { "domain": "bestrosetoy.com" }, { "domain": "discounthub.xyz" }, { "domain": "addmusthaveoppprofit.online" }, { "domain": "abovegame.biz" }, { "domain": "getv3apparel.com" }, { "domain": "designroom.app" }, { "domain": "apatriotspeaks.com" }, { "domain": "ayq6cn.shop" }, { "domain": "androidrehber.com" }, { "domain": "iratewonderhandstore.africa" }, { "domain": "chateaufinewines.com" }, { "domain": "fantiplumbing.com" }, { "domain": "furadventure.com" }, { "domain": "jogo.africa" }, { "domain": "dashfashion.store" }, { "domain": "family-doctor-54927.com" }, { "domain": "66y143.xyz" }, { "domain": "bokenco.com" }, { "domain": "lermansalesmarketing.com" }, { "domain": "mybunnylawn.com" }, { "domain": "innerlovefest.com" }, { "domain": "jiayi-x.com" }, { "domain": "azart-player.ru" }, { "domain": "motorsolutionswithmakro.co.uk" }, { "domain": "demonstrate-suppress.net" }, { "domain": "jaafil.com" }, { "domain": "coinnspoo.com" }, { "domain": "micdavevtuportal.africa" }, { "domain": "austmactrading.com" }, { "domain": "bxsh.cloud" }, { "domain": "ourfturehealth.org.uk" }, { "domain": "3dgamesource.com" }, { "domain": "capturecreativeproductions.com" }, { "domain": "vestby.net" }, { "domain": "uyruio.xyz" }, { "domain": "calandrainmanlaw.com" }, { "domain": "horsesnarrowboatsrabbits.com" }, { "domain": "moosemunch.boo" }, { "domain": "famousleaked.site" }, { "domain": "betonyventures.com" }, { "domain": "68i81.top" }, { "domain": "katskateringllc.com" }, { "domain": "wemakebelieve.africa" }, { "domain": "hissy.shop" }, { "domain": "eatit.click" }, { "domain": "awesomeessential.com" }, { "domain": "hbcumicbrophone.com" }, { "domain": "calliebarrows.online" }, { "domain": "brippa.store" }, { "domain": "chopsbyzarah.com" } ] }
text: JSON

Source: CIRCL

Published: Fri Jun 16 2023

FormBook campaign

Low

Campaigntype:osint osint:lifetime="perpetual"osint:certainty="50"tlp:white tlp:clear misp-galaxy:tool="formbook"misp-galaxy:mitre-attack-pattern="spearphishing attachment - t1566.001"misp-galaxy:mitre-attack-pattern="spearphishing attachment - t1193"

Published: Fri Jun 16 2023 (06/16/2023, 00:00:00 UTC)

Source: CIRCL

Vendor/Project: type

Product: osint

Description

AI-Powered Analysis

AILast updated: 12/24/2025, 06:12:22 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 3
Analysis: 2
Uuid: f45fe125-7f3f-4335-bf74-5ab61eb5b645
Original Timestamp: 1686914589

Indicators of Compromise

File

Value	Description	Copy
file34.102.136.180	On port 80
file162.241.252.197	On port 80
file3.64.163.50	On port 80
file38.54.177.114	On port 80
file185.107.56.209	On port 80
file34.117.168.233	On port 80
file54.144.38.219	On port 80
file208.91.197.27	On port 80
file207.60.53.40	On port 80
file66.235.200.146	On port 80
file188.114.97.13	On port 80
fileSV00388388323788.arj	—
file84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85	—

Hash

Value	Description	Copy
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hash80	On port 80
hashf515d29ebd892a5f8b19e571a75a6d34	—
hashc514799ffdc38d48b7e90b8b6a324c354d1fd2a2	—
hash5ba3876088c3578f7d369253d0c27454794282e420a106188fbee7e060a3cea1	—
hasha9e30d6f94ac7d32de3e0d46bea63795	—
hasha90acad4b9cd1d762c758721b0913c3e130d0e3c	—
hash84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85	—
hashb68ba759b7f42362afd514aab8c2eeeb57e395a9e24b0faa3e2c1411bf6149f86722731d470390e3dce35e4183c9e283fd6b8c04792c1df46d4b0d0b50e0c2f8	—

Url

Value	Description	Copy
urlhttp://www.doordelivery.life/km37/	—
urlhttp://www.busybody.app/km37/	—
urlhttp://www.damcostafreda12.cat/km37/	—
urlhttp://www.blueridgebedracks.com/km37/	—
urlhttp://www.hilltopspice.com/km37/	—
urlhttp://www.addonysfitwear.com/km37/	—
urlhttp://www.bestridelabs.com/km37/	—
urlhttp://www.huashi366.com/km37/	—
urlhttp://www.1wihug.top/km37/	—
urlhttp://www.66563.se/km37/	—
urlhttp://www.96mvipmy.com/km37/	—
urlhttp://www.lab1207.com/km37/	—
urlhttp://www.80b80.app/km37/	—
urlhttp://www.graphicstudio53.com/km37/	—
urlhttp://www.xn--etherealsoires-mkb.com/km37/	—
urlhttp://www.bestrosetoy.com/km37/	—
urlhttp://www.discounthub.xyz/km37/	—
urlhttp://www.addmusthaveoppprofit.online/km37/	—
urlhttp://www.abovegame.biz/km37/	—
urlhttp://www.getv3apparel.com/km37/	—
urlhttp://www.designroom.app/km37/	—
urlhttp://www.apatriotspeaks.com/km37/	—
urlhttp://www.ayq6cn.shop/km37/	—
urlhttp://www.androidrehber.com/km37/	—
urlhttp://www.iratewonderhandstore.africa/km37/	—
urlhttp://www.chateaufinewines.com/km37/	—
urlhttp://www.fantiplumbing.com/km37/	—
urlhttp://www.furadventure.com/km37/	—
urlhttp://www.jogo.africa/km37/	—
urlhttp://www.dashfashion.store/km37/	—
urlhttp://www.family-doctor-54927.com/km37/	—
urlhttp://www.66y143.xyz/km37/	—
urlhttp://www.bokenco.com/km37/	—
urlhttp://www.lermansalesmarketing.com/km37/	—
urlhttp://www.mybunnylawn.com/km37/	—
urlhttp://www.innerlovefest.com/km37/	—
urlhttp://www.jiayi-x.com/km37/	—
urlhttp://www.azart-player.ru/km37/	—
urlhttp://www.motorsolutionswithmakro.co.uk/km37/	—
urlhttp://www.demonstrate-suppress.net/km37/	—
urlhttp://www.jaafil.com/km37/	—
urlhttp://www.coinnspoo.com/km37/	—
urlhttp://www.micdavevtuportal.africa/km37/	—
urlhttp://www.austmactrading.com/km37/	—
urlhttp://www.bxsh.cloud/km37/	—
urlhttp://www.ourfturehealth.org.uk/km37/	—
urlhttp://www.3dgamesource.com/km37/	—
urlhttp://www.capturecreativeproductions.com/km37/	—
urlhttp://www.vestby.net/km37/	—
urlhttp://www.uyruio.xyz/km37/	—
urlhttp://www.calandrainmanlaw.com/km37/	—
urlhttp://www.horsesnarrowboatsrabbits.com/km37/	—
urlhttp://www.moosemunch.boo/km37/	—
urlhttp://www.famousleaked.site/km37/	—
urlhttp://www.betonyventures.com/km37/	—
urlhttp://www.68i81.top/km37/	—
urlhttp://www.katskateringllc.com/km37/	—
urlhttp://www.wemakebelieve.africa/km37/	—
urlhttp://www.hissy.shop/km37/	—
urlhttp://www.eatit.click/km37/	—
urlhttp://www.awesomeessential.com/km37/	—
urlhttp://www.hbcumicbrophone.com/km37/	—
urlhttp://www.calliebarrows.online/km37/	—
urlhttp://www.brippa.store/km37/	—
urlhttp://www.chopsbyzarah.com/km37/	—

Domain

Value	Description	Copy
domainuyruio.xyz	—
domainbusybody.app	—
domaindamcostafreda12.cat	—
domainblueridgebedracks.com	—
domainhilltopspice.com	—
domainaddonysfitwear.com	—
domainbestridelabs.com	—
domainhuashi366.com	—
domain1wihug.top	—
domain66563.se	—
domain96mvipmy.com	—
domainlab1207.com	—
domain80b80.app	—
domaingraphicstudio53.com	—
domainxn--etherealsoires-mkb.com	—
domainbestrosetoy.com	—
domaindiscounthub.xyz	—
domainaddmusthaveoppprofit.online	—
domainabovegame.biz	—
domaingetv3apparel.com	—
domaindesignroom.app	—
domainapatriotspeaks.com	—
domainayq6cn.shop	—
domainandroidrehber.com	—
domainiratewonderhandstore.africa	—
domainchateaufinewines.com	—
domainfantiplumbing.com	—
domainfuradventure.com	—
domainjogo.africa	—
domaindashfashion.store	—
domainfamily-doctor-54927.com	—
domain66y143.xyz	—
domainbokenco.com	—
domainlermansalesmarketing.com	—
domainmybunnylawn.com	—
domaininnerlovefest.com	—
domainjiayi-x.com	—
domainazart-player.ru	—
domainmotorsolutionswithmakro.co.uk	—
domaindemonstrate-suppress.net	—
domainjaafil.com	—
domaincoinnspoo.com	—
domainmicdavevtuportal.africa	—
domainaustmactrading.com	—
domainbxsh.cloud	—
domainourfturehealth.org.uk	—
domain3dgamesource.com	—
domaincapturecreativeproductions.com	—
domainvestby.net	—
domaincalandrainmanlaw.com	—
domainhorsesnarrowboatsrabbits.com	—
domainmoosemunch.boo	—
domainfamousleaked.site	—
domainbetonyventures.com	—
domain68i81.top	—
domainkatskateringllc.com	—
domainwemakebelieve.africa	—
domainhissy.shop	—
domaineatit.click	—
domainawesomeessential.com	—
domainhbcumicbrophone.com	—
domaincalliebarrows.online	—
domainbrippa.store	—
domainchopsbyzarah.com	—

Malware sample

Value	Description	Copy
malware-sampleSV00388388323788.arj\|f515d29ebd892a5f8b19e571a75a6d34	—
malware-sample84470338a1b460b107ab8b8642c04bf12fe930e224b79dcb0dad5ac713fc7b85\|a9e30d6f94ac7d32de3e0d46bea63795	—

Size in-bytes

Value	Description	Copy
size-in-bytes703515	—
size-in-bytes184832	—

Float

Value	Description	Copy
float7.4132217734106	—

Mime type

Value	Description	Copy
mime-typedata	—

Ssdeep

Value	Description	Copy
ssdeep3072:NHJRT+khPd3g8gUp3oudAgrDq4AKV9FUzmlYKGEYuCraA1vwLZ:jxVoOTXq45V92vKjYuhgvo	—

Text

Value	Description	Copy
text{ "keys": [ "7f1cf8a24c450f66b4d58bff70a4f51a739c6db4", "e02377d3a2c0370ad8cd43957487b0bfe3b3fd9e", "090f3f94d775d9a351558dca5130a9af3beb4f7b", "fb434171528eaf7d6fb502701a6fe4d9f0f47ecd", "925f0e6df989b15fcf430ee98f2e0fdc12c909c9", "413797622f6a40d9b170cd9a77480ccb5d6b61cc", "61f0ddfbe29c8e01c2672f5f2be3d46480f89655" ], "type": "formbook", "urls": [ { "url": "http://www.doordelivery.life/km37/" }, { "url": "http://www.busybody.app/km37/" }, { "url": "http://www.damcostafreda12.cat/km37/" }, { "url": "http://www.blueridgebedracks.com/km37/" }, { "url": "http://www.hilltopspice.com/km37/" }, { "url": "http://www.addonysfitwear.com/km37/" }, { "url": "http://www.bestridelabs.com/km37/" }, { "url": "http://www.huashi366.com/km37/" }, { "url": "http://www.1wihug.top/km37/" }, { "url": "http://www.66563.se/km37/" }, { "url": "http://www.96mvipmy.com/km37/" }, { "url": "http://www.lab1207.com/km37/" }, { "url": "http://www.80b80.app/km37/" }, { "url": "http://www.graphicstudio53.com/km37/" }, { "url": "http://www.xn--etherealsoires-mkb.com/km37/" }, { "url": "http://www.bestrosetoy.com/km37/" }, { "url": "http://www.discounthub.xyz/km37/" }, { "url": "http://www.addmusthaveoppprofit.online/km37/" }, { "url": "http://www.abovegame.biz/km37/" }, { "url": "http://www.getv3apparel.com/km37/" }, { "url": "http://www.designroom.app/km37/" }, { "url": "http://www.apatriotspeaks.com/km37/" }, { "url": "http://www.ayq6cn.shop/km37/" }, { "url": "http://www.androidrehber.com/km37/" }, { "url": "http://www.iratewonderhandstore.africa/km37/" }, { "url": "http://www.chateaufinewines.com/km37/" }, { "url": "http://www.fantiplumbing.com/km37/" }, { "url": "http://www.furadventure.com/km37/" }, { "url": "http://www.jogo.africa/km37/" }, { "url": "http://www.dashfashion.store/km37/" }, { "url": "http://www.family-doctor-54927.com/km37/" }, { "url": "http://www.66y143.xyz/km37/" }, { "url": "http://www.bokenco.com/km37/" }, { "url": "http://www.lermansalesmarketing.com/km37/" }, { "url": "http://www.mybunnylawn.com/km37/" }, { "url": "http://www.innerlovefest.com/km37/" }, { "url": "http://www.jiayi-x.com/km37/" }, { "url": "http://www.azart-player.ru/km37/" }, { "url": "http://www.motorsolutionswithmakro.co.uk/km37/" }, { "url": "http://www.demonstrate-suppress.net/km37/" }, { "url": "http://www.jaafil.com/km37/" }, { "url": "http://www.coinnspoo.com/km37/" }, { "url": "http://www.micdavevtuportal.africa/km37/" }, { "url": "http://www.austmactrading.com/km37/" }, { "url": "http://www.bxsh.cloud/km37/" }, { "url": "http://www.ourfturehealth.org.uk/km37/" }, { "url": "http://www.3dgamesource.com/km37/" }, { "url": "http://www.capturecreativeproductions.com/km37/" }, { "url": "http://www.vestby.net/km37/" }, { "url": "http://www.uyruio.xyz/km37/" }, { "url": "http://www.calandrainmanlaw.com/km37/" }, { "url": "http://www.horsesnarrowboatsrabbits.com/km37/" }, { "url": "http://www.moosemunch.boo/km37/" }, { "url": "http://www.famousleaked.site/km37/" }, { "url": "http://www.betonyventures.com/km37/" }, { "url": "http://www.68i81.top/km37/" }, { "url": "http://www.katskateringllc.com/km37/" }, { "url": "http://www.wemakebelieve.africa/km37/" }, { "url": "http://www.hissy.shop/km37/" }, { "url": "http://www.eatit.click/km37/" }, { "url": "http://www.awesomeessential.com/km37/" }, { "url": "http://www.hbcumicbrophone.com/km37/" }, { "url": "http://www.calliebarrows.online/km37/" }, { "url": "http://www.brippa.store/km37/" }, { "url": "http://www.chopsbyzarah.com/km37/" } ], "c2_url": "http://www.doordelivery.life/km37/", "domains": [ { "domain": "uyruio.xyz" } ], "version": "4.1", "signature": "FBNG", "real_c2_idxs": [ 126 ], "decoy_domains": [ { "domain": "busybody.app" }, { "domain": "damcostafreda12.cat" }, { "domain": "blueridgebedracks.com" }, { "domain": "hilltopspice.com" }, { "domain": "addonysfitwear.com" }, { "domain": "bestridelabs.com" }, { "domain": "huashi366.com" }, { "domain": "1wihug.top" }, { "domain": "66563.se" }, { "domain": "96mvipmy.com" }, { "domain": "lab1207.com" }, { "domain": "80b80.app" }, { "domain": "graphicstudio53.com" }, { "domain": "xn--etherealsoires-mkb.com" }, { "domain": "bestrosetoy.com" }, { "domain": "discounthub.xyz" }, { "domain": "addmusthaveoppprofit.online" }, { "domain": "abovegame.biz" }, { "domain": "getv3apparel.com" }, { "domain": "designroom.app" }, { "domain": "apatriotspeaks.com" }, { "domain": "ayq6cn.shop" }, { "domain": "androidrehber.com" }, { "domain": "iratewonderhandstore.africa" }, { "domain": "chateaufinewines.com" }, { "domain": "fantiplumbing.com" }, { "domain": "furadventure.com" }, { "domain": "jogo.africa" }, { "domain": "dashfashion.store" }, { "domain": "family-doctor-54927.com" }, { "domain": "66y143.xyz" }, { "domain": "bokenco.com" }, { "domain": "lermansalesmarketing.com" }, { "domain": "mybunnylawn.com" }, { "domain": "innerlovefest.com" }, { "domain": "jiayi-x.com" }, { "domain": "azart-player.ru" }, { "domain": "motorsolutionswithmakro.co.uk" }, { "domain": "demonstrate-suppress.net" }, { "domain": "jaafil.com" }, { "domain": "coinnspoo.com" }, { "domain": "micdavevtuportal.africa" }, { "domain": "austmactrading.com" }, { "domain": "bxsh.cloud" }, { "domain": "ourfturehealth.org.uk" }, { "domain": "3dgamesource.com" }, { "domain": "capturecreativeproductions.com" }, { "domain": "vestby.net" }, { "domain": "uyruio.xyz" }, { "domain": "calandrainmanlaw.com" }, { "domain": "horsesnarrowboatsrabbits.com" }, { "domain": "moosemunch.boo" }, { "domain": "famousleaked.site" }, { "domain": "betonyventures.com" }, { "domain": "68i81.top" }, { "domain": "katskateringllc.com" }, { "domain": "wemakebelieve.africa" }, { "domain": "hissy.shop" }, { "domain": "eatit.click" }, { "domain": "awesomeessential.com" }, { "domain": "hbcumicbrophone.com" }, { "domain": "calliebarrows.online" }, { "domain": "brippa.store" }, { "domain": "chopsbyzarah.com" } ] }	—
textJSON	—

Threat ID: 682acdbebbaf20d303f0e505

Added to database: 5/19/2025, 6:20:46 AM

Last enriched: 12/24/2025, 6:12:22 AM

Last updated: 1/19/2026, 9:53:00 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

FormBook campaign

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

FormBook campaign

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Malware sample

Size in-bytes

Float

Mime type

Ssdeep

Text

Community Reviews

Related Threats

KRVTZ IDS alerts for 2026-01-18

ThreatFox IOCs for 2026-01-18

ThreatFox IOCs for 2026-01-17

ThreatFox IOCs for 2026-01-16

ThreatFox IOCs for 2026-01-15

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility