adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/f6098894-bbc6-4ee8-adbb-fc99b4c86f04.json

866 lines
38 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--f6098894-bbc6-4ee8-adbb-fc99b4c86f04",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:46:37.000Z",
"modified": "2023-01-10T15:46:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--f6098894-bbc6-4ee8-adbb-fc99b4c86f04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:46:37.000Z",
"modified": "2023-01-10T15:46:37.000Z",
"name": "OSINT - Godfather Trojan IOCs",
"published": "2023-01-10T15:46:51Z",
"object_refs": [
"indicator--582e28d6-70ac-49a8-9523-2a55359b3a53",
"indicator--283be250-ecdc-4057-82d5-26c5d452dfbd",
"indicator--9d2bc2c9-2361-472a-86bb-81f99ccd6a15",
"indicator--c518b2f0-1417-4720-b578-13160b24e034",
"indicator--326dcec3-ac72-47b8-bb76-01463bee1c91",
"indicator--f9fcdd3d-3e6f-47b7-b1a8-319eb91f8dd9",
"indicator--8fc32fd2-12be-4460-bc40-f3374a26f868",
"indicator--67299acd-4ca5-499c-ba2c-47db1130e081",
"indicator--7ac407eb-b23e-469e-bde7-a2b31abc5d40",
"indicator--dfd9f51b-ef52-4b04-9f25-4a60c8bbbf0e",
"indicator--f3c722b8-75c6-479f-8805-7f06e6062c6c",
"indicator--a0f4eac1-dea6-4b7d-bda0-e69f09b65ce0",
"indicator--4a91a0e3-a25a-488c-aef4-2af731657555",
"indicator--6f9fd4b2-0c0d-4f5a-aa4a-184417889d0b",
"indicator--7b1f707d-3eea-492d-8196-5dd13921360f",
"indicator--748ec32a-a7c9-48f6-b189-3100b5ef40d8",
"indicator--cea15d0d-fac6-47d1-b9ea-5775b446b814",
"indicator--3c5664c2-98ff-499e-a915-2ef2fe2f6a88",
"indicator--2e220ffc-630f-4348-89b3-a894961cbb7d",
"indicator--8c02c3aa-e7c9-4e79-b9c8-d562835becb6",
"indicator--ae613301-2400-48c4-b23c-df853f9d4f3d",
"indicator--03574f55-8a78-4e36-add2-01b1f5c1df32",
"indicator--0c7c6c3b-5b82-4e61-a380-1115cc8b8fed",
"indicator--40fb7312-71a4-469c-89db-65f38ddb73ee",
"indicator--91bbcc0a-5c71-4750-9f41-bf08b72bbd4b",
"indicator--504c51f0-f3d2-43e6-b4d7-baac114828e9",
"indicator--4edbf8e1-d4ab-4fe1-8ba9-d28268cc9b9f",
"x-misp-object--00451894-1a23-462f-a90d-c0d852d9fe80",
"x-misp-object--05d7898d-e645-406b-ba38-eb56f4e4bd13",
"indicator--09799c14-87d6-4a36-9e61-f1353f49f50d",
"x-misp-object--344f2b3c-8c0a-49fe-867b-5b9c7dcf4166",
"x-misp-object--e6777be6-8b69-49a6-b286-521b557b108c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1646\"",
"veris:asset:variety=\"U - Mobile phone\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--582e28d6-70ac-49a8-9523-2a55359b3a53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'http://168.100.9.86/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--283be250-ecdc-4057-82d5-26c5d452dfbd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'http://45.61.138.60/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d2bc2c9-2361-472a-86bb-81f99ccd6a15",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'http://50.18.3.26/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c518b2f0-1417-4720-b578-13160b24e034",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'http://heikenmorgan.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--326dcec3-ac72-47b8-bb76-01463bee1c91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'https://banerrokutepera.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9fcdd3d-3e6f-47b7-b1a8-319eb91f8dd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:08:13.000Z",
"modified": "2023-01-10T15:08:13.000Z",
"pattern": "[url:value = 'https://henkormerise.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:08:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8fc32fd2-12be-4460-bc40-f3374a26f868",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '168.100.9.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67299acd-4ca5-499c-ba2c-47db1130e081",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.61.138.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7ac407eb-b23e-469e-bde7-a2b31abc5d40",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.18.3.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dfd9f51b-ef52-4b04-9f25-4a60c8bbbf0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[url:value = 'heikenmorgan.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f3c722b8-75c6-479f-8805-7f06e6062c6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[url:value = 'banerrokutepera.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0f4eac1-dea6-4b7d-bda0-e69f09b65ce0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:09:18.000Z",
"modified": "2023-01-10T15:09:18.000Z",
"pattern": "[domain-name:value = 'henkormerise.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a91a0e3-a25a-488c-aef4-2af731657555",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = '0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f9fd4b2-0c0d-4f5a-aa4a-184417889d0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = '38386f4fabd0bc7f7065eaee818717e89772fb3b1a3744df754c45778e353f70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b1f707d-3eea-492d-8196-5dd13921360f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = '7664293fc1dde797940d857d1f16eb1e12a15b9126d704854f97df1bedc18758']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--748ec32a-a7c9-48f6-b189-3100b5ef40d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = '9815ba07d0a2528c11d377b583243df24218a48c6a4f839f40769ea290555070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cea15d0d-fac6-47d1-b9ea-5775b446b814",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = '9dfb5b4ad9aac36c2d7fbb93f8668faa819cb0df16f4a55d00f1cdda89c9a6d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c5664c2-98ff-499e-a915-2ef2fe2f6a88",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'a14aad1265eb307fbe71a3a5f6e688408ce153ff19838b3c5229f26ee3ece5dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e220ffc-630f-4348-89b3-a894961cbb7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'b6249fa996cb4046bdab37bab5e3b4d43c79ea537f119040c3b3e138149897fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c02c3aa-e7c9-4e79-b9c8-d562835becb6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'c3dadb9a593523d1bf3fe76dabf375578119aff3110d92a1a4ee6db06742263a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae613301-2400-48c4-b23c-df853f9d4f3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'c4bace10849f23e9972e555ac2e30ac128b7a90017a0f76c197685a0c60def6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--03574f55-8a78-4e36-add2-01b1f5c1df32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'c79857015dbf220111e7c5f47cf20a656741a9380cc0faecd486b517648eb199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c7c6c3b-5b82-4e61-a380-1115cc8b8fed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:23.000Z",
"modified": "2023-01-10T15:10:23.000Z",
"pattern": "[file:hashes.SHA256 = 'd652ac528102de3ebb42a973db639ae27f13738e005172e5ff8aac6e91f3f760']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40fb7312-71a4-469c-89db-65f38ddb73ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:19:09.000Z",
"modified": "2023-01-10T15:19:09.000Z",
"description": "%KEY% is the key sent as a parameter in the requests mentioned above. %LOCALE% is the system language. The user-agent used when the request is executed is:",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Linux; Android 9; SM-J730F Build/PPR12.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/88.0.4324.181 Mobile Safari/537.36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:19:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91bbcc0a-5c71-4750-9f41-bf08b72bbd4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:20:44.000Z",
"modified": "2023-01-10T15:20:44.000Z",
"pattern": "[domain-name:value = 'banerrokutepera.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:20:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--504c51f0-f3d2-43e6-b4d7-baac114828e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:20:44.000Z",
"modified": "2023-01-10T15:20:44.000Z",
"pattern": "[domain-name:value = 'heikenmorgan.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:20:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4edbf8e1-d4ab-4fe1-8ba9-d28268cc9b9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:20:44.000Z",
"modified": "2023-01-10T15:20:44.000Z",
"pattern": "[domain-name:value = 'pluscurrencyconverter.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:20:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--00451894-1a23-462f-a90d-c0d852d9fe80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:10:04.000Z",
"modified": "2023-01-10T15:10:04.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://1275.ru/ioc/1192/godfather-trojan-iocs/",
"category": "External analysis",
"uuid": "8dc384c7-67b9-4a8d-b449-f6804487902b"
},
{
"type": "text",
"object_relation": "summary",
"value": "Group-IB \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0435 Google Play \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u043e\u0433\u043e \u0442\u0440\u043e\u044f\u043d\u0430 Godfather, \u0433\u0434\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0413\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u044f \u0435\u0433\u043e \u0436\u0435\u0440\u0442\u0432 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0435\u0442 16 \u0441\u0442\u0440\u0430\u043d \u043c\u0438\u0440\u0430, \u0430 \u0441\u043f\u0438\u0441\u043e\u043a \u0446\u0435\u043b\u0435\u0439 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 400 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0431\u0430\u043d\u043a\u043e\u0432, \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0445 \u0431\u0438\u0440\u0436 \u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u043e\u0432.",
"category": "Other",
"uuid": "ae3e1b8d-b149-4551-9412-ebee765c9de5"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "469bd9cb-bb87-404f-a325-624866e88da7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05d7898d-e645-406b-ba38-eb56f4e4bd13",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:11:09.000Z",
"modified": "2023-01-10T15:11:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8",
"category": "External analysis",
"uuid": "cf926a0e-0c8a-46ea-9fe9-915e81b5e76e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/66",
"category": "Other",
"uuid": "1de1435a-1eb5-4bcf-8c82-5576ce32606c"
}
],
"x_misp_comment": "0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--09799c14-87d6-4a36-9e61-f1353f49f50d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:11:09.000Z",
"modified": "2023-01-10T15:11:09.000Z",
"description": "0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8: Enriched via the virustotal module",
"pattern": "[file:hashes.MD5 = 'ec9f857999b4fc3dd007fdb786b7a8d1' AND file:hashes.SHA1 = '3fa48a36d22d848ad111b246ca94fa58088dbb7a' AND file:hashes.SHA256 = '0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8' AND file:hashes.SSDEEP = '98304:vDdInEpAOdLl2DfGjOmP34z09nmw3xAZMV8JiDQeZgUGdh0fr33dmh++0oEHi6Pz:5gE7tf3u09nmiOZmDid9h+CFZMXmwfXR' AND file:hashes.VHASH = 'ede26ab6fd89266ae46ad188b676ce54' AND file:x_misp_tlsh = 't1cb76125af718a86fc1f792324679522a66074c268743ea875968727c0dbbdc04f4bfcc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-01-10T15:11:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--344f2b3c-8c0a-49fe-867b-5b9c7dcf4166",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:14:14.000Z",
"modified": "2023-01-10T15:14:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/9815ba07d0a2528c11d377b583243df24218a48c6a4f839f40769ea290555070",
"category": "External analysis",
"uuid": "0514771e-3eee-4ab7-bda0-005ada4ce08c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/66",
"category": "Other",
"uuid": "45c71feb-c0cf-41c7-ac50-eb21152dda6e"
}
],
"x_misp_comment": "9815ba07d0a2528c11d377b583243df24218a48c6a4f839f40769ea290555070: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e6777be6-8b69-49a6-b286-521b557b108c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-01-10T15:17:23.000Z",
"modified": "2023-01-10T15:17:23.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://blog.group-ib.com/godfather-trojan",
"category": "External analysis",
"uuid": "288a1ec3-7867-48fa-aeb0-6718edaae63c"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges.\r\n\r\nFew people realize that hiding under Godfather\u2019s hood is an old banking Trojan called Anubis, whose functionality has become outdated due to Android updates and the efforts of malware detection and prevention providers.",
"category": "Other",
"uuid": "76bfccf5-2126-4090-b782-fd2c85ba72db"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "c402c0b0-0a54-40b1-825d-3a8b21f33917"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink