8376 lines
768 KiB
JSON
8376 lines
768 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--4b475a5f-ea47-4f2f-aea3-d8ba9bd1b6b6",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:40:06.000Z",
|
||
|
"modified": "2022-01-30T10:40:06.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--4b475a5f-ea47-4f2f-aea3-d8ba9bd1b6b6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:40:06.000Z",
|
||
|
"modified": "2022-01-30T10:40:06.000Z",
|
||
|
"name": "OSINT - Cytrox Spyware Indicators of Compromise",
|
||
|
"published": "2022-01-30T10:40:17Z",
|
||
|
"object_refs": [
|
||
|
"indicator--81efca44-80f3-4af5-8fb7-2adac09bc441",
|
||
|
"indicator--2e2f04a2-f118-4173-9c8e-0239bf1a2275",
|
||
|
"indicator--e96995ba-21b6-421c-ab76-2f9033027ba6",
|
||
|
"indicator--46501d2a-e0d5-433a-97a1-5c7a51e253fd",
|
||
|
"indicator--5a285db2-47e1-460b-a29b-578eaef98360",
|
||
|
"indicator--6e3a2a11-8388-4df3-a8e7-0d0e3d738087",
|
||
|
"indicator--5446169c-6ecf-4170-84d5-693592ee3658",
|
||
|
"indicator--8107c1fb-fd2f-41a3-977b-8960a5d4c378",
|
||
|
"indicator--96a6b121-bac8-4cf1-8787-059df157d254",
|
||
|
"indicator--09963b62-44aa-4818-9d98-c558f0273a15",
|
||
|
"indicator--debc2347-209b-4537-ba70-7901c3dc7283",
|
||
|
"indicator--90a131af-f06b-463b-9e56-42d51a89deaa",
|
||
|
"indicator--7b706010-9ef4-45a5-a913-1e4162735294",
|
||
|
"indicator--255be985-8b0b-49a5-ad29-3d37fd0f3c63",
|
||
|
"indicator--2fa975f4-7a1a-47b2-aa2a-e3f703b09ab2",
|
||
|
"indicator--b61d5c8c-8964-4e34-adb9-36e8245576cb",
|
||
|
"indicator--49021dea-5371-4d79-b093-4948ba0c3ff1",
|
||
|
"indicator--13f42f7b-c0d5-4281-8d83-561ec441c930",
|
||
|
"indicator--24243169-8697-48a1-bb99-17bb1e37d4dd",
|
||
|
"indicator--94220acf-d481-4f83-9aa0-3b6bb7c0177d",
|
||
|
"indicator--dadba41c-dc50-42a3-ad92-b3ad524c2fa8",
|
||
|
"indicator--5c4c8469-56e2-46c6-8ed7-13f54f662102",
|
||
|
"indicator--1e534a66-1732-40d8-bff7-6e760a9a2b85",
|
||
|
"indicator--1a2d9b3a-810e-4de0-8453-906287ff2997",
|
||
|
"indicator--993af816-13f6-4177-8df8-11a949b868d8",
|
||
|
"indicator--087f187b-3a41-4169-86aa-b1f76271dbec",
|
||
|
"indicator--27d902d4-87d1-45c5-ae92-4db9d491ce22",
|
||
|
"indicator--a9c4eaf8-9ea8-4c5a-af40-adcce69b9359",
|
||
|
"indicator--d74372f1-bc95-426a-82f7-beb97d269dea",
|
||
|
"indicator--901470be-ea4b-4080-99b8-6ffec8f5a5a6",
|
||
|
"indicator--d6696519-191e-4396-bc80-4095a4fca6b0",
|
||
|
"indicator--09d36209-d326-4235-b3bf-40443c98c511",
|
||
|
"indicator--34ed38e3-7c6d-4c57-a839-620c1669b09c",
|
||
|
"indicator--8aebd50d-ef2a-4402-a221-f50bef8e3480",
|
||
|
"indicator--efa49e47-f6f0-45df-9d4d-af12c97249de",
|
||
|
"indicator--003a463c-b29b-4364-81e4-74cde40801ae",
|
||
|
"indicator--9b18b86d-745f-42f8-a7a2-c267c3797041",
|
||
|
"indicator--485be54c-5794-4446-a0a3-67bfa4e50942",
|
||
|
"indicator--28127113-c787-407c-adcc-c1a1cbd03f3c",
|
||
|
"indicator--ebe02e6b-db9e-4bf0-a643-713bbd162773",
|
||
|
"indicator--f601391e-ebec-409d-a7ba-7abe6706692a",
|
||
|
"indicator--ac07bced-2620-4c9a-9825-d33c71129563",
|
||
|
"indicator--4cf86a85-fd40-4310-bcb4-766f86104fe3",
|
||
|
"indicator--7e6e9143-9521-4368-b75f-946791fa8c88",
|
||
|
"indicator--4ca0f5bd-f5b0-4358-95fd-6ac37ed422fe",
|
||
|
"indicator--bd289319-bfd2-4457-8da3-7c86e4eb5432",
|
||
|
"indicator--f0242937-a663-49d9-91a6-d9bef37d184e",
|
||
|
"indicator--70f73d47-44ff-495c-bb7c-f674701d149c",
|
||
|
"indicator--066398c3-48ee-49b7-ad63-963b5ee1026b",
|
||
|
"indicator--cf85f4b1-cef7-499b-b1b4-82dc31b54a9d",
|
||
|
"indicator--3a86a1be-a0a7-4b5b-b1ad-1d77b971dcff",
|
||
|
"indicator--d14c16d2-076f-4f02-8936-18626086f961",
|
||
|
"indicator--dad4879f-778b-4349-8d6b-13ff83e39150",
|
||
|
"indicator--4ccdcdef-e94d-4f7c-98c4-067061db73f1",
|
||
|
"indicator--5ae720ed-4497-4a02-a5b7-d2f0ec505129",
|
||
|
"indicator--8d7c8719-1658-42a1-aeb2-94951be93893",
|
||
|
"indicator--bb1174df-0262-42b5-8993-dfbca988fe2a",
|
||
|
"indicator--95277b90-4b66-4b18-8523-ec395c7207fe",
|
||
|
"indicator--948b8dea-36f0-4709-8fa6-8073a3aebb3a",
|
||
|
"indicator--a059e603-2cc4-4d03-b537-24f7e9a2eacb",
|
||
|
"indicator--8c4831ff-88e5-4bfd-8b9f-40c734af3144",
|
||
|
"indicator--ddcb07c2-00c8-4762-9cc2-6177b57a47c8",
|
||
|
"indicator--9010dfd7-e4e8-4e00-9266-c7b594ee3098",
|
||
|
"indicator--3edfc428-bee7-404e-a38a-03ffca7d8825",
|
||
|
"indicator--cac2c444-a625-4574-b924-d3ebefc923d3",
|
||
|
"indicator--20a63ad7-9927-4644-9ebe-14e43d3598dc",
|
||
|
"indicator--744a4091-f302-4928-a3d9-e8babddd9529",
|
||
|
"indicator--2da02320-e77b-4bfb-929f-9b322f284249",
|
||
|
"indicator--1a411d21-2364-4298-ad20-a7212732dff6",
|
||
|
"indicator--f04f6fb9-2e63-4b50-911d-ce521e7af9c0",
|
||
|
"indicator--ff5a4722-b6d8-4019-9af0-3a6c591dfd3e",
|
||
|
"indicator--9b58b24d-4f1a-4079-a036-ff11ef863252",
|
||
|
"indicator--ce6e0ba9-89ba-4806-9869-0cc8aaa590ea",
|
||
|
"indicator--21f6f6a8-cf16-4a91-b142-2a5a3bf40904",
|
||
|
"indicator--49bc9b6b-c1a3-4ad0-9a7d-a9eb2cf4c5bc",
|
||
|
"indicator--8b89b16a-6e38-4b7a-99a1-a8f5792db563",
|
||
|
"indicator--bbc93630-e44f-4a0d-ae60-922ffe9e0b93",
|
||
|
"indicator--c70788c3-eca7-40d4-b662-cbab7a49a6b1",
|
||
|
"indicator--6000ef97-f5da-40de-a188-024799603502",
|
||
|
"indicator--104689c1-9d29-4577-9d9e-9fb6f14da5e8",
|
||
|
"indicator--e045fa9f-fc3a-4123-9cd4-3448061b97d3",
|
||
|
"indicator--fe6b466f-62fa-48ac-ab2c-a92be207a833",
|
||
|
"indicator--b67703a6-5f6b-4d73-a27f-199821f73ed6",
|
||
|
"indicator--bf5d25ea-75de-472a-8310-15f5e0b4932e",
|
||
|
"indicator--2f367350-f35f-4ec8-adf0-d475a6eb7302",
|
||
|
"indicator--81cae761-b61d-499c-ad2b-ae98c67f5bc3",
|
||
|
"indicator--e1a8674a-8801-4373-b2bd-d5b591c02d9f",
|
||
|
"indicator--23a09185-6628-4af7-a388-ce657638553a",
|
||
|
"indicator--f7dd2207-35c2-47ae-89b5-2a8bd2c042cc",
|
||
|
"indicator--dc8879b3-2fdd-45d8-88e7-b8482788a5b2",
|
||
|
"indicator--db0c7980-ec7f-48d4-8f52-79b773832083",
|
||
|
"indicator--8cbe0466-9c7b-49fb-989c-d2b3f4855a96",
|
||
|
"indicator--a1e0afc3-3cfa-4b2e-8dda-95c717b0da9d",
|
||
|
"indicator--f0cadc91-b2be-4df1-8a68-581d21b6dcff",
|
||
|
"indicator--61f0ef41-183d-49d5-ae07-a2694af55919",
|
||
|
"indicator--30da6c62-4d17-4aae-b16a-3f675297d52c",
|
||
|
"indicator--99309856-9569-45e7-9d5d-4910c12af72f",
|
||
|
"indicator--90c4c296-a888-458a-a651-2d3aea700a45",
|
||
|
"indicator--09ec9968-d4d5-4d8e-a833-e63b7151db86",
|
||
|
"indicator--935bcab5-38e0-41ac-911d-2b9501398643",
|
||
|
"indicator--748caba0-792e-4d50-98aa-bb9973de74bc",
|
||
|
"indicator--1c00ba31-22af-4a47-81d3-133ee183085b",
|
||
|
"indicator--2506b0da-f468-4cdc-a82e-a9dab7ffb204",
|
||
|
"indicator--0b3993ca-f7cc-450a-ba56-9472951c2ef7",
|
||
|
"indicator--549abe91-8cb0-4b7a-ba5f-0046df003803",
|
||
|
"indicator--73a0329a-7b63-400a-97cd-e26dfa12929c",
|
||
|
"indicator--0871e302-e849-4c77-a2d3-53c67dcf2719",
|
||
|
"indicator--2e33ab1d-f4ec-42bb-9991-e6fdd621ca82",
|
||
|
"indicator--2f29f944-733c-4b93-bbe7-9e98b72bb187",
|
||
|
"indicator--a91b2b7d-e0ad-427e-b79b-ca420a12a048",
|
||
|
"indicator--2d9765d7-e61d-487d-825d-a41699a9741f",
|
||
|
"indicator--e229cdc0-aa20-46d1-afc3-8d6178a4fe37",
|
||
|
"indicator--1152787e-ed89-4860-bd4c-eac820d3fd57",
|
||
|
"indicator--eaa84fae-1045-4efc-9f34-645782acd116",
|
||
|
"indicator--ee4de759-0ad6-48fe-a698-71987e9a2086",
|
||
|
"indicator--1feca209-54ad-4250-980b-c1213595059f",
|
||
|
"indicator--ca625364-45a8-4fb4-a919-365004a9d24a",
|
||
|
"indicator--db2ba484-cfdc-4c5b-991f-14906020b97b",
|
||
|
"indicator--a8ed5319-8b87-46f3-bce3-a228b2ba3d81",
|
||
|
"indicator--f811b4e9-128a-4ce4-b211-05bf34896abf",
|
||
|
"indicator--3e1d9744-4318-453d-983b-db773ed4e003",
|
||
|
"indicator--e9e59dde-a35f-4170-87e6-030ee72d6845",
|
||
|
"indicator--1337cc14-1b9c-4d37-a25d-bd736508041d",
|
||
|
"indicator--7ea3ac59-ee17-4530-8b81-c53d66fdccb3",
|
||
|
"indicator--99433f06-e227-474d-9045-8e8af7be1f52",
|
||
|
"indicator--437fa889-e76f-44ac-9b17-83ef6d8f11e2",
|
||
|
"indicator--4777a5d1-e638-42b0-95a3-7f88d99be990",
|
||
|
"indicator--ded354aa-0ced-4165-9154-b1b1848e5d58",
|
||
|
"indicator--3d73627d-b4ca-484e-9983-936fe2509ddf",
|
||
|
"indicator--01b6f708-1a03-45d3-8b1d-4cae8036359f",
|
||
|
"indicator--07450a98-9bc3-4fb6-adbf-cf710bac5846",
|
||
|
"indicator--ac57b5b8-68d4-4e43-bf71-3c345b6c8547",
|
||
|
"indicator--3d385ce8-bc5c-4a52-9ab3-958b67fadb33",
|
||
|
"indicator--1de007be-18ec-4987-b71b-785a9ff63254",
|
||
|
"indicator--73e43a97-2e2f-4a7f-87da-b379c17f13fa",
|
||
|
"indicator--dbb91060-cfc7-47d7-96de-c88e70c62a2b",
|
||
|
"indicator--13a740d1-d5e2-414e-9673-837d5fa433de",
|
||
|
"indicator--75861ba5-a4ac-4daf-8987-9303658ec41c",
|
||
|
"indicator--4d48f243-9a16-4a88-a79e-13d53445c9d2",
|
||
|
"indicator--b516d270-21e1-4f29-a1a0-764911e8c8cf",
|
||
|
"indicator--deb22c9f-cb56-4197-9424-e08f9ba1ae32",
|
||
|
"indicator--10da3fbb-8412-4577-b26a-8858ab9f7b71",
|
||
|
"indicator--a09f38b9-2f25-4837-b3b4-cf9dbc34ea77",
|
||
|
"indicator--e10f7108-0b61-4122-ad2a-ac5fcc097f72",
|
||
|
"indicator--d653dd3b-50e0-4168-855b-14ac89a31695",
|
||
|
"indicator--e663cf20-129e-428c-b3e3-ddaa86176059",
|
||
|
"indicator--0a3f5bbd-8180-43cf-9c39-8413e2188fb5",
|
||
|
"indicator--dac7d9c5-1724-48a9-91e0-63e8fdd9e994",
|
||
|
"indicator--fa8b1e27-b650-48f6-9eed-df46fb4acf6f",
|
||
|
"indicator--febf276c-3a9e-4fd6-ab4d-04bc5822af78",
|
||
|
"indicator--77a5a2fe-80a1-4030-a1ba-a6df896bd41a",
|
||
|
"indicator--77641e2c-87d6-4462-a3ec-79ef3f39e0bc",
|
||
|
"indicator--038ea7ab-9500-4e0e-97d1-857234a7d2ec",
|
||
|
"indicator--f27e61ab-f594-4c80-aeec-cdc975e507ca",
|
||
|
"indicator--2fe5b0a1-ac80-42c6-9e35-dd86c9198897",
|
||
|
"indicator--171a043d-c5bb-4483-83ee-12976193d80d",
|
||
|
"indicator--1eaaf3b8-9112-4b90-9215-68e0e71126e6",
|
||
|
"indicator--2f0d8b48-2ccf-4b12-bb10-1efc7e309911",
|
||
|
"indicator--eb45c367-fea6-40b7-9ab3-8d4f2eb8dfe3",
|
||
|
"indicator--f6f1db9a-4053-4e23-96eb-6eea6fe592b7",
|
||
|
"indicator--ecd35815-a4a2-4c62-82b8-647c68533168",
|
||
|
"indicator--8af2791b-1ea1-4a82-b8c9-4d8d50f8cd17",
|
||
|
"indicator--cf6b3708-8f55-42a6-a613-4b9a7f8b4e59",
|
||
|
"indicator--980ad684-f736-417b-a656-c06228756e6f",
|
||
|
"indicator--97ba1829-a091-44c1-9455-61c31d07a4e3",
|
||
|
"indicator--1db30066-a2ef-4ac0-8b1d-df030f595d9d",
|
||
|
"indicator--18345894-209f-4f7d-beb3-708bfe43a1c2",
|
||
|
"indicator--257362fd-2770-4707-8599-fa65f8ad7d0a",
|
||
|
"indicator--daf7ca58-8b52-4f62-9c5f-035e8bf0529a",
|
||
|
"indicator--b602a4e2-5ca8-4e85-ad09-57855044607f",
|
||
|
"indicator--7b5c8565-cfb5-43d7-97d2-180a2589d413",
|
||
|
"indicator--4a7422c4-4688-4d64-839b-ddf90c946a1b",
|
||
|
"indicator--4de4af8f-3ece-42bc-b40a-becd9523374a",
|
||
|
"indicator--c1bcd463-8ba8-4602-983e-b07c8c50849a",
|
||
|
"indicator--5a45ac49-4b17-4cbb-a960-bc2af1a7dba7",
|
||
|
"indicator--b7a889c1-d2ae-480a-afab-590fa8a2a5ee",
|
||
|
"indicator--89dc5738-d457-4823-a60a-94f21f72673f",
|
||
|
"indicator--6f8bcbd9-b94f-4f82-915a-b0d39c7ee3c4",
|
||
|
"indicator--1df46c75-7921-4308-9d75-e91430724ca2",
|
||
|
"indicator--4fdeb5cc-a7de-4fe6-bdf3-0b9af4b880fb",
|
||
|
"indicator--b8ccb07d-2109-4d0b-83e0-7ef9ac907d0f",
|
||
|
"indicator--b3ca055c-e81c-4844-8c70-85ef9b1cf463",
|
||
|
"indicator--40bbaea3-00ff-468f-8add-d902e3b5c1b0",
|
||
|
"indicator--9a9c8608-9838-4dfb-854e-96975cf8b939",
|
||
|
"indicator--3dcfbcca-074f-4981-a2df-ba5c828d984a",
|
||
|
"indicator--baf8af4c-4a16-49fe-a2ca-39dd4d217986",
|
||
|
"indicator--dfdc12cd-78c0-436f-9d9f-13d15b24e616",
|
||
|
"indicator--8e9283c5-2053-470f-ac0e-1f1867e9e11a",
|
||
|
"indicator--973187cb-f794-480c-ab45-7870236cf63f",
|
||
|
"indicator--5d0c0e15-a56d-4fb9-b6d4-c8b74feed731",
|
||
|
"indicator--259a7697-5957-4302-b237-7bcfafea0d94",
|
||
|
"indicator--21d1bbcf-6b29-45bb-8984-2838acbcada9",
|
||
|
"indicator--0fa4f763-1376-4214-ba31-b6e98819f416",
|
||
|
"indicator--121c8d12-90ce-4578-b89a-856fa1df547a",
|
||
|
"indicator--388aaffe-3152-4fab-8428-36f2110c1888",
|
||
|
"indicator--6863db87-c31f-4040-9d6b-4410dbb725f4",
|
||
|
"indicator--d89f16cc-cb4d-4991-b224-f23214917175",
|
||
|
"indicator--c8fba428-3a34-4565-937b-f2494adbaf91",
|
||
|
"indicator--d3d207be-fa7f-4748-8082-fe32084d1b19",
|
||
|
"indicator--ecd8eaf2-dc91-43c4-825e-b6e5853d56e5",
|
||
|
"indicator--f3b34772-179d-4bcc-87d7-b2c70900b955",
|
||
|
"indicator--8fee3f0d-dcca-47fc-9097-40dbfc848c0b",
|
||
|
"indicator--5315e7f4-aa10-4641-bbbe-6b1c7eb241df",
|
||
|
"indicator--95d39b25-592e-464d-9212-b564af06a4e5",
|
||
|
"indicator--81fa911d-c5af-42fb-b61b-288021e0cf3a",
|
||
|
"indicator--2668dfce-54f5-4fbc-b99b-faa0a21ef1ae",
|
||
|
"indicator--7e71dd5c-82b5-40b4-855e-6a80cb4acb1d",
|
||
|
"indicator--2f7a915c-a00f-4bb2-b862-66be4a250c9e",
|
||
|
"indicator--e32d5970-af9b-4017-94e0-05fa64820cd4",
|
||
|
"indicator--de46ff06-912f-45fa-8e86-2229efe4cbd1",
|
||
|
"indicator--e6c9173b-44d1-484a-bf42-90b7aa74d1f2",
|
||
|
"indicator--70ef642d-57a1-41ea-b941-da4b5801c760",
|
||
|
"indicator--a5ad04a7-dfd3-4c85-9387-ee322da7a24a",
|
||
|
"indicator--eda5157b-dcc3-4609-8002-f50710c04434",
|
||
|
"indicator--c77d5da9-2488-4b78-a396-56893089b69f",
|
||
|
"indicator--78c52144-60f1-4c7e-8986-0a0e9a2ae3d2",
|
||
|
"indicator--44e854d4-267a-4c1f-8b4d-dde49985030c",
|
||
|
"indicator--d200af18-edbf-4f8b-87c3-52045227e189",
|
||
|
"indicator--d5fff34d-eb00-4b37-8273-3b51fbb87995",
|
||
|
"indicator--b82a6099-2c5b-4562-a1f8-c385f5cead46",
|
||
|
"indicator--4dfced26-0d23-4c22-ae8d-c1de4519582b",
|
||
|
"indicator--73be604e-31d3-4b41-bcf5-e63690b35055",
|
||
|
"indicator--9dc12793-cb24-4761-bcbf-471ec47f585c",
|
||
|
"indicator--a76a122d-3156-46e2-815d-69b39734bd5d",
|
||
|
"indicator--90c431f9-fcc2-45e8-ab7d-56a3c271b066",
|
||
|
"indicator--40abb731-15d2-467a-a435-8ce7de39cc0e",
|
||
|
"indicator--dc850998-3aa8-4103-bee6-b70f4ea53628",
|
||
|
"indicator--fb1eeecb-61fa-4d8f-89d2-60ef8e8136ad",
|
||
|
"indicator--c45e6ed2-2368-428f-a212-abce61b09865",
|
||
|
"indicator--d16d3fe3-c515-4420-9fb0-d21f0b60565c",
|
||
|
"indicator--daa7def9-a735-4e8a-b3e6-18d9e78f37b5",
|
||
|
"indicator--482b6622-30bc-4b62-bffe-c7dd3f336d29",
|
||
|
"indicator--097992c8-e640-40c2-9031-35f0976531ac",
|
||
|
"indicator--f83be75e-53ff-4b62-8d9f-493651c10c35",
|
||
|
"indicator--de9abd2f-8c29-4e73-8b6b-934ab2f5514e",
|
||
|
"indicator--72b9c18f-2b54-4aea-8540-33c76119814e",
|
||
|
"indicator--e365f17f-3ddd-4b26-b73e-402268373aed",
|
||
|
"indicator--257a5633-f116-4d9b-8775-2bdb83d3f5f0",
|
||
|
"indicator--e8f7c662-b7f6-4257-ae60-79629bb5a91f",
|
||
|
"indicator--bcbd25ee-8c06-4713-8d23-f31c98004b3a",
|
||
|
"indicator--f35a869f-52e4-49c0-a354-118acb9ccffb",
|
||
|
"indicator--fbf5f170-11e6-40b7-9ae0-65a00ec39314",
|
||
|
"indicator--8f2aa532-d874-42f5-b2b6-9f64bd4bcc90",
|
||
|
"indicator--e68bf835-515a-44bc-ada6-0ba42c331949",
|
||
|
"indicator--7664644e-31ad-4f60-9739-34237f6d81df",
|
||
|
"indicator--6ca386b8-0289-488b-81b8-056e5851ce81",
|
||
|
"indicator--a2c247a1-6df2-49dd-bb61-68a4f244ddda",
|
||
|
"indicator--43387a03-7765-47aa-b5ed-d7c6bfb0f3b9",
|
||
|
"indicator--2ff9e891-845e-4db2-a960-14fdf7b5abbe",
|
||
|
"indicator--9da56dc0-555b-43c6-849e-d395e513239a",
|
||
|
"indicator--c30fbf27-e36b-4dc7-ad5b-274dbe216442",
|
||
|
"indicator--23eb7677-9c5b-40f3-8db8-0db9d00bfca0",
|
||
|
"indicator--0de655ae-07ff-4809-84cc-3cfea8da58ef",
|
||
|
"indicator--093937c1-4034-4617-a9dc-e55dcb15a4f6",
|
||
|
"indicator--b77dffc5-435e-4aab-8246-3e0073599068",
|
||
|
"indicator--1be173ac-b016-4979-bfc6-32c1ea7019ce",
|
||
|
"indicator--2af63a3a-315c-498d-bb85-dcdecb26bc52",
|
||
|
"indicator--eece0b35-ae03-416b-b183-2bf5a4b0641c",
|
||
|
"indicator--947939ec-59ee-496e-ac18-9cbb5657563f",
|
||
|
"indicator--f398103d-3f84-4c35-9223-71ecbc90f867",
|
||
|
"indicator--6993238b-037a-4768-a706-db895d6cff06",
|
||
|
"indicator--1fa4b4d3-8601-499d-8fae-e21f7d0c398e",
|
||
|
"indicator--a0b446c7-0ce0-43b7-90b0-a3d277e7b1a9",
|
||
|
"indicator--c271cc6a-04c3-4004-a17f-9d28e742d360",
|
||
|
"indicator--3c6feb64-187d-4a26-acc0-9b2c877ef5e0",
|
||
|
"indicator--25b51862-e0ee-4eba-b346-2abae972932b",
|
||
|
"indicator--1c6bb5e8-1a88-440d-b50d-2958b2961d96",
|
||
|
"indicator--a644a71a-7a07-4a23-92fa-648f30d8b225",
|
||
|
"indicator--32a10c7f-3c82-4c8b-8766-3e44d6ac7870",
|
||
|
"indicator--6997e2e3-b181-48d0-9da5-bf629b5de9b4",
|
||
|
"indicator--bf0e8173-9770-4307-8329-f41719027704",
|
||
|
"indicator--59547364-db43-4c9a-afc6-b7e39e9be2fd",
|
||
|
"indicator--5ccba526-fa0d-404f-8aba-19914f1edf9e",
|
||
|
"indicator--a6f786e9-8a29-49a3-850b-642f0d4563a9",
|
||
|
"indicator--408a82c7-6834-4ca8-9a8e-2ebcb1b15308",
|
||
|
"indicator--abd16fd0-19e2-4b9b-b14c-8d3081057dd7",
|
||
|
"indicator--e0af7147-9b8b-43e4-bfb7-a42f2fce452c",
|
||
|
"indicator--7cf9ff37-8293-4987-89da-b4eb81bb5c4d",
|
||
|
"indicator--19673405-e01f-4696-8069-ee6ee69bdc05",
|
||
|
"indicator--f6b9694d-6190-486e-8eae-63e5556c8c3d",
|
||
|
"indicator--ca3b431d-8853-4867-9eab-827685c24b77",
|
||
|
"indicator--c36623b5-b5a9-4983-8159-bda79298a059",
|
||
|
"indicator--9c46cf47-d808-4076-8850-0cc8a1b381be",
|
||
|
"indicator--446b7036-23d2-4d3e-af71-a5305024f691",
|
||
|
"indicator--061792c8-d321-4605-8ea0-39b3204a6c90",
|
||
|
"indicator--7fd8ff56-990a-419a-a260-8ac6f49676ec",
|
||
|
"indicator--a9b7cebc-98bc-419d-836d-ee33ef2cfc1f",
|
||
|
"indicator--1a288c93-01a0-4fa7-a15a-2fe3f77d32ff",
|
||
|
"indicator--63f4adae-01b0-459c-a5c1-cbb6de37179c",
|
||
|
"indicator--52982af2-5d85-4c84-a05d-b9d86a7c13f2",
|
||
|
"indicator--42e67512-d527-469d-8d9e-37f89162404a",
|
||
|
"indicator--57cc5253-a9ca-4d2a-b701-0a95f3974ad0",
|
||
|
"indicator--d613d620-f216-452c-8d3d-6fd321704f36",
|
||
|
"indicator--a5f4b662-a4ec-45c2-8929-0bb3791077ca",
|
||
|
"indicator--517e7065-9b0e-415b-8fbc-e3e0e80c132b",
|
||
|
"indicator--3d60bde8-5506-45d8-866c-8262c499ed43",
|
||
|
"indicator--523a26a1-c08c-4b6b-a47b-71255fd3ef91",
|
||
|
"indicator--d4651539-5d99-466b-b0d8-a186b6c86017",
|
||
|
"indicator--ef26bd65-1e7c-4ba5-881b-70fb93d10722",
|
||
|
"indicator--96749e37-6f8c-44e1-9096-e43595ea733e",
|
||
|
"indicator--2b41641d-7d9d-4a50-b655-7c589dffb607",
|
||
|
"indicator--d1602855-1ee1-4ae4-8729-f1abb18f6802",
|
||
|
"indicator--01abdc3a-1ec8-467e-a813-5d3ffcb99d21",
|
||
|
"indicator--212bea34-adb6-4534-b911-e79c0b3b66e7",
|
||
|
"indicator--5de6ace5-5cd8-4411-ae30-68e6e823fa71",
|
||
|
"indicator--e2a87abf-b466-4ca0-a52c-6515a84c5b8d",
|
||
|
"indicator--be337a4c-ff98-41f3-8f36-7a134803813e",
|
||
|
"indicator--bd70bd72-7db3-44a0-9863-eb2202552c02",
|
||
|
"indicator--ac9bc3a3-5ab9-4351-a17e-b91a243eaf5b",
|
||
|
"indicator--38afc77b-fd77-4109-ba61-b3870c2b56c5",
|
||
|
"indicator--b5bc59d0-2bc0-453e-a5c3-9a30b7e393a3",
|
||
|
"indicator--16eb733c-d4f1-4c16-b30f-cd3f2bc527a6",
|
||
|
"indicator--930907c5-f6e1-4ee9-9835-932a5d90a059",
|
||
|
"indicator--e51e8d5c-2512-44e4-89f8-0bf316a88a54",
|
||
|
"indicator--10f5c0be-70be-4d07-b006-31251e4bb69c",
|
||
|
"indicator--af08b906-d57a-439e-a289-a8abf9fa7ec8",
|
||
|
"indicator--85a840e6-cdb0-4d3c-bf69-605a19c15f19",
|
||
|
"indicator--fcadfe21-9397-44cf-8ab5-05333d7e4cb1",
|
||
|
"indicator--20c71cd0-bf51-4619-a3b5-d595079fbe3b",
|
||
|
"indicator--2e5a81d5-ccaf-458a-bb44-14aeb2646ca5",
|
||
|
"indicator--e476e602-3f9a-4d4e-9170-20d055a6cde8",
|
||
|
"indicator--a57eba23-64f8-4272-a0cf-e2f56a957d0f",
|
||
|
"indicator--f267c753-54ee-4e39-9b34-8420fd4a8a10",
|
||
|
"indicator--90d70bef-8ba5-4746-85d1-3c97f922c2a1",
|
||
|
"indicator--a5f27704-92a7-4a29-95ab-ec87dd629508",
|
||
|
"indicator--7ba97760-750d-4820-997e-3117785d9257",
|
||
|
"indicator--98189417-0dae-48b9-bff6-949af6e01b28",
|
||
|
"indicator--cb20da93-7103-4c07-b1c6-ff738c1ecb76",
|
||
|
"indicator--ed3e1a53-9e7c-4fd6-8d6e-27029f8bee1f",
|
||
|
"x-misp-object--08efc3c1-86a3-4276-a1ef-f3a2c5db7469",
|
||
|
"x-misp-object--b9e6b927-ce2d-4094-80de-9507c3700c38",
|
||
|
"x-misp-object--aa74ba61-2d36-42a4-88e9-b238dc2a8b92"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\"",
|
||
|
"misp-galaxy:surveillance-vendor=\"Cytrox\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--81efca44-80f3-4af5-8fb7-2adac09bc441",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'koenigseggg.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2e2f04a2-f118-4173-9c8e-0239bf1a2275",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'bitlly.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e96995ba-21b6-421c-ab76-2f9033027ba6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'newslive2.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--46501d2a-e0d5-433a-97a1-5c7a51e253fd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'uberegypt.cn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a285db2-47e1-460b-a29b-578eaef98360",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'yuom7.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6e3a2a11-8388-4df3-a8e7-0d0e3d738087",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'connectivitycheck.online']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5446169c-6ecf-4170-84d5-693592ee3658",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'webaffise.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8107c1fb-fd2f-41a3-977b-8960a5d4c378",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'ffoxnewz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--96a6b121-bac8-4cf1-8787-059df157d254",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'miniiosapps.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--09963b62-44aa-4818-9d98-c558f0273a15",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'audit-pvv.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--debc2347-209b-4537-ba70-7901c3dc7283",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'orangegypt.co']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--90a131af-f06b-463b-9e56-42d51a89deaa",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'youarefired.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7b706010-9ef4-45a5-a913-1e4162735294",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'aramexegypt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--255be985-8b0b-49a5-ad29-3d37fd0f3c63",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'mozillaupdate.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2fa975f4-7a1a-47b2-aa2a-e3f703b09ab2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'safelyredirecting.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b61d5c8c-8964-4e34-adb9-36e8245576cb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'mycoffeeshop.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--49021dea-5371-4d79-b093-4948ba0c3ff1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'bookjob.club']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--13f42f7b-c0d5-4281-8d83-561ec441c930",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtubewatch.co']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--24243169-8697-48a1-bb99-17bb1e37d4dd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'download4you.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--94220acf-d481-4f83-9aa0-3b6bb7c0177d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'cyber.country']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dadba41c-dc50-42a3-ad92-b3ad524c2fa8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'itcgr.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c4c8469-56e2-46c6-8ed7-13f54f662102",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'getsignalapps.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1e534a66-1732-40d8-bff7-6e760a9a2b85",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'clockupdate.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1a2d9b3a-810e-4de0-8453-906287ff2997",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'updateservice.center']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--993af816-13f6-4177-8df8-11a949b868d8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'crashonline.site']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--087f187b-3a41-4169-86aa-b1f76271dbec",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'speedymax.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--27d902d4-87d1-45c5-ae92-4db9d491ce22",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'safelyredirecting.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a9c4eaf8-9ea8-4c5a-af40-adcce69b9359",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'lylink.online']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d74372f1-bc95-426a-82f7-beb97d269dea",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'ferrari.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--901470be-ea4b-4080-99b8-6ffec8f5a5a6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'telecomegy-ads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d6696519-191e-4396-bc80-4095a4fca6b0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'tw.itter.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--09d36209-d326-4235-b3bf-40443c98c511",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'instagam.click']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--34ed38e3-7c6d-4c57-a839-620c1669b09c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:48.000Z",
|
||
|
"modified": "2022-01-30T10:22:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'distedc.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8aebd50d-ef2a-4402-a221-f50bef8e3480",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'alraeesnews.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--efa49e47-f6f0-45df-9d4d-af12c97249de",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'bitlinkin.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--003a463c-b29b-4364-81e4-74cde40801ae",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ewish.cards']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9b18b86d-745f-42f8-a7a2-c267c3797041",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'sniper.pet']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--485be54c-5794-4446-a0a3-67bfa4e50942",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'wtc1111.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--28127113-c787-407c-adcc-c1a1cbd03f3c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'newsbeast.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ebe02e6b-db9e-4bf0-a643-713bbd162773",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'in-politics.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f601391e-ebec-409d-a7ba-7abe6706692a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'wtc2222.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ac07bced-2620-4c9a-9825-d33c71129563",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'icloudflair.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4cf86a85-fd40-4310-bcb4-766f86104fe3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'omanreal.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7e6e9143-9521-4368-b75f-946791fa8c88",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'lexpress.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4ca0f5bd-f5b0-4358-95fd-6ac37ed422fe",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'chatwithme.store']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bd289319-bfd2-4457-8da3-7c86e4eb5432",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'link-m.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f0242937-a663-49d9-91a6-d9bef37d184e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'efsyn.online']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--70f73d47-44ff-495c-bb7c-f674701d149c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'mitube1.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--066398c3-48ee-49b7-ad63-963b5ee1026b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'updete.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cf85f4b1-cef7-499b-b1b4-82dc31b54a9d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'weathersite.online']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3a86a1be-a0a7-4b5b-b1ad-1d77b971dcff",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'llinkedin.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d14c16d2-076f-4f02-8936-18626086f961",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'api-telecommunication.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dad4879f-778b-4349-8d6b-13ff83e39150",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = '2y4nothing.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4ccdcdef-e94d-4f7c-98c4-067061db73f1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'updates4you.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5ae720ed-4497-4a02-a5b7-d2f0ec505129",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'fastuploads.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8d7c8719-1658-42a1-aeb2-94951be93893",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'kormoran.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bb1174df-0262-42b5-8993-dfbca988fe2a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'jquery-updater.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--95277b90-4b66-4b18-8523-ec395c7207fe",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'synctimestamp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--948b8dea-36f0-4709-8fa6-8073a3aebb3a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'bmw.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a059e603-2cc4-4d03-b537-24f7e9a2eacb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'insider.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8c4831ff-88e5-4bfd-8b9f-40c734af3144",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'smsuns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ddcb07c2-00c8-4762-9cc2-6177b57a47c8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'uservicescheck.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9010dfd7-e4e8-4e00-9266-c7b594ee3098",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'connectivitycheck.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3edfc428-bee7-404e-a38a-03ffca7d8825",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'newzeto.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cac2c444-a625-4574-b924-d3ebefc923d3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'hellasjournal.website']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--20a63ad7-9927-4644-9ebe-14e43d3598dc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'danas.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--744a4091-f302-4928-a3d9-e8babddd9529",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'enikos.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2da02320-e77b-4bfb-929f-9b322f284249",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'nabd.site']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1a411d21-2364-4298-ad20-a7212732dff6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'quickupdates.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f04f6fb9-2e63-4b50-911d-ce521e7af9c0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'trecv.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ff5a4722-b6d8-4019-9af0-3a6c591dfd3e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'we-site.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9b58b24d-4f1a-4079-a036-ff11ef863252",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'getsignalapps.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ce6e0ba9-89ba-4806-9869-0cc8aaa590ea",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'bi.tly.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--21f6f6a8-cf16-4a91-b142-2a5a3bf40904",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'kinder.engine.ninja']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--49bc9b6b-c1a3-4ad0-9a7d-a9eb2cf4c5bc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'nemshi-news.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8b89b16a-6e38-4b7a-99a1-a8f5792db563",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'yo.utube.to']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bbc93630-e44f-4a0d-ae60-922ffe9e0b93",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'instagam.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c70788c3-eca7-40d4-b662-cbab7a49a6b1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'svetovid.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6000ef97-f5da-40de-a188-024799603502",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'vodafoneegypt.tech']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--104689c1-9d29-4577-9d9e-9fb6f14da5e8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'cellconn.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e045fa9f-fc3a-4123-9cd4-3448061b97d3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'solargroup.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fe6b466f-62fa-48ac-ab2c-a92be207a833",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtubesyncapi.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b67703a6-5f6b-4d73-a27f-199821f73ed6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ancienthistory.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bf5d25ea-75de-472a-8310-15f5e0b4932e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'goldenscint.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2f367350-f35f-4ec8-adf0-d475a6eb7302",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'speedygonzales.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--81cae761-b61d-499c-ad2b-ae98c67f5bc3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'liponals.store']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e1a8674a-8801-4373-b2bd-d5b591c02d9f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'altsantiri.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--23a09185-6628-4af7-a388-ce657638553a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'viva.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f7dd2207-35c2-47ae-89b5-2a8bd2c042cc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'sinai-new.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dc8879b3-2fdd-45d8-88e7-b8482788a5b2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'eagerfox.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--db0c7980-ec7f-48d4-8f52-79b773832083",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'weathear.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8cbe0466-9c7b-49fb-989c-d2b3f4855a96",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'adibjan.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a1e0afc3-3cfa-4b2e-8dda-95c717b0da9d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'alpineai.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f0cadc91-b2be-4df1-8a68-581d21b6dcff",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'livingwithbadkidny.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--61f0ef41-183d-49d5-ae07-a2694af55919",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'espressonews.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--30da6c62-4d17-4aae-b16a-3f675297d52c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'olexegy.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--99309856-9569-45e7-9d5d-4910c12af72f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'blacktrail.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--90c4c296-a888-458a-a651-2d3aea700a45",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'yout.ube.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--09ec9968-d4d5-4d8e-a833-e63b7151db86",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'leanwithme.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--935bcab5-38e0-41ac-911d-2b9501398643",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'apps-ios.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--748caba0-792e-4d50-98aa-bb9973de74bc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'bi.tly.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1c00ba31-22af-4a47-81d3-133ee183085b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'fbc8213450838f7ae251d4519c195138.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2506b0da-f468-4cdc-a82e-a9dab7ffb204",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'fisherman.engine.ninja']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0b3993ca-f7cc-450a-ba56-9472951c2ef7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'politique-koaci.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--549abe91-8cb0-4b7a-ba5f-0046df003803",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'adultpcz.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--73a0329a-7b63-400a-97cd-e26dfa12929c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtube.gr.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0871e302-e849-4c77-a2d3-53c67dcf2719",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'yallakora-egy.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2e33ab1d-f4ec-42bb-9991-e6fdd621ca82",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'android-apps.tech']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2f29f944-733c-4b93-bbe7-9e98b72bb187",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'instagam.photos']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a91b2b7d-e0ad-427e-b79b-ca420a12a048",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'flexipagez.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2d9765d7-e61d-487d-825d-a41699a9741f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'ereportaz.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e229cdc0-aa20-46d1-afc3-8d6178a4fe37",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'kohaicorp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1152787e-ed89-4860-bd4c-eac820d3fd57",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'md-news-direct.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eaa84fae-1045-4efc-9f34-645782acd116",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'worldnws.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ee4de759-0ad6-48fe-a698-71987e9a2086",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'landingpge.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1feca209-54ad-4250-980b-c1213595059f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'etisalatgreen.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ca625364-45a8-4fb4-a919-365004a9d24a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'lamborghini-s.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--db2ba484-cfdc-4c5b-991f-14906020b97b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'nemshi-news.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a8ed5319-8b87-46f3-bce3-a228b2ba3d81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'teslal.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f811b4e9-128a-4ce4-b211-05bf34896abf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'hellasjournal.company']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3e1d9744-4318-453d-983b-db773ed4e003",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'bbcsworld.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e9e59dde-a35f-4170-87e6-030ee72d6845",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'fireup.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1337cc14-1b9c-4d37-a25d-bd736508041d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'goldenscent.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7ea3ac59-ee17-4530-8b81-c53d66fdccb3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtu-be.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--99433f06-e227-474d-9045-8e8af7be1f52",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'trkc.online']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--437fa889-e76f-44ac-9b17-83ef6d8f11e2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:49.000Z",
|
||
|
"modified": "2022-01-30T10:22:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'niceonesa.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4777a5d1-e638-42b0-95a3-7f88d99be990",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'api-apple-buy.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ded354aa-0ced-4165-9154-b1b1848e5d58",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'mifcbook.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d73627d-b4ca-484e-9983-936fe2509ddf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'symoty.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--01b6f708-1a03-45d3-8b1d-4cae8036359f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'cut.red']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--07450a98-9bc3-4fb6-adbf-cf710bac5846",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'dragonair.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ac57b5b8-68d4-4e43-bf71-3c345b6c8547",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'updatetime.zone']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d385ce8-bc5c-4a52-9ab3-958b67fadb33",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'shortenurls.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1de007be-18ec-4987-b71b-785a9ff63254",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'qwxzyl.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--73e43a97-2e2f-4a7f-87da-b379c17f13fa",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'invoker.icu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dbb91060-cfc7-47d7-96de-c88e70c62a2b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'nassosblog.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--13a740d1-d5e2-414e-9673-837d5fa433de",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtube.voto']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--75861ba5-a4ac-4daf-8987-9303658ec41c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'hopnope.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4d48f243-9a16-4a88-a79e-13d53445c9d2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'myutbe.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b516d270-21e1-4f29-a1a0-764911e8c8cf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'shortmee.one']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--deb22c9f-cb56-4197-9424-e08f9ba1ae32",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'almasryelyuom.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--10da3fbb-8412-4577-b26a-8858ab9f7b71",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'youtub.app']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a09f38b9-2f25-4837-b3b4-cf9dbc34ea77",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'elpais.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e10f7108-0b61-4122-ad2a-ac5fcc097f72",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'actumali.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d653dd3b-50e0-4168-855b-14ac89a31695",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bit-li.ws']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e663cf20-129e-428c-b3e3-ddaa86176059",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'fimes.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0a3f5bbd-8180-43cf-9c39-8413e2188fb5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ps2link.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dac7d9c5-1724-48a9-91e0-63e8fdd9e994",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tribune-mg.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fa8b1e27-b650-48f6-9eed-df46fb4acf6f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bumabara.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--febf276c-3a9e-4fd6-ab4d-04bc5822af78",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'simetricode.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--77a5a2fe-80a1-4030-a1ba-a6df896bd41a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ps1link.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--77641e2c-87d6-4462-a3ec-79ef3f39e0bc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'hellottec.art']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--038ea7ab-9500-4e0e-97d1-857234a7d2ec",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'stonisi.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f27e61ab-f594-4c80-aeec-cdc975e507ca",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'xf.actor']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2fe5b0a1-ac80-42c6-9e35-dd86c9198897",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ikea-egypt.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--171a043d-c5bb-4483-83ee-12976193d80d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bit-ly.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1eaaf3b8-9112-4b90-9215-68e0e71126e6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tly.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2f0d8b48-2ccf-4b12-bb10-1efc7e309911",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'nikjol.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eb45c367-fea6-40b7-9ab3-8d4f2eb8dfe3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'egyqaz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f6f1db9a-4053-4e23-96eb-6eea6fe592b7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ios-apps.store']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ecd35815-a4a2-4c62-82b8-647c68533168",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'serviceupdaterequest.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8af2791b-1ea1-4a82-b8c9-4d8d50f8cd17",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tovima.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cf6b3708-8f55-42a6-a613-4b9a7f8b4e59",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'wha.tsapp.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--980ad684-f736-417b-a656-c06228756e6f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'businesnews.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--97ba1829-a091-44c1-9455-61c31d07a4e3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tiol.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1db30066-a2ef-4ac0-8b1d-df030f595d9d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'mobnetlink1.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--18345894-209f-4f7d-beb3-708bfe43a1c2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'shortxyz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--257362fd-2770-4707-8599-fa65f8ad7d0a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ube.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--daf7ca58-8b52-4f62-9c5f-035e8bf0529a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'teslali.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b602a4e2-5ca8-4e85-ad09-57855044607f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'iibt.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7b5c8565-cfb5-43d7-97d2-180a2589d413",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'kranos.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4a7422c4-4688-4d64-839b-ddf90c946a1b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'solargoup.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4de4af8f-3ece-42bc-b40a-becd9523374a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'carrefourmisr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c1bcd463-8ba8-4602-983e-b07c8c50849a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = '5m5.io']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a45ac49-4b17-4cbb-a960-bc2af1a7dba7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'pronews.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b7a889c1-d2ae-480a-afab-590fa8a2a5ee",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'shortwidgets.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--89dc5738-d457-4823-a60a-94f21f72673f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'pocopoc.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6f8bcbd9-b94f-4f82-915a-b0d39c7ee3c4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'charmander.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1df46c75-7921-4308-9d75-e91430724ca2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'enigmase.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4fdeb5cc-a7de-4fe6-bdf3-0b9af4b880fb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'xnxx-hub.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b8ccb07d-2109-4d0b-83e0-7ef9ac907d0f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'proupload.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b3ca055c-e81c-4844-8c70-85ef9b1cf463",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'cloudstatistics.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--40bbaea3-00ff-468f-8add-d902e3b5c1b0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'burgerprince.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9a9c8608-9838-4dfb-854e-96975cf8b939",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'infosms-a.site']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3dcfbcca-074f-4981-a2df-ba5c828d984a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'heiiasjournai.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--baf8af4c-4a16-49fe-a2ca-39dd4d217986",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'citroen.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dfdc12cd-78c0-436f-9d9f-13d15b24e616",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ebill.cosmote.center']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8e9283c5-2053-470f-ac0e-1f1867e9e11a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'ckforward.one']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--973187cb-f794-480c-ab45-7870236cf63f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'syncupdate.site']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d0c0e15-a56d-4fb9-b6d4-c8b74feed731",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'shortely.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--259a7697-5957-4302-b237-7bcfafea0d94",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'canyouc.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--21d1bbcf-6b29-45bb-8984-2838acbcada9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'suzuki.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0fa4f763-1376-4214-ba31-b6e98819f416",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'makeitshort.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--121c8d12-90ce-4578-b89a-856fa1df547a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'amazing.lab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--388aaffe-3152-4fab-8428-36f2110c1888",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'protothema.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6863db87-c31f-4040-9d6b-4410dbb725f4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tinyurl.cloud']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d89f16cc-cb4d-4991-b224-f23214917175",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'conlnk.one']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c8fba428-3a34-4565-937b-f2494adbaf91",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'timeupdate.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d3d207be-fa7f-4748-8082-fe32084d1b19",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'localegem.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ecd8eaf2-dc91-43c4-825e-b6e5853d56e5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'tesla-s.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f3b34772-179d-4bcc-87d7-b2c70900b955",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bityl.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8fee3f0d-dcca-47fc-9097-40dbfc848c0b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'xyvok.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5315e7f4-aa10-4641-bbbe-6b1c7eb241df",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'wtc3333.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--95d39b25-592e-464d-9212-b564af06a4e5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'itly.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--81fa911d-c5af-42fb-b61b-288021e0cf3a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'heaven.army']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2668dfce-54f5-4fbc-b99b-faa0a21ef1ae",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'pdfviewer.app']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7e71dd5c-82b5-40b4-855e-6a80cb4acb1d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'teslal.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2f7a915c-a00f-4bb2-b862-66be4a250c9e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'nemshi.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e32d5970-af9b-4017-94e0-05fa64820cd4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bank-alahly.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--de46ff06-912f-45fa-8e86-2229efe4cbd1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'syncservices.one']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e6c9173b-44d1-484a-bf42-90b7aa74d1f2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'sportsnewz.site']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--70ef642d-57a1-41ea-b941-da4b5801c760",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'bit-ly.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a5ad04a7-dfd3-4c85-9387-ee322da7a24a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'newzgroup.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eda5157b-dcc3-4609-8002-f50710c04434",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:50.000Z",
|
||
|
"modified": "2022-01-30T10:22:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'guardian-tt.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c77d5da9-2488-4b78-a396-56893089b69f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'zougla.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--78c52144-60f1-4c7e-8986-0a0e9a2ae3d2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'wavekli.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--44e854d4-267a-4c1f-8b4d-dde49985030c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'fastdownload.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d200af18-edbf-4f8b-87c3-52045227e189",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'iosmnbg.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d5fff34d-eb00-4b37-8273-3b51fbb87995",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'oilgy.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b82a6099-2c5b-4562-a1f8-c385f5cead46",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'linkit.cloud']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4dfced26-0d23-4c22-ae8d-c1de4519582b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'url-tiny.app']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--73be604e-31d3-4b41-bcf5-e63690b35055",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'vodafonegypt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9dc12793-cb24-4761-bcbf-471ec47f585c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'cbbc01.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a76a122d-3156-46e2-815d-69b39734bd5d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'goldescent.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--90c431f9-fcc2-45e8-ab7d-56a3c271b066",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'bitlyrs.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--40abb731-15d2-467a-a435-8ce7de39cc0e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'niceonase.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dc850998-3aa8-4103-bee6-b70f4ea53628",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'link-protection.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fb1eeecb-61fa-4d8f-89d2-60ef8e8136ad",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'connectivitychecker.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c45e6ed2-2368-428f-a212-abce61b09865",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'url-promo.club']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d16d3fe3-c515-4420-9fb0-d21f0b60565c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'forwardeshoptt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--daa7def9-a735-4e8a-b3e6-18d9e78f37b5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'uservicesforyou.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--482b6622-30bc-4b62-bffe-c7dd3f336d29",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'playestore.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--097992c8-e640-40c2-9031-35f0976531ac",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'advertsservices.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f83be75e-53ff-4b62-8d9f-493651c10c35",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'servers-mobile.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--de9abd2f-8c29-4e73-8b6b-934ab2f5514e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mobnetlink2.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--72b9c18f-2b54-4aea-8540-33c76119814e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'guardnew.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e365f17f-3ddd-4b26-b73e-402268373aed",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sepenet.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--257a5633-f116-4d9b-8775-2bdb83d3f5f0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'z2adigital.cloud']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e8f7c662-b7f6-4257-ae60-79629bb5a91f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'instegram.co']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bcbd25ee-8c06-4713-8d23-f31c98004b3a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'browsercheck.services']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f35a869f-52e4-49c0-a354-118acb9ccffb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'static-graph.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fbf5f170-11e6-40b7-9ae0-65a00ec39314",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'cnn.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8f2aa532-d874-42f5-b2b6-9f64bd4bcc90",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'shorten.fi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e68bf835-515a-44bc-ada6-0ba42c331949",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'celebrnewz.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7664644e-31ad-4f60-9739-34237f6d81df",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'lifestyleshops.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6ca386b8-0289-488b-81b8-056e5851ce81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'pastepast.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a2c247a1-6df2-49dd-bb61-68a4f244ddda",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'snapfire.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--43387a03-7765-47aa-b5ed-d7c6bfb0f3b9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'omeega.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2ff9e891-845e-4db2-a960-14fdf7b5abbe",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'koora-egypt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9da56dc0-555b-43c6-849e-d395e513239a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'etisalategypt.tech']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c30fbf27-e36b-4dc7-ad5b-274dbe216442",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'yo.utube.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--23eb7677-9c5b-40f3-8db8-0db9d00bfca0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sextape225.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0de655ae-07ff-4809-84cc-3cfea8da58ef",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'supportset.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--093937c1-4034-4617-a9dc-e55dcb15a4f6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'getupdatesnow.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b77dffc5-435e-4aab-8246-3e0073599068",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'prmopromo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1be173ac-b016-4979-bfc6-32c1ea7019ce",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'ilnk.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2af63a3a-315c-498d-bb85-dcdecb26bc52",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'tsrt.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eece0b35-ae03-416b-b183-2bf5a4b0641c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'affise.app']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--947939ec-59ee-496e-ac18-9cbb5657563f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'telenorconn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f398103d-3f84-4c35-9223-71ecbc90f867",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mobnetlink3.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6993238b-037a-4768-a706-db895d6cff06",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'zougla.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1fa4b4d3-8601-499d-8fae-e21f7d0c398e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'myfcbk.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a0b446c7-0ce0-43b7-90b0-a3d277e7b1a9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'z2a.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c271cc6a-04c3-4004-a17f-9d28e742d360",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'engine.ninja']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3c6feb64-187d-4a26-acc0-9b2c877ef5e0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'gosokm.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--25b51862-e0ee-4eba-b346-2abae972932b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'z2digital.cloud']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1c6bb5e8-1a88-440d-b50d-2958b2961d96",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'utube.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a644a71a-7a07-4a23-92fa-648f30d8b225",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mlinks.ws']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--32a10c7f-3c82-4c8b-8766-3e44d6ac7870",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'redeitt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6997e2e3-b181-48d0-9da5-bf629b5de9b4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'updatingnews.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bf0e8173-9770-4307-8329-f41719027704",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'limk.one']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59547364-db43-4c9a-afc6-b7e39e9be2fd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'nissan.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5ccba526-fa0d-404f-8aba-19914f1edf9e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sports-mdg.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a6f786e9-8a29-49a3-850b-642f0d4563a9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'politika.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--408a82c7-6834-4ca8-9a8e-2ebcb1b15308",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sephoragroup.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--abd16fd0-19e2-4b9b-b14c-8d3081057dd7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'msas.ws']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e0af7147-9b8b-43e4-bfb7-a42f2fce452c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'orchomenos.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7cf9ff37-8293-4987-89da-b4eb81bb5c4d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mywebsitevpstest.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--19673405-e01f-4696-8069-ee6ee69bdc05",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'novosti.bid']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f6b9694d-6190-486e-8eae-63e5556c8c3d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'twtter.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ca3b431d-8853-4867-9eab-827685c24b77",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'nabde.app']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c36623b5-b5a9-4983-8159-bda79298a059",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'addons.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9c46cf47-d808-4076-8850-0cc8a1b381be",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'lexpress-mg.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--446b7036-23d2-4d3e-af71-a5305024f691",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'redirecting.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--061792c8-d321-4605-8ea0-39b3204a6c90",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mytrips.quest']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7fd8ff56-990a-419a-a260-8ac6f49676ec",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'bitt.fi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a9b7cebc-98bc-419d-836d-ee33ef2cfc1f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'landingpg.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1a288c93-01a0-4fa7-a15a-2fe3f77d32ff",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'lnkedin.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--63f4adae-01b0-459c-a5c1-cbb6de37179c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'linktothisa.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--52982af2-5d85-4c84-a05d-b9d86a7c13f2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'adservices.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--42e67512-d527-469d-8d9e-37f89162404a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'timestampsync.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57cc5253-a9ca-4d2a-b701-0a95f3974ad0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'olxeg.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d613d620-f216-452c-8d3d-6fd321704f36",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'bit-li.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a5f4b662-a4ec-45c2-8929-0bb3791077ca",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'weathernewz.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--517e7065-9b0e-415b-8fbc-e3e0e80c132b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'linkit.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d60bde8-5506-45d8-866c-8262c499ed43",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'onlineservices.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--523a26a1-c08c-4b6b-a47b-71255fd3ef91",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'guardnews.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d4651539-5d99-466b-b0d8-a186b6c86017",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'trecvf.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ef26bd65-1e7c-4ba5-881b-70fb93d10722",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'speedy.sbs']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--96749e37-6f8c-44e1-9096-e43595ea733e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'advfb.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2b41641d-7d9d-4a50-b655-7c589dffb607",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'qwert.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d1602855-1ee1-4ae4-8729-f1abb18f6802",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'alraeeenews.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--01abdc3a-1ec8-467e-a813-5d3ffcb99d21",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sitepref.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--212bea34-adb6-4534-b911-e79c0b3b66e7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'covid19masks.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5de6ace5-5cd8-4411-ae30-68e6e823fa71",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:51.000Z",
|
||
|
"modified": "2022-01-30T10:22:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'tly.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e2a87abf-b466-4ca0-a52c-6515a84c5b8d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'cloudtimesync.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--be337a4c-ff98-41f3-8f36-7a134803813e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'tinylinks.live']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bd70bd72-7db3-44a0-9863-eb2202552c02",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'itter.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ac9bc3a3-5ab9-4351-a17e-b91a243eaf5b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'bity.ws']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--38afc77b-fd77-4109-ba61-b3870c2b56c5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'tgrthgsrgwrthwrtgwr.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b5bc59d0-2bc0-453e-a5c3-9a30b7e393a3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'icloudeu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--16eb733c-d4f1-4c16-b30f-cd3f2bc527a6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'otaupdatesios.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--930907c5-f6e1-4ee9-9835-932a5d90a059",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'applepps.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e51e8d5c-2512-44e4-89f8-0bf316a88a54",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'paok-24.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--10f5c0be-70be-4d07-b006-31251e4bb69c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'inservices.digital']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--af08b906-d57a-439e-a289-a8abf9fa7ec8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'tinyulrs.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--85a840e6-cdb0-4d3c-bf69-605a19c15f19",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'tiny.gr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fcadfe21-9397-44cf-8ab5-05333d7e4cb1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'networkenterprise.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--20c71cd0-bf51-4619-a3b5-d595079fbe3b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'timeupdateservice.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2e5a81d5-ccaf-458a-bb44-14aeb2646ca5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'kathimerini.news']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e476e602-3f9a-4d4e-9170-20d055a6cde8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'atheere.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a57eba23-64f8-4272-a0cf-e2f56a957d0f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'hempower.shop']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f267c753-54ee-4e39-9b34-8420fd4a8a10",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'eg-gov.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--90d70bef-8ba5-4746-85d1-3c97f922c2a1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/data/local/tmp/wd/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a5f27704-92a7-4a29-95ab-ec87dd629508",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/data/local/tmp/wd/fs.db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7ba97760-750d-4820-997e-3117785d9257",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/private/var/tmp/hooker']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--98189417-0dae-48b9-bff6-949af6e01b28",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/private/var/tmp/takePhoto']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cb20da93-7103-4c07-b1c6-ff738c1ecb76",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/private/var/tmp/UserEventAgent']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ed3e1a53-9e7c-4fd6-8d6e-27029f8bee1f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"pattern": "[file:name = '/private/var/tmp/com.apple.WebKit.Networking']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-01-30T10:22:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malware=\"Cytrox\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--08efc3c1-86a3-4276-a1ef-f3a2c5db7469",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-12-16T10:47:45.000Z",
|
||
|
"modified": "2021-12-16T10:47:45.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"stix2-pattern\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "version",
|
||
|
"value": "STIX 2.1",
|
||
|
"category": "Other",
|
||
|
"uuid": "1b365d0e-c6ce-41c7-a801-53a7ebcd4bc8"
|
||
|
},
|
||
|
{
|
||
|
"type": "stix2-pattern",
|
||
|
"object_relation": "stix2-pattern",
|
||
|
"value": "[configuration-profile:id='76DAB334-7E17-475D-A5D6-0794EB5818A5']",
|
||
|
"category": "Payload installation",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6a35d1f2-6f77-43ea-93c9-16a90d20f4ff"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "stix2-pattern"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--b9e6b927-ce2d-4094-80de-9507c3700c38",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:22:52.000Z",
|
||
|
"modified": "2022-01-30T10:22:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"original-imported-file\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "attachment",
|
||
|
"object_relation": "imported-sample",
|
||
|
"value": "cytrox.stix2",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "2dc29630-ca09-4f31-a4d3-0516a6ba87e6",
|
||
|
"data": "ewogICAgInR5cGUiOiAiYnVuZGxlIiwKICAgICJpZCI6ICJidW5kbGUtLTRiNDc1YTVmLWVhNDctNGYyZi1hZWEzLWQ4YmE5YmQxYjZiNiIsCiAgICAib2JqZWN0cyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogIm1hbHdhcmUiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJtYWx3YXJlLS1hYjYyODY0ZS1lMjQ1LTQ4ODUtODc4Ni1hNjU2NjJiYjZkNmMiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIxLTEyLTE2VDEwOjQ3OjQ1LjI4NjgxMloiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMS0xMi0xNlQxMDo0Nzo0NS4yODY4MTJaIiwKICAgICAgICAgICAgIm5hbWUiOiAiQ3l0cm94IiwKICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogIklPQ3MgZm9yIEN5dHJveCIsCiAgICAgICAgICAgICJpc19mYW1pbHkiOiBmYWxzZQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbmRpY2F0b3IiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJpbmRpY2F0b3ItLTgxZWZjYTQ0LTgwZjMtNGFmNS04ZmI3LTJhZGFjMDliYzQ0MSIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg3MDJaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg3MDJaIiwKICAgICAgICAgICAgImluZGljYXRvcl90eXBlcyI6IFsKICAgICAgICAgICAgICAgICJtYWxpY2lvdXMtYWN0aXZpdHkiCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJwYXR0ZXJuIjogIltkb21haW4tbmFtZTp2YWx1ZT0na29lbmlnc2VnZ2cuY29tJ10iLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAicGF0dGVybl92ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg3MDJaIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJyZWxhdGlvbnNoaXAiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJyZWxhdGlvbnNoaXAtLWE0ZTBkZDMyLTRkMWUtNGU4Ni1hNDU0LTAwZWM5ZjQ1NTM4MyIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg3OTQ1WiIsCiAgICAgICAgICAgICJtb2RpZmllZCI6ICIyMDIxLTEyLTE2VDEwOjQ3OjQ1LjI4Nzk0NVoiLAogICAgICAgICAgICAicmVsYXRpb25zaGlwX3R5cGUiOiAiaW5kaWNhdGVzIiwKICAgICAgICAgICAgInNvdXJjZV9yZWYiOiAiaW5kaWNhdG9yLS04MWVmY2E0NC04MGYzLTRhZjUtOGZiNy0yYWRhYzA5YmM0NDEiLAogICAgICAgICAgICAidGFyZ2V0X3JlZiI6ICJtYWx3YXJlLS1hYjYyODY0ZS1lMjQ1LTQ4ODUtODc4Ni1hNjU2NjJiYjZkNmMiCiAgICAgICAgfSwKICAgICAgICB7CiAgICAgICAgICAgICJ0eXBlIjogImluZGljYXRvciIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb24iOiAiMi4xIiwKICAgICAgICAgICAgImlkIjogImluZGljYXRvci0tMmUyZjA0YTItZjExOC00MTczLTljOGUtMDIzOWJmMWEyMjc1IiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMS0xMi0xNlQxMDo0Nzo0NS4yODgwOTRaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg4MDk0WiIsCiAgICAgICAgICAgICJpbmRpY2F0b3JfdHlwZXMiOiBbCiAgICAgICAgICAgICAgICAibWFsaWNpb3VzLWFjdGl2aXR5IgogICAgICAgICAgICBdLAogICAgICAgICAgICAicGF0dGVybiI6ICJbZG9tYWluLW5hbWU6dmFsdWU9J2JpdGxseS5saXZlJ10iLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAicGF0dGVybl92ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg4MDk0WiIKICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAicmVsYXRpb25zaGlwIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiaWQiOiAicmVsYXRpb25zaGlwLS04Y2FmZjg4Ni01OWM1LTQ5NzQtOTAyYS0yYWIzZTZjODg3ZGYiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIxLTEyLTE2VDEwOjQ3OjQ1LjI4ODc5M1oiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMS0xMi0xNlQxMDo0Nzo0NS4yODg3OTNaIiwKICAgICAgICAgICAgInJlbGF0aW9uc2hpcF90eXBlIjogImluZGljYXRlcyIsCiAgICAgICAgICAgICJzb3VyY2VfcmVmIjogImluZGljYXRvci0tMmUyZjA0YTItZjExOC00MTczLTljOGUtMDIzOWJmMWEyMjc1IiwKICAgICAgICAgICAgInRhcmdldF9yZWYiOiAibWFsd2FyZS0tYWI2Mjg2NGUtZTI0NS00ODg1LTg3ODYtYTY1NjYyYmI2ZDZjIgogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbmRpY2F0b3IiLAogICAgICAgICAgICAic3BlY192ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJpZCI6ICJpbmRpY2F0b3ItLWU5Njk5NWJhLTIxYjYtNDIxYy1hYjc2LTJmOTAzMzAyN2JhNiIsCiAgICAgICAgICAgICJjcmVhdGVkIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg4OTI1WiIsCiAgICAgICAgICAgICJtb2RpZmllZCI6ICIyMDIxLTEyLTE2VDEwOjQ3OjQ1LjI4ODkyNVoiLAogICAgICAgICAgICAiaW5kaWNhdG9yX3R5cGVzIjogWwogICAgICAgICAgICAgICAgIm1hbGljaW91cy1hY3Rpdml0eSIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInBhdHRlcm4iOiAiW2RvbWFpbi1uYW1lOnZhbHVlPSduZXdzbGl2ZTIueHl6J10iLAogICAgICAgICAgICAicGF0dGVybl90eXBlIjogInN0aXgiLAogICAgICAgICAgICAicGF0dGVybl92ZXJzaW9uIjogIjIuMSIsCiAgICAgICAgICAgICJ2YWxpZF9mcm9tIjogIjIwMjEtMTItMTZUMTA6NDc6NDUuMjg4OTI1WiIKICAgICAgICB9LAogICAgICAgIHsKIC
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "format",
|
||
|
"value": "STIX 2.0",
|
||
|
"category": "Other",
|
||
|
"uuid": "636a8777-490d-42d5-850b-589ec0cd32e2"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "original-imported-file"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--aa74ba61-2d36-42a4-88e9-b238dc2a8b92",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-01-30T10:24:08.000Z",
|
||
|
"modified": "2022-01-30T10:24:08.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "link",
|
||
|
"value": "https://github.com/AmnestyTech/investigations/tree/master/2021-12-16_cytrox",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "01a90efd-c99f-41ee-95e9-71714756e58c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "summary",
|
||
|
"value": "This repository contains network and device indicators of compromised (IoCs) related to the IOS and Android spyware tools developed by the cyber-surveillance company Cytrox. These indicators were first published in December 2021 by Meta in their Threat Report on the Surveillance-for-Hire Industry and by Citizen Lab in their report Pegasus vs. Predator - Dissident\u2019s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware. Additional indicators of compromise were identified by the Amnesty Tech Security Lab as part of an independent investigation.",
|
||
|
"category": "Other",
|
||
|
"uuid": "d7ebf909-06c5-4ed9-9bb5-193eab1182a5"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "Report",
|
||
|
"category": "Other",
|
||
|
"uuid": "71bdc154-7709-433b-b9c9-8d183a435474"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "report"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|