misp-circl-feed/feeds/circl/stix-2.1/a52a070a-6925-41ea-94d8-56f0d85dc268.json

858 lines
35 KiB
JSON
Raw Normal View History

2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--a52a070a-6925-41ea-94d8-56f0d85dc268",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:37:26.000Z",
"modified": "2023-05-12T08:37:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--a52a070a-6925-41ea-94d8-56f0d85dc268",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:37:26.000Z",
"modified": "2023-05-12T08:37:26.000Z",
"name": "An Analysis of Infrastructure linked to the Hagga Threat Actor",
"published": "2023-05-12T08:38:33Z",
"object_refs": [
"indicator--cbead78b-f2b6-4279-9f9b-760420d366ab",
"indicator--df26f1d2-1e2d-480c-946c-69f4e3f0d617",
"indicator--158e7dbc-fd60-4031-a302-26097b8e5d8c",
"indicator--46c1065d-66f2-4ccb-bbf3-1459eec881cf",
"indicator--324ce2c6-7e04-44ec-9325-82b5225a8101",
"indicator--4e6dc86f-c996-4c8f-a550-ee15bac5f7f3",
"indicator--72216c98-e591-4d6b-8d48-82762ddb0627",
"indicator--22e8ab53-be66-4b46-9c57-294a65ba2fb2",
"indicator--aa88e877-b1ba-4ec1-947b-c2d206dd9080",
"indicator--cba90e06-b842-4ab4-88a7-79367207d0a5",
"indicator--1f35f404-9f60-47dc-81ea-45edcef1e5ef",
"indicator--314039bb-5998-48e4-9fda-366c65db0b22",
"indicator--64aa2a2d-e351-4b48-9672-3a8e75bcb275",
"indicator--73dd3d56-9652-4d7b-b5f9-8ad6d153731a",
"indicator--fddf65bc-c9d4-4ee6-b05d-09ba4fb80dec",
"indicator--3129cd28-319d-4dc2-9463-1d31a8765ea4",
"indicator--1820bf2f-6410-4830-8672-ed85eb2532d1",
"indicator--6d25aa36-58a8-4777-81bb-bfe23b687d20",
"indicator--96ee6d7b-1203-4ae0-a32c-a434d9d27adb",
"indicator--1c51ef63-4dfb-4cda-a671-07e4a69ad04a",
"indicator--14363f7a-3cb3-4a28-906d-f6b23fe733a4",
"indicator--c6b8a7a9-6bd0-471f-9041-acb3d06dd018",
"indicator--fc0bf391-fa33-44be-8ea5-6be15d45e663",
"indicator--20cbb332-3782-46b6-877c-70d333be8b7d",
"indicator--766f6112-f59c-476b-b1f4-d48fa6239f0d",
"indicator--e06a5dc4-7e23-4a7c-bed7-8c5df6f2cce8",
"indicator--8cb4bf09-5189-40bd-922e-f8751d0fe54b",
"indicator--b0e5b109-770c-42f6-9dfe-7fe1f369ffc4",
"indicator--6e1db3ae-4cbf-46fa-94ce-5ee82155a3aa",
"indicator--dfdd3cf2-4e94-4cdf-8a70-2e54e31ebc43",
"indicator--ed8cbf47-92ea-45bf-a96d-7c11023c7818",
"indicator--a43ec7e2-60be-4549-a138-b844baaa16eb",
"x-misp-object--56e527ae-8733-430e-8a6d-ec5f5b0c7cc8"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"",
"misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"",
"misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cbead78b-f2b6-4279-9f9b-760420d366ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.151.122.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df26f1d2-1e2d-480c-946c-69f4e3f0d617",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.157.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--158e7dbc-fd60-4031-a302-26097b8e5d8c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.154.226.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--46c1065d-66f2-4ccb-bbf3-1459eec881cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.21.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--324ce2c6-7e04-44ec-9325-82b5225a8101",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.143.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4e6dc86f-c996-4c8f-a550-ee15bac5f7f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.143.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72216c98-e591-4d6b-8d48-82762ddb0627",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.32.217.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--22e8ab53-be66-4b46-9c57-294a65ba2fb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.31.98.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aa88e877-b1ba-4ec1-947b-c2d206dd9080",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.133.105.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cba90e06-b842-4ab4-88a7-79367207d0a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.105.142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f35f404-9f60-47dc-81ea-45edcef1e5ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.153.77.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--314039bb-5998-48e4-9fda-366c65db0b22",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.174.99.181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64aa2a2d-e351-4b48-9672-3a8e75bcb275",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '161.129.64.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73dd3d56-9652-4d7b-b5f9-8ad6d153731a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.94.209.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fddf65bc-c9d4-4ee6-b05d-09ba4fb80dec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.27.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3129cd28-319d-4dc2-9463-1d31a8765ea4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:55.000Z",
"modified": "2023-05-12T08:20:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.20.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:20:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1820bf2f-6410-4830-8672-ed85eb2532d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'mobibagugu.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d25aa36-58a8-4777-81bb-bfe23b687d20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'mobibanewdan.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--96ee6d7b-1203-4ae0-a32c-a434d9d27adb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'mohbeebnew.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c51ef63-4dfb-4cda-a671-07e4a69ad04a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'mubbibun.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--14363f7a-3cb3-4a28-906d-f6b23fe733a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'cdec22.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c6b8a7a9-6bd0-471f-9041-acb3d06dd018",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'vncgoga.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc0bf391-fa33-44be-8ea5-6be15d45e663",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'bakuzamokala.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--20cbb332-3782-46b6-877c-70d333be8b7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'warnonmobina.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--766f6112-f59c-476b-b1f4-d48fa6239f0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'abotherrdpajq.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e06a5dc4-7e23-4a7c-bed7-8c5df6f2cce8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'mobinomomuam.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8cb4bf09-5189-40bd-922e-f8751d0fe54b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'workflowstatus.live']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b0e5b109-770c-42f6-9dfe-7fe1f369ffc4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'heavy-dutyindustry.shop']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e1db3ae-4cbf-46fa-94ce-5ee82155a3aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'microsoftiswear.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dfdd3cf2-4e94-4cdf-8a70-2e54e31ebc43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'update.newbotv4.monster']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed8cbf47-92ea-45bf-a96d-7c11023c7818",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'newbotv4.monster']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a43ec7e2-60be-4549-a138-b844baaa16eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:22:11.000Z",
"modified": "2023-05-12T08:22:11.000Z",
"pattern": "[domain-name:value = 'bot.statusupdate.one']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-05-12T08:22:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--56e527ae-8733-430e-8a6d-ec5f5b0c7cc8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-05-12T08:20:34.000Z",
"modified": "2023-05-12T08:20:34.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor",
"category": "External analysis",
"uuid": "e2725b60-e687-4516-991a-9bb20e24b0c3"
},
{
"type": "text",
"object_relation": "summary",
"value": "An Analysis of Infrastructure linked to the Hagga Threat Actor\r\nSummary\r\n\r\nAs this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future threats. A well resourced team with access to the right tools can monitor changes to adversary infrastructure in real time, discoveries can become strategic advantages when fully exploited. This blog is geared towards the practitioner threat hunters and threat researchers, anyone reading this with the bottomline in mind should take a look at our economic study here first.",
"category": "Other",
"uuid": "88556307-b345-4a83-b55a-091ad1bed69c"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "89b0ee8b-f0ac-448b-8c3a-ca38b78b9af3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}