misp-circl-feed/feeds/circl/misp/0fadc113-6e22-4524-96b1-7b8fc98fa64c.json

332 lines
9.3 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2020-11-09",
"extends_uuid": "",
"info": "OSINT - Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware \"one\" Group via Cobalt Strike",
"publish_timestamp": "1604914975",
"published": true,
"threat_level_id": "1",
"timestamp": "1604914828",
"uuid": "0fadc113-6e22-4524-96b1-7b8fc98fa64c",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:ransomware=\"Ryuk ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:malpedia=\"Cobalt Strike\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "6b0610ec-fe93-41e9-b23b-379b25e2f544",
"value": "check1domains.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "2536fb8b-dd20-41ef-a580-55deb79446af",
"value": "sweetmonsterr.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "399d130a-0c71-4194-9d11-b3483a5e9041",
"value": "qascker.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "b382bd4c-76c3-4ec2-b768-eb45849ce068",
"value": "remotessa.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "1e625f9b-493c-4015-ab47-72b1971202cd",
"value": "havemosts.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "4fc21643-6cb7-4e5f-aea7-bad4024e54df",
"value": "unlockwsa.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "c41b1b8f-50e8-45d1-8542-1e26b9908f94",
"value": "sobcase.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "3101bc91-74a3-4163-b5ee-2207f757c20c",
"value": "zhameharden.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "48935a10-cc47-4880-af23-4364c7e7ae37",
"value": "mixunderax.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "f75c74f9-f2b5-4b5a-8404-57e33c04c014",
"value": "bugsbunnyy.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "b4c14a73-44cf-4d93-aabc-6175f062786a",
"value": "fastbloodhunter.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "8459d57b-4d03-4a94-8bec-78cfa1a318a1",
"value": "serviceboosterr.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "b177c07b-94c6-4c88-851d-3d3e36bf604b",
"value": "servicewikii.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "fb90a640-17e3-4c26-b50f-e0861295c262",
"value": "secondlivve.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "beab0436-d5bf-4625-a71d-9d9bdaf10ad0",
"value": "luckyhunterrs.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "da14c486-89e5-44c8-8722-0989f7691ecf",
"value": "wodemayaa.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "83bc6856-3a5b-49c7-866a-c8e05d8f49f2",
"value": "hybriqdjs.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "a670a832-fa18-4cfb-8e9c-4f4f788542f7",
"value": "gunsdrag.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "f56a75d5-db37-4b15-b8d7-5d09d1f078a2",
"value": "gungameon.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "207008f3-f173-4774-86d1-5c1be1cc383b",
"value": "servicemount.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "05a70842-6bbc-4441-b5c6-fac100840497",
"value": "servicesupdater.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "128049f4-898d-4d60-821c-b9e80f5b335e",
"value": "service-boosterr.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "f0ef8f00-71d4-411c-96f6-5e3409677484",
"value": "serviceupdatter.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914434",
"to_ids": true,
"type": "domain",
"uuid": "64c4fe90-54c0-49d0-ac60-dbdc6d0015fe",
"value": "dotmaingame.com"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1604914593",
"to_ids": false,
"type": "link",
"uuid": "01b3d607-413e-4343-a336-c4684d0aa060",
"value": "https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike"
}
]
}
}