adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/58b87da8-48a4-4d5a-aac4-6a4902de0b81.json

1376 lines
41 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2017-03-02",
"extends_uuid": "",
"info": "OSINT - Covert Channels and Poor Decisions: The Tale of DNSMessenger",
"publish_timestamp": "1488486486",
"published": true,
"threat_level_id": "3",
"timestamp": "1488486293",
"uuid": "58b87da8-48a4-4d5a-aac4-6a4902de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": false,
"type": "link",
"uuid": "58b87db6-8774-454e-ab1a-2dd902de0b81",
"value": "http://blog.talosintelligence.com/2017/03/dnsmessenger.html",
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#075200",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
},
{
"colour": "#00223b",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": false,
"type": "text",
"uuid": "58b87df0-5704-44fe-b7d4-6a4602de0b81",
"value": "The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be accessed by name, rather than requiring users to memorize IP addresses. While many organizations implement strict egress filtering as it pertains to web traffic, firewall rules, etc. many have less stringent controls in place to protect against DNS based threats. Attackers have recognized this and commonly encapsulate different network protocols within DNS to evade security devices.\r\n\r\nTypically this use of DNS is related to the exfiltration of information. Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection.",
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#075200",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
},
{
"colour": "#00223b",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e78-26c4-4fa2-a480-8f4002de0b81",
"value": "algew.me"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e79-0958-4a3f-968e-8f4002de0b81",
"value": "aloqd.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e79-24f4-4105-b0a4-8f4002de0b81",
"value": "bpee.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7a-a9f0-4a9a-9f4d-8f4002de0b81",
"value": "bvyv.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7b-5108-48c3-b27f-8f4002de0b81",
"value": "bwuk.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7c-0ef0-46b1-940c-8f4002de0b81",
"value": "cgqy.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7d-ee4c-4054-81c5-8f4002de0b81",
"value": "cihr.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7d-08c8-4a2d-96cc-8f4002de0b81",
"value": "ckwl.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7e-73f4-4cff-b172-8f4002de0b81",
"value": "cnmah.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e7f-a214-44a6-aae4-8f4002de0b81",
"value": "coec.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e80-3d70-4f37-a57d-8f4002de0b81",
"value": "cuuo.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e81-5be8-46fc-99e2-8f4002de0b81",
"value": "daskd.me"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e81-de60-44f5-85e5-8f4002de0b81",
"value": "dbxa.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e82-c338-48bd-b4a7-8f4002de0b81",
"value": "dlex.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e83-e494-46c4-bf87-8f4002de0b81",
"value": "doof.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e84-2964-4fe4-8d8a-8f4002de0b81",
"value": "dtxf.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e84-7590-45f7-8a16-8f4002de0b81",
"value": "dvso.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e85-23e8-401c-97b1-8f4002de0b81",
"value": "dyiud.com"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e86-4410-4101-b9e8-8f4002de0b81",
"value": "eady.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e87-4ddc-4d91-b1ae-8f4002de0b81",
"value": "enuv.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e88-b9b0-4965-ab9d-8f4002de0b81",
"value": "eter.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e89-1588-449c-b7a8-8f4002de0b81",
"value": "fbjz.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8a-21f0-4663-b163-8f4002de0b81",
"value": "fhyi.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8a-0674-4903-bb8c-8f4002de0b81",
"value": "futh.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8b-b7e0-400d-a030-8f4002de0b81",
"value": "gjcu.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8c-67a4-4b8e-b84c-8f4002de0b81",
"value": "gjuc.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8d-35e8-4980-b3f3-8f4002de0b81",
"value": "gnoa.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8e-9db8-4954-8f57-8f4002de0b81",
"value": "grij.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8f-2cb0-480f-9869-8f4002de0b81",
"value": "gxhp.top"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e8f-861c-43b8-ad24-8f4002de0b81",
"value": "hvzr.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e90-3cdc-417c-b4e5-8f4002de0b81",
"value": "idjb.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e91-a690-4963-a30b-8f4002de0b81",
"value": "ihrs.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e92-25b4-47cd-8982-8f4002de0b81",
"value": "jimw.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e93-86ac-47b7-9dd4-8f4002de0b81",
"value": "jomp.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e93-97fc-464a-9bbf-8f4002de0b81",
"value": "jxhv.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e94-58f8-493e-a144-8f4002de0b81",
"value": "kjke.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e95-f168-48e2-b43b-8f4002de0b81",
"value": "kshv.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e96-5248-4011-a7c8-8f4002de0b81",
"value": "kwoe.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e97-3d70-4e71-92b7-8f4002de0b81",
"value": "ldzp.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e97-aeec-4ffe-83eb-8f4002de0b81",
"value": "lhlv.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e98-68a0-4b0b-b491-8f4002de0b81",
"value": "lnoy.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e99-fba8-4faa-b4d0-8f4002de0b81",
"value": "lvrm.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9a-c284-456c-aa81-8f4002de0b81",
"value": "lvxf.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9b-cfa4-4fe2-b0e8-8f4002de0b81",
"value": "mewt.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9b-877c-4cec-ae71-8f4002de0b81",
"value": "mfka.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9c-38b0-4ca0-8d8f-8f4002de0b81",
"value": "mjet.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9d-74a0-48a5-b2d6-8f4002de0b81",
"value": "mjut.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9e-d600-4f19-a550-8f4002de0b81",
"value": "mvze.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9e-61f0-4771-9821-8f4002de0b81",
"value": "mxfg.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87e9f-cb2c-4a1b-9bbe-8f4002de0b81",
"value": "nroq.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea0-d238-46f9-80bb-8f4002de0b81",
"value": "nwrr.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea1-6560-4f24-b0b8-8f4002de0b81",
"value": "nxpu.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea2-4a08-41dd-9c2c-8f4002de0b81",
"value": "oaax.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea2-0c50-471f-8b4d-8f4002de0b81",
"value": "odwf.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea3-73a4-4c2f-a34b-8f4002de0b81",
"value": "odyr.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea4-e380-4d3d-9277-8f4002de0b81",
"value": "okiq.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea5-a9b0-45f8-8cda-8f4002de0b81",
"value": "oknz.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea5-da44-4ac9-87a0-8f4002de0b81",
"value": "ooep.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea6-a0d8-4a90-958f-8f4002de0b81",
"value": "ooyh.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea7-b008-4bb4-80b4-8f4002de0b81",
"value": "otzd.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea8-0db8-4112-857a-8f4002de0b81",
"value": "oxrp.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea8-9980-4a6c-ace8-8f4002de0b81",
"value": "oyaw.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ea9-225c-4a77-992d-8f4002de0b81",
"value": "pafk.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eaa-9944-4f95-aecf-8f4002de0b81",
"value": "palj.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eab-9d14-48fe-b3f7-8f4002de0b81",
"value": "pbbk.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eab-d524-4fca-a7a7-8f4002de0b81",
"value": "ppdx.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eac-2c28-4ec3-9f3f-8f4002de0b81",
"value": "pvze.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ead-59f4-480d-87ca-8f4002de0b81",
"value": "qefg.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eae-d0fc-4dbe-8a51-8f4002de0b81",
"value": "qlpa.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eaf-3988-4424-a389-8f4002de0b81",
"value": "qznm.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eaf-a818-4b93-b966-8f4002de0b81",
"value": "reld.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb0-0ebc-4bcc-a66e-8f4002de0b81",
"value": "rnkj.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb1-15ec-4357-bc6d-8f4002de0b81",
"value": "rzzc.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb2-c7a8-4cd1-ac01-8f4002de0b81",
"value": "sgvt.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb2-3610-42df-bbdd-8f4002de0b81",
"value": "soru.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb3-c584-4fe6-b141-8f4002de0b81",
"value": "swio.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb4-dfa4-4e06-85c6-8f4002de0b81",
"value": "tijm.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb5-1138-4f3c-8f7f-8f4002de0b81",
"value": "tsrs.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb6-950c-4a97-b42a-8f4002de0b81",
"value": "turp.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb6-4c24-4321-a77b-8f4002de0b81",
"value": "ueox.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb7-38cc-453c-832e-8f4002de0b81",
"value": "ufyb.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb8-b2c0-4214-8c65-8f4002de0b81",
"value": "utca.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb9-6d38-405d-b05d-8f4002de0b81",
"value": "vdfe.site"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eb9-d8a8-4753-89a9-8f4002de0b81",
"value": "vjro.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eba-8b4c-4608-a395-8f4002de0b81",
"value": "vkpo.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebb-7b9c-4e79-a1b5-8f4002de0b81",
"value": "vpua.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebc-5564-48af-9304-8f4002de0b81",
"value": "vqba.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebc-4aec-4a49-a5a0-8f4002de0b81",
"value": "vwcq.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebd-347c-4a05-9d2c-8f4002de0b81",
"value": "vxqt.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebe-ce74-4024-a4eb-8f4002de0b81",
"value": "vxwy.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ebf-f4e8-4a83-9cd8-8f4002de0b81",
"value": "wfsv.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec0-d6b0-42d4-9fbb-8f4002de0b81",
"value": "wqiy.info"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec0-42a4-4aa0-b97d-8f4002de0b81",
"value": "wvzu.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec1-1064-46cf-a8d5-8f4002de0b81",
"value": "xhqd.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec2-5ed0-4a32-bd1e-8f4002de0b81",
"value": "yamd.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec3-f038-4ef5-90b8-8f4002de0b81",
"value": "yedq.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec3-d94c-4d9b-82f7-8f4002de0b81",
"value": "yqox.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec4-382c-4a96-86cd-8f4002de0b81",
"value": "ysxy.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec5-ff3c-4686-ba6e-8f4002de0b81",
"value": "zcnt.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec6-bce8-4e91-a37b-8f4002de0b81",
"value": "zdqp.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec6-71f4-4112-9c60-8f4002de0b81",
"value": "zjav.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec7-61c4-4800-a823-8f4002de0b81",
"value": "zjvz.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec8-aecc-4f47-b6c6-8f4002de0b81",
"value": "zmyo.club"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87ec9-eb9c-4d2b-ae64-8f4002de0b81",
"value": "zody.pw"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eca-1754-4592-aa90-8f4002de0b81",
"value": "zugh.us"
},
{
"category": "Network activity",
"comment": "C2 Domains:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "domain",
"uuid": "58b87eca-23bc-41ce-ba8e-8f4002de0b81",
"value": "cspg.pw"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eea-829c-4521-b0e5-40a602de0b81",
"value": "f9e54609f1f4136da71dbab8f57c2e68e84bcdc32a58cc12ad5f86334ac0eacf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eea-3e70-4b6e-b1db-4cca02de0b81",
"value": "f82baa39ba44d9b356eb5d904917ad36446083f29dced8c5b34454955da89174"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eeb-7138-493f-bb6b-4deb02de0b81",
"value": "340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eec-29c8-4475-aecc-4fd602de0b81",
"value": "7f0a314f15a6f20ca6dced545fbc9ef8c1634f9ff8eb736deab73e46ae131458"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eed-ba54-4625-a560-4c1602de0b81",
"value": "be5f4bfa35fc1b350d38d8ddc8e88d2dd357b84f254318b1f3b07160c3900750"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eee-0408-450a-ab00-40fe02de0b81",
"value": "9b955d9d7f62d405da9cf05425c9b6dd3738ce09160c8a75d396a6de229d9dd7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eee-a180-45b6-bad1-464b02de0b81",
"value": "fd6e7fc11a325c498d73cf683ecbe90ddbf0e1ae1d540b811012bd6980eed882"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486293",
"to_ids": true,
"type": "sha256",
"uuid": "58b87eef-411c-471f-9770-485f02de0b81",
"value": "6bf9d311ed16e059f9538b4c24c836cf421cf5c0c1f756fdfdeb9e1792ada8ba"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486289",
"to_ids": true,
"type": "sha1",
"uuid": "58b87f91-bc74-4999-b3c5-6a4902de0b81",
"value": "d00225d485c597bea712e7c7baa4fba7d7f281e3"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486290",
"to_ids": true,
"type": "md5",
"uuid": "58b87f92-5c4c-45ca-85a5-6a4902de0b81",
"value": "2abad0ae32dd72bac5da0af1e580a2eb"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488486291",
"to_ids": false,
"type": "link",
"uuid": "58b87f93-8fec-42ec-9055-6a4902de0b81",
"value": "https://www.virustotal.com/file/340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981/analysis/1488479981/"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink