2023-12-14 14:30:15 +00:00
{
"type" : "bundle" ,
"id" : "bundle--98eb923a-6da8-4c63-87a0-a97a2eef3c98" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-09-06T03:00:05.000Z" ,
"modified" : "2023-09-06T03:00:05.000Z" ,
"name" : "Centre for Cyber security Belgium" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--98eb923a-6da8-4c63-87a0-a97a2eef3c98" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-09-06T03:00:05.000Z" ,
"modified" : "2023-09-06T03:00:05.000Z" ,
"name" : "CustomerLoader: a new malware distributing a wide variety of payloads" ,
"published" : "2023-09-06T03:01:02Z" ,
"object_refs" : [
"indicator--73079733-94cc-4977-9ae8-21170b01f192" ,
"indicator--7729ec3a-f59b-4f10-aa08-610417e76615" ,
"indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655" ,
"indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093" ,
"indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9" ,
"indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1" ,
"indicator--7a183367-2ccd-4487-8f10-c749658a7a84" ,
"indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1" ,
"indicator--a144d890-79c7-48f9-a832-abc885382a89" ,
"indicator--2da87919-117a-4f9e-b8ca-436be650c645" ,
"indicator--fee765d6-e638-43f5-95f5-4e5b4d296752" ,
"indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4" ,
"indicator--ae8c6189-1237-4bfa-8669-e36124152dad" ,
"indicator--7245836c-7dfa-48fc-8330-85a879ee6343" ,
"indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435" ,
"indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d" ,
"indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a" ,
"indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624" ,
"indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5" ,
"indicator--326c6f69-798e-41d5-b88b-6028079609ea" ,
"indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b" ,
"indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06" ,
"indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8" ,
"indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7" ,
"indicator--97479af0-ef0e-481c-bec1-82c36ad93e81" ,
"indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f" ,
"indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497" ,
"indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01" ,
"indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d" ,
"indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a" ,
"indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828" ,
"indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c" ,
"indicator--a73ebe37-62c8-4325-a594-f19988acc65f" ,
"indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c" ,
"indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8" ,
"indicator--73e3f627-cd30-4740-8003-9876133aa266" ,
"indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233" ,
"indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2" ,
"indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f" ,
"indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50" ,
"indicator--49dd8434-0ce8-4635-b256-9a291711fb1d" ,
"indicator--725faf44-1d4e-4605-874a-c11d7c8037d4" ,
"indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51" ,
"indicator--09904864-5c88-4074-aeef-dd3070a2d953" ,
"indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46" ,
"indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27" ,
"indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493" ,
"indicator--9933c87b-63e9-4545-9b63-f344b3928605" ,
"indicator--b6daf1a9-ae53-4046-965c-058ce949d60d" ,
"indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2" ,
"indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0" ,
"indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03" ,
"indicator--268abd35-5515-495d-8671-536c285a1ef8" ,
"indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6" ,
"indicator--f46ff266-6855-4207-bfc6-60290cf58094" ,
"indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8" ,
"indicator--1dbca102-9c8c-49ce-8a11-17640306433d" ,
"observed-data--c8573245-d288-478e-946f-a1062740dab5" ,
"network-traffic--c8573245-d288-478e-946f-a1062740dab5" ,
"ipv4-addr--c8573245-d288-478e-946f-a1062740dab5" ,
"indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97" ,
"indicator--d6b9d4ae-b825-4299-8458-8c32a546922d" ,
"indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a" ,
"indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8" ,
"indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa" ,
"indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819" ,
"indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9" ,
"indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe" ,
"indicator--6c15035d-e156-41d7-aeda-fc89eaa19818" ,
"indicator--690ead91-a1de-4a85-b227-64f58a2f79dd" ,
"indicator--a208990a-f956-4cdb-bc5f-09004f922aac" ,
"indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad" ,
"indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c" ,
"indicator--f544867c-5acf-4970-a96a-7468d570c56b" ,
"indicator--2dfde444-2afe-4ca3-9214-c790837a08c5" ,
"indicator--40be5e44-04aa-41c4-8a97-0e642cb84940" ,
"indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954" ,
"x-misp-object--739097b3-9ba6-442c-872f-528f42278bad" ,
"note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7" ,
2024-08-07 08:13:15 +00:00
"relationship--62b628db-4794-4fa6-abec-63f73a7a97b8" ,
"relationship--e62af11f-e111-420a-82c4-30586e19f2ac" ,
"relationship--ecb2b46f-983b-4ddb-97bc-baa802fd5fb7" ,
"relationship--14043d3a-bfb8-4b2b-92ab-3e64710fc199" ,
"relationship--46cb52d3-f323-4eb6-b96a-a42ee62701f2" ,
"relationship--1bb134b1-74d6-48ba-94ad-f6ef9452fbbe" ,
"relationship--d9e0b152-8e01-49e2-965a-f648a5287f01" ,
"relationship--a2f16c2f-f63a-4da0-8701-1df77a30ad55" ,
"relationship--a870bd76-c541-452d-bf82-9c3b8eab16fb" ,
"relationship--1dd876a5-3375-4b2c-a00f-6ca15bc27741" ,
"relationship--8023444b-7eac-40cb-b7c7-c8473b366f15" ,
"relationship--0c2cb212-86ac-4ed2-a578-f53bebcc3820" ,
"relationship--05058e0a-b2fe-4e0b-80c1-ca718c731b61" ,
"relationship--777de234-5a91-466d-899e-81728d266d0f"
2023-12-14 14:30:15 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"admiralty-scale:source-reliability=\"b\"" ,
"admiralty-scale:information-credibility=\"2\"" ,
"DOTRUNPEX" ,
"Loader" ,
"feedly:source=\"Sekoia.io Blog\"" ,
"malware_classification:malware-category=\"Downloader\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"" ,
"misp-galaxy:malpedia=\"vidar\"" ,
"misp-galaxy:malpedia=\"XLoader\"" ,
"misp-galaxy:malpedia=\"Agent Tesla\"" ,
"misp-galaxy:malpedia=\"AsyncRAT\"" ,
"misp-galaxy:malpedia=\"Ave Maria\"" ,
"misp-galaxy:malpedia=\"DarkCloud Stealer\"" ,
"misp-galaxy:malpedia=\"LgoogLoader\"" ,
"misp-galaxy:malpedia=\"RedLine Stealer\"" ,
"misp-galaxy:malpedia=\"SectopRAT\"" ,
"misp-galaxy:malpedia=\"Stealc\"" ,
"misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"" ,
"misp-galaxy:mitre-malware=\"WarzoneRAT - S0670\"" ,
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"" ,
"misp-galaxy:mitre-tool=\"Remcos - S0332\"" ,
"misp-galaxy:rat=\"AsyncRAT\"" ,
"misp-galaxy:stealer=\"Vidar\"" ,
"misp-galaxy:stealer=\"DarkCloud Stealer\"" ,
"misp-galaxy:tool=\"FormBook\"" ,
"misp-galaxy:tool=\"Agent Tesla\"" ,
"misp-galaxy:malpedia=\"BitRAT\"" ,
"misp-galaxy:mitre-malware=\"WannaCry - S0366\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"" ,
"misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"" ,
"misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"" ,
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"" ,
"misp-galaxy:mitre-attack-pattern=\"Dynamic API Resolution - T1027.007\"" ,
"misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"" ,
"misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"" ,
"tlp:clear"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--73079733-94cc-4977-9ae8-21170b01f192" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:23:31.000Z" ,
"modified" : "2023-07-14T13:23:31.000Z" ,
"description" : "C2 server associated with CustomLoader" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.42.94.169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:23:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7729ec3a-f59b-4f10-aa08-610417e76615" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:23:31.000Z" ,
"modified" : "2023-07-14T13:23:31.000Z" ,
"description" : "C2 server associated with CustomLoader" ,
"pattern" : "[domain-name:value = 'kyliansuperm92139124.sbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:23:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:38.000Z" ,
"modified" : "2023-07-14T14:11:38.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'get-vbs.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:39.000Z" ,
"modified" : "2023-07-14T14:11:39.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'cmd2.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:39.000Z" ,
"modified" : "2023-07-14T14:11:39.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'mymine.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:39.000Z" ,
"modified" : "2023-07-14T14:11:39.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'vbs1.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7a183367-2ccd-4487-8f10-c749658a7a84" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:39.000Z" ,
"modified" : "2023-07-14T14:11:39.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'vbs22.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:11:39.000Z" ,
"modified" : "2023-07-14T14:11:39.000Z" ,
"description" : "Domains receiving requets from ccrypter downloaded by CustomerLoader" ,
"pattern" : "[domain-name:value = 'vbs3.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:11:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "External analysis"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"External analysis\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a144d890-79c7-48f9-a832-abc885382a89" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:04.000Z" ,
"modified" : "2023-07-14T14:13:04.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'macros-pro.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2da87919-117a-4f9e-b8ca-436be650c645" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:05.000Z" ,
"modified" : "2023-07-14T14:13:05.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'plugin4free.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fee765d6-e638-43f5-95f5-4e5b4d296752" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:05.000Z" ,
"modified" : "2023-07-14T14:13:05.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'self-games.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:05.000Z" ,
"modified" : "2023-07-14T14:13:05.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'slackmessenger.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ae8c6189-1237-4bfa-8669-e36124152dad" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:06.000Z" ,
"modified" : "2023-07-14T14:13:06.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'soft-got.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7245836c-7dfa-48fc-8330-85a879ee6343" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:06.000Z" ,
"modified" : "2023-07-14T14:13:06.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'vpnsget.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:06.000Z" ,
"modified" : "2023-07-14T14:13:06.000Z" ,
"description" : "Distribution site (landing page)" ,
"pattern" : "[domain-name:value = 'vstget.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:35.000Z" ,
"modified" : "2023-07-14T14:13:35.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'seif-games.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'self-games.host']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'self-games.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'self-games.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--326c6f69-798e-41d5-b88b-6028079609ea" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'self-games.space']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'soft-got.co']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'soft-got.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'soft-got.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'vst-dw.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--97479af0-ef0e-481c-bec1-82c36ad93e81" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:13:36.000Z" ,
"modified" : "2023-07-14T14:13:36.000Z" ,
"description" : "Redirection to distribution website" ,
"pattern" : "[domain-name:value = 'vstdw.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:13:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:07.000Z" ,
"modified" : "2023-07-14T14:14:07.000Z" ,
"description" : "File hosting domain" ,
"pattern" : "[domain-name:value = 'hardcoverradio.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:07.000Z" ,
"modified" : "2023-07-14T14:14:07.000Z" ,
"description" : "File hosting domain" ,
"pattern" : "[domain-name:value = 'macrospro.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:07.000Z" ,
"modified" : "2023-07-14T14:14:07.000Z" ,
"description" : "File hosting domain" ,
"pattern" : "[domain-name:value = 'plugin4free.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:08.000Z" ,
"modified" : "2023-07-14T14:14:08.000Z" ,
"description" : "File hosting domain" ,
"pattern" : "[domain-name:value = 'slackmessenger.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:08.000Z" ,
"modified" : "2023-07-14T14:14:08.000Z" ,
"description" : "File hosting domain" ,
"pattern" : "[domain-name:value = 'vpnsget.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:48.000Z" ,
"modified" : "2023-07-14T14:14:48.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'adanagram.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'bin-a.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a73ebe37-62c8-4325-a594-f19988acc65f" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'bin-b.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'bin-c.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'bin-d.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--73e3f627-cd30-4740-8003-9876133aa266" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'cmd1.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'cmd2.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'cmd22.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-a.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-b.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--49dd8434-0ce8-4635-b256-9a291711fb1d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-c.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--725faf44-1d4e-4605-874a-c11d7c8037d4" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-d.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-i.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--09904864-5c88-4074-aeef-dd3070a2d953" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-vbs.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'get-y.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'hautegaleria.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'jacksmanual.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9933c87b-63e9-4545-9b63-f344b3928605" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:49.000Z" ,
"modified" : "2023-07-14T14:14:49.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'vbs1.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b6daf1a9-ae53-4046-965c-058ce949d60d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:50.000Z" ,
"modified" : "2023-07-14T14:14:50.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'vbs2.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:50.000Z" ,
"modified" : "2023-07-14T14:14:50.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'vbs22.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:14:50.000Z" ,
"modified" : "2023-07-14T14:14:50.000Z" ,
"description" : "Redirection to file hosting domain" ,
"pattern" : "[domain-name:value = 'vbs3.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:14:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:15:23.000Z" ,
"modified" : "2023-07-14T14:15:23.000Z" ,
"description" : "Miner\u2019s C2 domain" ,
"pattern" : "[domain-name:value = 'minemy.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:15:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--268abd35-5515-495d-8671-536c285a1ef8" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:15:23.000Z" ,
"modified" : "2023-07-14T14:15:23.000Z" ,
"description" : "Miner\u2019s C2 domain" ,
"pattern" : "[domain-name:value = 'mymine.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:15:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:16:02.000Z" ,
"modified" : "2023-07-14T14:16:02.000Z" ,
"description" : "Encrypted file hosting domain" ,
"pattern" : "[domain-name:value = 'crypt1.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:16:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f46ff266-6855-4207-bfc6-60290cf58094" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:16:02.000Z" ,
"modified" : "2023-07-14T14:16:02.000Z" ,
"pattern" : "[domain-name:value = 'gethere.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:16:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:16:02.000Z" ,
"modified" : "2023-07-14T14:16:02.000Z" ,
"description" : "Server hosting macro-pro.]net" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.91.124.25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:16:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1dbca102-9c8c-49ce-8a11-17640306433d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:16:02.000Z" ,
"modified" : "2023-07-14T14:16:02.000Z" ,
"description" : "On port 80 - Redline C2 server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.193.255.48' AND network-traffic:dst_port = '80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:16:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--c8573245-d288-478e-946f-a1062740dab5" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-17T12:44:03.000Z" ,
"modified" : "2023-07-17T12:44:03.000Z" ,
"first_observed" : "2023-07-17T12:44:03Z" ,
"last_observed" : "2023-07-17T12:44:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--c8573245-d288-478e-946f-a1062740dab5" ,
"ipv4-addr--c8573245-d288-478e-946f-a1062740dab5"
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--c8573245-d288-478e-946f-a1062740dab5" ,
"dst_ref" : "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5" ,
"value" : "179.43.170.241"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:12:39.000Z" ,
"modified" : "2023-07-14T13:12:39.000Z" ,
"pattern" : "[url:value = 'http://smartmaster.com.my/48E003A01/48E003A01.7z']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:12:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:15:35.000Z" ,
"modified" : "2023-07-14T13:15:35.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'd40af29bbc4ff1ea1827871711e5bfa3470d59723dd8ea29d2b19f5239e509e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:15:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:20:52.000Z" ,
"modified" : "2023-07-14T13:20:52.000Z" ,
"pattern" : "[file:hashes.SHA256 = '3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:20:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:20:17.000Z" ,
"modified" : "2023-07-14T13:20:17.000Z" ,
"pattern" : "[url:value = 'http://5.42.94.169/customer/735']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:20:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:24:59.000Z" ,
"modified" : "2023-07-14T13:24:59.000Z" ,
"pattern" : "[url:value = 'https://telegra.ph/Full-Version-06-03-2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:29:20.000Z" ,
"modified" : "2023-07-14T13:29:20.000Z" ,
"pattern" : "[url:value = 'https://www.mediafire.com/file/nnamjnckj7h80xz/v2.4_2023.rar/file']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:29:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:30:20.000Z" ,
"modified" : "2023-07-14T13:30:20.000Z" ,
"pattern" : "[url:value = 'https://www.mediafire.com/file/lgoql94feiic0x7/v2.5_2023.rar/file']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:30:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:48:01.000Z" ,
"modified" : "2023-07-14T13:48:01.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6' AND file:name = 'Setup.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:48:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:52:33.000Z" ,
"modified" : "2023-07-14T13:52:33.000Z" ,
"description" : "First-stage C2 server used in an infection starting with compromised Youtube channels. An encrypted payload can be downloaded from this address." ,
"pattern" : "[url:value = 'http://5.42.94.169/customer/770']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:52:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:49:53.000Z" ,
"modified" : "2023-07-14T13:49:53.000Z" ,
"description" : "C2 server communicating with Raccoon Stealer" ,
"pattern" : "[domain-name:resolves_to_refs[*].value = '45.9.74.99']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:49:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a208990a-f956-4cdb-bc5f-09004f922aac" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:50:20.000Z" ,
"modified" : "2023-07-14T13:50:20.000Z" ,
"description" : "C2 server communicating with Raccoon Stealer" ,
"pattern" : "[domain-name:resolves_to_refs[*].value = '5.42.65.69']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:50:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:01:13.000Z" ,
"modified" : "2023-07-14T14:01:13.000Z" ,
"description" : "A webpage impersonating the website of the video conferencing software Slack distributed CustomerLoader as a fake installer. The technique used to spread this fake web site remains unknown at the time of writing, it could be SEO-poisoning, phishing emails or redirections from legitimate forums." ,
"pattern" : "[url:value = 'https://slackmessenger.site/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:01:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:03:43.000Z" ,
"modified" : "2023-07-14T14:03:43.000Z" ,
"description" : "The ZIP file contains the executable SlackSetup.exe, which turns out to be a CustomerLoader sample" ,
"pattern" : "[file:hashes.SHA256 = 'b8f5519f7d66e7940e92f49c9f5f0cac0ae12cc9c9072c5308475bd5d093cdca' AND file:name = 'SlackSetup.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:03:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f544867c-5acf-4970-a96a-7468d570c56b" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T13:57:44.000Z" ,
"modified" : "2023-07-14T13:57:44.000Z" ,
"pattern" : "[url:value = 'https://slackmessenger.pw/slack.zip']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T13:57:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:02:58.000Z" ,
"modified" : "2023-07-14T14:02:58.000Z" ,
"pattern" : "[url:value = 'http://5.42.94.169/customer/798']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:02:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--40be5e44-04aa-41c4-8a97-0e642cb84940" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:07:33.000Z" ,
"modified" : "2023-07-14T14:07:33.000Z" ,
"description" : "C2 domain for Redline Stealer. Communications over port 80." ,
"pattern" : "[domain-name:value = 'missunno.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:07:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T14:08:40.000Z" ,
"modified" : "2023-07-14T14:08:40.000Z" ,
"description" : "C2 domain communicating with a cryptominer" ,
"pattern" : "[url:value = 'http://179.43.170.241/BEBRIK.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-07-14T14:08:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--739097b3-9ba6-442c-872f-528f42278bad" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T12:53:33.000Z" ,
"modified" : "2023-07-14T12:53:33.000Z" ,
"labels" : [
"misp:name=\"annotation\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2023-07-12T00:00:00+00:00" ,
"category" : "Other" ,
"uuid" : "1e5ba5dd-4d09-4d56-8bb8-79d888160c8e"
} ,
{
"type" : "link" ,
"object_relation" : "ref" ,
"value" : "https://blog.sekoia.io/customerloader-a-new-malware-distributing-a-wide-variety-of-payloads/" ,
"category" : "External analysis" ,
"uuid" : "9f328dc4-ec48-434f-9d26-ff17fa542c35"
} ,
{
"type" : "text" ,
"object_relation" : "text" ,
"value" : "Report from Sekoia.io" ,
"category" : "Other" ,
"uuid" : "64add251-c842-49e9-81b7-de2b5514aa0e"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Executive Summary" ,
"category" : "Other" ,
"uuid" : "b1cd70e0-fb01-4158-9b09-dacc1b0d2a50"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "annotation"
} ,
{
"type" : "note" ,
"spec_version" : "2.1" ,
"id" : "note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2023-07-14T12:54:09.000Z" ,
"modified" : "2023-07-14T12:54:09.000Z" ,
"abstract" : "CustomerLoader: a new malware distributing a wide variety of payloads" ,
"content" : "During our daily threat hunting routine, we identified an undocumented .NET loader aimed at downloading, decrypting and executing next-stage payloads. In early June 2023, this new loader was actively distributed by multiple threat actors using malicious phishing emails, YouTube videos, and web pages impersonating legitimate websites. \r\n\r\nWe named this new malware \u201cCustomerLoader\u201d because of the presence of the string \u201ccustomer\u201d in its Command and Control (C2) communications and loading capabilities.\r\n\r\nThe malwrhunterteam and g0njxa researchers also observed campaigns distributing CustomerLoader in early June 2023.\r\n\r\nSekoia.io analysts\u2019 investigation led us to discover that all payloads downloaded by CustomerLoader are dotRunpeX samples that deliver a variety of malware families, including infostealers, Remote Access Trojans (RAT) and commodity ransomware. dotRunpeX is an .NET injector implementing several anti-analysis techniques, first publicly documented by Checkpoint in March 2023.\r\n\r\nWe assess that CustomerLoader is almost certainly associated with a Loader-as-a-Service, which remains unknown at the time of writing. It is possible that CustomerLoader is a new stage added before the execution of the dotRunpeX injector by its developer.\r\n\r\nThis blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware families, and details on three infection chains observed distributing the loader." ,
"object_refs" : [
"report--98eb923a-6da8-4c63-87a0-a97a2eef3c98"
]
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--62b628db-4794-4fa6-abec-63f73a7a97b8" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:15:35.000Z" ,
"modified" : "2023-07-14T13:15:35.000Z" ,
"relationship_type" : "downloaded-from" ,
"source_ref" : "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d" ,
"target_ref" : "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--e62af11f-e111-420a-82c4-30586e19f2ac" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:17:46.000Z" ,
"modified" : "2023-07-14T13:17:46.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a" ,
"target_ref" : "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--ecb2b46f-983b-4ddb-97bc-baa802fd5fb7" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:20:52.000Z" ,
"modified" : "2023-07-14T13:20:52.000Z" ,
"relationship_type" : "redirects-to" ,
"source_ref" : "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a" ,
"target_ref" : "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--14043d3a-bfb8-4b2b-92ab-3e64710fc199" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:19:32.000Z" ,
"modified" : "2023-07-14T13:19:32.000Z" ,
"relationship_type" : "redirects-to" ,
"source_ref" : "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8" ,
"target_ref" : "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--46cb52d3-f323-4eb6-b96a-a42ee62701f2" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:29:20.000Z" ,
"modified" : "2023-07-14T13:29:20.000Z" ,
"relationship_type" : "downloaded-from" ,
"source_ref" : "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819" ,
"target_ref" : "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--1bb134b1-74d6-48ba-94ad-f6ef9452fbbe" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:30:20.000Z" ,
"modified" : "2023-07-14T13:30:20.000Z" ,
"relationship_type" : "downloaded-from" ,
"source_ref" : "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9" ,
"target_ref" : "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--d9e0b152-8e01-49e2-965a-f648a5287f01" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:32:45.000Z" ,
"modified" : "2023-07-14T13:32:45.000Z" ,
"relationship_type" : "delivered-by" ,
"source_ref" : "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe" ,
"target_ref" : "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a2f16c2f-f63a-4da0-8701-1df77a30ad55" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:33:12.000Z" ,
"modified" : "2023-07-14T13:33:12.000Z" ,
"relationship_type" : "delivered-by" ,
"source_ref" : "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe" ,
"target_ref" : "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a870bd76-c541-452d-bf82-9c3b8eab16fb" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:48:00.000Z" ,
"modified" : "2023-07-14T13:48:00.000Z" ,
"relationship_type" : "communicates-with" ,
"source_ref" : "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe" ,
"target_ref" : "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--1dd876a5-3375-4b2c-a00f-6ca15bc27741" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:52:04.000Z" ,
"modified" : "2023-07-14T13:52:04.000Z" ,
"relationship_type" : "communicates-with" ,
"source_ref" : "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818" ,
"target_ref" : "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--8023444b-7eac-40cb-b7c7-c8473b366f15" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:52:33.000Z" ,
"modified" : "2023-07-14T13:52:33.000Z" ,
"relationship_type" : "communicates-with" ,
"source_ref" : "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818" ,
"target_ref" : "indicator--a208990a-f956-4cdb-bc5f-09004f922aac"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--0c2cb212-86ac-4ed2-a578-f53bebcc3820" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T14:01:12.000Z" ,
"modified" : "2023-07-14T14:01:12.000Z" ,
"relationship_type" : "downloads" ,
"source_ref" : "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad" ,
"target_ref" : "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--05058e0a-b2fe-4e0b-80c1-ca718c731b61" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T14:03:43.000Z" ,
"modified" : "2023-07-14T14:03:43.000Z" ,
"relationship_type" : "communicates-with" ,
"source_ref" : "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c" ,
"target_ref" : "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--777de234-5a91-466d-899e-81728d266d0f" ,
2023-12-14 14:30:15 +00:00
"created" : "2023-07-14T13:57:44.000Z" ,
"modified" : "2023-07-14T13:57:44.000Z" ,
"relationship_type" : "executes" ,
"source_ref" : "indicator--f544867c-5acf-4970-a96a-7468d570c56b" ,
"target_ref" : "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
}
]
}