adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c00e9b7-50ac-4aa7-b893-4a63950d210f.json

1338 lines
54 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5c00e9b7-50ac-4aa7-b893-4a63950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T12:10:06.000Z",
"modified": "2018-11-30T12:10:06.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c00e9b7-50ac-4aa7-b893-4a63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T12:10:06.000Z",
"modified": "2018-11-30T12:10:06.000Z",
"name": "OSINT - Hancitor active again yith new macro - IoCs",
"published": "2018-11-30T12:10:28Z",
"object_refs": [
"observed-data--5c00f48f-3d78-42e6-aebb-4eee950d210f",
"url--5c00f48f-3d78-42e6-aebb-4eee950d210f",
"indicator--5c00f572-aefc-49bc-b505-4203950d210f",
"indicator--5c00f573-9208-4fc5-a5d4-45fc950d210f",
"indicator--5c00f573-095c-4d84-800e-4858950d210f",
"indicator--5c00f574-ad44-4525-828e-49d1950d210f",
"indicator--5c00f574-0bdc-43d6-afca-4b77950d210f",
"indicator--5c00f575-a240-4535-a731-4a0b950d210f",
"indicator--5c00f575-d998-42cf-90d3-4cae950d210f",
"indicator--5c00f576-ce8c-4d0a-b51e-4b8b950d210f",
"indicator--5c00f576-6140-43bc-8345-4134950d210f",
"indicator--5c00f577-3104-4a12-b2c4-4d45950d210f",
"indicator--5c00f577-cbb8-4e3e-976b-45ba950d210f",
"indicator--5c00f577-b704-4b31-bfa8-448e950d210f",
"indicator--5c00f578-5840-4e81-ab8d-4284950d210f",
"indicator--5c00f578-165c-41e2-88a8-4cf8950d210f",
"indicator--5c00f579-e980-40d4-848a-492b950d210f",
"indicator--5c00f579-e164-4098-916f-4e9f950d210f",
"indicator--5c00f57a-0110-4dd4-a217-4305950d210f",
"indicator--5c00f57a-b468-4b91-91e2-4441950d210f",
"indicator--5c00f898-a8e8-4fb0-bf2e-4ed3950d210f",
"indicator--5c00f98b-dae8-426f-b451-484e950d210f",
"indicator--5c00f98c-b284-4198-9be7-4781950d210f",
"indicator--5c00f98c-b898-4260-aff4-4f37950d210f",
"indicator--5c00f98d-9cfc-4f4b-9cf5-467c950d210f",
"indicator--5c00f98d-2c9c-45b4-b952-40e5950d210f",
"indicator--5c00f98e-9730-4759-b9fa-4fe7950d210f",
"indicator--5c00f98e-b6ac-4e2c-8dd7-44bd950d210f",
"indicator--5c00f98f-1a6c-439a-b1b3-4214950d210f",
"indicator--5c00f98f-d1f4-477b-95c8-401d950d210f",
"indicator--5c00fc2c-30e0-404d-84fd-4330950d210f",
"indicator--5c00fc2d-51ec-48e1-9a2c-452d950d210f",
"indicator--5c00fc2d-b064-4415-ad73-4865950d210f",
"indicator--5c00ffbe-990c-4dff-a33a-4de9950d210f",
"indicator--5c00ffbe-c144-4fde-8dde-4db9950d210f",
"indicator--5c00ffbf-be1c-433f-91df-4c19950d210f",
"indicator--5c00ffbf-ad70-4a08-bd63-48a8950d210f",
"indicator--5c00ffc0-b0d0-46d3-878c-48c9950d210f",
"indicator--5c00ffc0-aba8-4f83-b640-40a8950d210f",
"indicator--5c00ffc1-6fa0-400b-b2ab-40ec950d210f",
"indicator--5c00ffc1-01cc-45a0-b262-44b8950d210f",
"indicator--5c00ffc2-a904-44d3-a973-4698950d210f",
"indicator--5c00ffc2-4110-4b90-ba63-497f950d210f",
"indicator--5c00ffc2-c930-4f40-8442-45e7950d210f",
"indicator--5c00ffc3-5944-4409-9906-4d39950d210f",
"indicator--5c00ffc3-6744-4c15-8e89-4871950d210f",
"indicator--5c00ffc4-1dd4-42e1-b3b9-46d5950d210f",
"x-misp-object--5c00efc7-b804-4eee-b209-4f07950d210f",
"indicator--5c00f86d-ee94-4860-ac73-43c3950d210f",
"indicator--01bab117-1ff1-45dd-ab99-543bc32c67e3",
"x-misp-object--e9b584ea-284f-42cc-b56e-8d9a6aa7ffbb"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Hancitor\"",
"misp-galaxy:malpedia=\"Hancitor\"",
"osint:source-type=\"microblog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c00f48f-3d78-42e6-aebb-4eee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:27:59.000Z",
"modified": "2018-11-30T08:27:59.000Z",
"first_observed": "2018-11-30T08:27:59Z",
"last_observed": "2018-11-30T08:27:59Z",
"number_observed": 1,
"object_refs": [
"url--5c00f48f-3d78-42e6-aebb-4eee950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
chg: [feed] added
2023-04-21 13:25:09 +00:00
"type": "url",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"spec_version": "2.1",
"id": "url--5c00f48f-3d78-42e6-aebb-4eee950d210f",
"value": "https://ghostbin.com/paste/z6sox/raw"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f572-aefc-49bc-b505-4203950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:46.000Z",
"modified": "2018-11-30T08:31:46.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'appersonpropertiesinc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f573-9208-4fc5-a5d4-45fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:47.000Z",
"modified": "2018-11-30T08:31:47.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'g-cals.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f573-095c-4d84-800e-4858950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:47.000Z",
"modified": "2018-11-30T08:31:47.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'honeyhillfarmspop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f574-ad44-4525-828e-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:48.000Z",
"modified": "2018-11-30T08:31:48.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'joincryptofundraiser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f574-0bdc-43d6-afca-4b77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:48.000Z",
"modified": "2018-11-30T08:31:48.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'joincrytofundraisernow.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f575-a240-4535-a731-4a0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:49.000Z",
"modified": "2018-11-30T08:31:49.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'joincrytofundraisernow.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f575-d998-42cf-90d3-4cae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:49.000Z",
"modified": "2018-11-30T08:31:49.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'joincrytofundraisernow.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f576-ce8c-4d0a-b51e-4b8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:50.000Z",
"modified": "2018-11-30T08:31:50.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'kenapperson.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f576-6140-43bc-8345-4134950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:50.000Z",
"modified": "2018-11-30T08:31:50.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'localloop-wi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f577-3104-4a12-b2c4-4d45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:51.000Z",
"modified": "2018-11-30T08:31:51.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'localloop-wi.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f577-cbb8-4e3e-976b-45ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:51.000Z",
"modified": "2018-11-30T08:31:51.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'localloopwi.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f577-b704-4b31-bfa8-448e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:51.000Z",
"modified": "2018-11-30T08:31:51.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'minaskaowners.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f578-5840-4e81-ab8d-4284950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:52.000Z",
"modified": "2018-11-30T08:31:52.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'mogamecalls.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f578-165c-41e2-88a8-4cf8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:52.000Z",
"modified": "2018-11-30T08:31:52.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'mybabyguam.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f579-e980-40d4-848a-492b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:53.000Z",
"modified": "2018-11-30T08:31:53.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'satsumasgeorgia.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f579-e164-4098-916f-4e9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:53.000Z",
"modified": "2018-11-30T08:31:53.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'satsumassales.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f57a-0110-4dd4-a217-4305950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:54.000Z",
"modified": "2018-11-30T08:31:54.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'satsumasschoolfundraiser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f57a-b468-4b91-91e2-4441950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:31:54.000Z",
"modified": "2018-11-30T08:31:54.000Z",
"description": "Delivery domains",
"pattern": "[domain-name:value = 'wilocalloop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:31:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f898-a8e8-4fb0-bf2e-4ed3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:45:12.000Z",
"modified": "2018-11-30T08:45:12.000Z",
"description": "29qni11",
"pattern": "[url:value = 'http://geeventsehin.com/4/forum.php|http://tonshekinar.ru/4/forum.php|http://fidosofwass.ru/4/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:45:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98b-dae8-426f-b451-484e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:15.000Z",
"modified": "2018-11-30T08:49:15.000Z",
"pattern": "[url:value = 'http://oriton.ru/wp-includes/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98c-b284-4198-9be7-4781950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:16.000Z",
"modified": "2018-11-30T08:49:16.000Z",
"pattern": "[url:value = 'http://arsmarri.ru/wp-content/themes/Helix/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98c-b898-4260-aff4-4f37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:16.000Z",
"modified": "2018-11-30T08:49:16.000Z",
"pattern": "[url:value = 'http://bigheartstorage.com/wp-admin/includes/1|http://letortedierica.it/wp-admin/includes/1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98d-9cfc-4f4b-9cf5-467c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:17.000Z",
"modified": "2018-11-30T08:49:17.000Z",
"pattern": "[url:value = 'http://bdhsxj.com/wp-content/plugins/wp-no-category-base/1}{b:http://oriton.ru/wp-includes/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98d-2c9c-45b4-b952-40e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:17.000Z",
"modified": "2018-11-30T08:49:17.000Z",
"pattern": "[url:value = 'http://arsmarri.ru/wp-content/themes/Helix/2|http://bigheartstorage.com/wp-admin/includes/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98e-9730-4759-b9fa-4fe7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:18.000Z",
"modified": "2018-11-30T08:49:18.000Z",
"pattern": "[url:value = 'http://letortedierica.it/wp-admin/includes/2|http://bdhsxj.com/wp-content/plugins/wp-no-category-base/2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98e-b6ac-4e2c-8dd7-44bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:18.000Z",
"modified": "2018-11-30T08:49:18.000Z",
"pattern": "[url:value = 'http://oriton.ru/wp-includes/3|http://arsmarri.ru/wp-content/themes/Helix/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98f-1a6c-439a-b1b3-4214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:19.000Z",
"modified": "2018-11-30T08:49:19.000Z",
"pattern": "[url:value = 'http://bigheartstorage.com/wp-admin/includes/3|http://letortedierica.it/wp-admin/includes/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f98f-d1f4-477b-95c8-401d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:49:19.000Z",
"modified": "2018-11-30T08:49:19.000Z",
"pattern": "[url:value = 'http://bdhsxj.com/wp-content/plugins/wp-no-category-base/3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:49:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00fc2c-30e0-404d-84fd-4330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:00:28.000Z",
"modified": "2018-11-30T09:00:28.000Z",
"description": "Pony MLU",
"pattern": "[url:value = 'http://geeventsehin.com/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:00:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00fc2d-51ec-48e1-9a2c-452d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:00:29.000Z",
"modified": "2018-11-30T09:00:29.000Z",
"description": "Pony MLU",
"pattern": "[url:value = 'http://tonshekinar.ru/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00fc2d-b064-4415-ad73-4865950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:00:29.000Z",
"modified": "2018-11-30T09:00:29.000Z",
"description": "Pony MLU",
"pattern": "[url:value = 'http://fidosofwass.ru/mlu/forum.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffbe-990c-4dff-a33a-4de9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:42.000Z",
"modified": "2018-11-30T09:15:42.000Z",
"description": "Pony D2",
"pattern": "[url:value = 'http://geeventsehin.com/d2/about.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffbe-c144-4fde-8dde-4db9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:42.000Z",
"modified": "2018-11-30T09:15:42.000Z",
"description": "Pony D2",
"pattern": "[url:value = 'http://tonshekinar.ru/d2/about.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffbf-be1c-433f-91df-4c19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:43.000Z",
"modified": "2018-11-30T09:15:43.000Z",
"description": "c2",
"pattern": "[url:value = 'api2.doter.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffbf-ad70-4a08-bd63-48a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:43.000Z",
"modified": "2018-11-30T09:15:43.000Z",
"description": "c2",
"pattern": "[url:value = 'beetfeetlife.bit/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc0-b0d0-46d3-878c-48c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:44.000Z",
"modified": "2018-11-30T09:15:44.000Z",
"description": "c2",
"pattern": "[url:value = 'in.extremas.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc0-aba8-4f83-b640-40a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:44.000Z",
"modified": "2018-11-30T09:15:44.000Z",
"description": "c2",
"pattern": "[url:value = 'asx.zenjom.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc1-6fa0-400b-b2ab-40ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:45.000Z",
"modified": "2018-11-30T09:15:45.000Z",
"description": "c2",
"pattern": "[url:value = 'g2.ex100p.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc1-01cc-45a0-b262-44b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:45.000Z",
"modified": "2018-11-30T09:15:45.000Z",
"description": "c2",
"pattern": "[url:value = 'gif.doter.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc2-a904-44d3-a973-4698950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:46.000Z",
"modified": "2018-11-30T09:15:46.000Z",
"description": "c2",
"pattern": "[url:value = 'extra.avareg.cn/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc2-4110-4b90-ba63-497f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:46.000Z",
"modified": "2018-11-30T09:15:46.000Z",
"description": "c2",
"pattern": "[url:value = 'foo.avaregio.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc2-c930-4f40-8442-45e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:46.000Z",
"modified": "2018-11-30T09:15:46.000Z",
"description": "c2",
"pattern": "[url:value = 'op.iowbased.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc3-5944-4409-9906-4d39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:47.000Z",
"modified": "2018-11-30T09:15:47.000Z",
"description": "c2",
"pattern": "[url:value = 'ws.doter.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc3-6744-4c15-8e89-4871950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:47.000Z",
"modified": "2018-11-30T09:15:47.000Z",
"description": "c2",
"pattern": "[url:value = 'f1.cnboal.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00ffc4-1dd4-42e1-b3b9-46d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T09:15:48.000Z",
"modified": "2018-11-30T09:15:48.000Z",
"description": "c2",
"pattern": "[url:value = 'xxx.doolop.at/webstore']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T09:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c00efc7-b804-4eee-b209-4f07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:07:35.000Z",
"modified": "2018-11-30T08:07:35.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Hancitor is active again with a new macro. I haven't fully analyzed the macro yet, but here are the IoCs I have so far:\r\n(link: https://ghostbin.com/paste/z6sox/raw) ghostbin.com/paste/z6sox/raw",
"category": "Other",
"uuid": "5c00efc8-0df4-432b-b5da-4e45950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5c00efc8-30c4-4a58-ac9c-445d950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/mesa_matt/status/1068180573980631043",
"category": "Network activity",
"to_ids": true,
"uuid": "5c00efc8-85b4-41d7-9c45-4d69950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "ghostbin.com/paste/z6sox/raw",
"category": "Network activity",
"to_ids": true,
"uuid": "5c00efc9-2d9c-4303-9c75-43a3950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-11-29T17:31:00",
"category": "Other",
"uuid": "5c00efc9-e678-4354-9c9d-48c9950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "Hancitor is active again with a new macro. I haven't fully analyzed the macro yet, but here are the IoCs I have so far:\r\n(link: https://ghostbin.com/paste/z6sox/raw) ghostbin.com/paste/z6sox/raw",
"category": "Other",
"uuid": "5c00efca-7718-406c-88cf-49f6950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c00f86d-ee94-4860-ac73-43c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T08:44:29.000Z",
"modified": "2018-11-30T08:44:29.000Z",
"description": "document",
"pattern": "[file:hashes.SHA256 = 'a4276750a825c73f465bf67672b06f19613db82c047f9c0daa7c971c1d231fac' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T08:44:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01bab117-1ff1-45dd-ab99-543bc32c67e3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T12:09:58.000Z",
"modified": "2018-11-30T12:09:58.000Z",
"pattern": "[file:hashes.MD5 = '9aff54da8d88f6794ce900fd3bf2ad62' AND file:hashes.SHA1 = 'f403fa334c8804020b9a2f1620ca6a251c34827c' AND file:hashes.SHA256 = 'a4276750a825c73f465bf67672b06f19613db82c047f9c0daa7c971c1d231fac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-30T12:09:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e9b584ea-284f-42cc-b56e-8d9a6aa7ffbb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-11-30T12:09:59.000Z",
"modified": "2018-11-30T12:09:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-29T19:57:53",
"category": "Other",
"uuid": "e8b48c37-59bf-4e42-a194-35e302aa0472"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a4276750a825c73f465bf67672b06f19613db82c047f9c0daa7c971c1d231fac/analysis/1543521473/",
"category": "External analysis",
"uuid": "9ca4f760-6bc8-409e-98e5-f580470835eb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/58",
"category": "Other",
"uuid": "61b7f264-dbce-48b9-ac65-846bc4a535e8"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink