2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2022-12-19" ,
"extends_uuid" : "" ,
"info" : "OSINT - QNAP worm aka Raspberry Robin" ,
"publish_timestamp" : "1671457942" ,
"published" : true ,
"threat_level_id" : "4" ,
"timestamp" : "1671443120" ,
"uuid" : "0ebe51c2-31f1-4ba4-b7ab-1f5e62531e45" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Raspberry Robin\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#004646" ,
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441766" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "cb31d5aa-fe8e-4489-ae28-4310e5e0fc03" ,
"value" : "03s30.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441766" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f9137b71-bfbf-48d8-a668-c0236e087f02" ,
"value" : "0dz.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441766" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "13024c29-51b2-46dd-a921-7d8e1dc5775e" ,
"value" : "0e.si"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441766" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "758d0298-85ed-4c67-87b1-bfb7a43d75ba" ,
"value" : "0i.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "73c78cac-6af2-49f9-9a6c-420b379bcfdb" ,
"value" : "0i.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3c8a2966-e151-47a7-a8d1-57b35d135faa" ,
"value" : "0j.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "518c0382-d276-4439-92bd-24c83a4561b7" ,
"value" : "0j.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b7f6702e-d5d0-489b-a580-b7b78790a380" ,
"value" : "0p.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "aa3dcada-6c13-4564-9f73-a0335b43bafa" ,
"value" : "0t.yt"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2fea340f-896b-493a-b97f-5fc88ec24785" ,
"value" : "0v.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1342a252-3cdb-42ad-b296-404fefabda2c" ,
"value" : "0w.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1800718f-4276-45d9-b227-c82e02191e54" ,
"value" : "0x9.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7c876b16-533b-428e-9288-04e5da832706" ,
"value" : "13j.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ad5d1222-ce53-4445-ae6b-22751380e8d8" ,
"value" : "1h3.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3a1e9148-4ea5-42bb-aea1-549bfac00ad1" ,
"value" : "1i.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c8fab75b-f3f8-471d-b4b8-e7da5aec0966" ,
"value" : "1j.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1b0227bb-221a-4026-9252-dffff31ba131" ,
"value" : "1j4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "335a647e-a90c-4db6-847f-b339333a96a0" ,
"value" : "1k4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8be37180-6ff3-4977-a542-6f3e73ff0a50" ,
"value" : "1n4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fa14609a-bcfb-4962-a110-8884a0fa398d" ,
"value" : "1u.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b52486bc-7502-4017-98a6-f495ce47baab" ,
"value" : "1u.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1a181051-a965-4677-b6d9-3e0f32346329" ,
"value" : "21k.website"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "44d91ad2-8127-43e0-bb4a-7d280e2cb5dd" ,
"value" : "27o.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ac62460a-d312-47b6-a2c4-9c38ab8d622b" ,
"value" : "2i.nu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9852e885-6187-4f93-8db6-e266bc84c99e" ,
"value" : "2i.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "082e17c6-0a51-4603-8c0a-49978bb007b7" ,
"value" : "2i.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c681d300-444a-4d6e-9581-801edc074f19" ,
"value" : "2j4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "df252477-5100-46f0-834d-56b11c879301" ,
"value" : "2jks.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "13f2606a-5807-4cc2-bd19-b8a7c7a89323" ,
"value" : "2kbq.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3d689955-65aa-46dd-bbb8-8d41618c1922" ,
"value" : "2t.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ab32e42f-29be-4f6e-8e4f-7cbd91a65ece" ,
"value" : "2t.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7a661fa4-c125-4d8a-98f1-f766762465c5" ,
"value" : "2um.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9aa0d49b-348f-4c33-93d8-ecbc22792843" ,
"value" : "2yd.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "50fd3b28-7f34-4e54-a6f2-265c29e40523" ,
"value" : "3e.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "06b7404d-a331-40c1-a4eb-f3546e4bcae8" ,
"value" : "3h.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c5e5aec1-52a2-4ab0-9fc4-c826075e703a" ,
"value" : "3h1.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "4139a465-5894-49a3-996e-2bdac0aff36b" ,
"value" : "3lzj.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a6353d14-77ee-44cb-b4e4-8f31db33eafe" ,
"value" : "3p.ms"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3ac29d6e-9f5f-4c2e-b68b-5008d643c722" ,
"value" : "3z.nu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3b208b0b-381e-4a4a-b017-3f1d0c79e979" ,
"value" : "4aw.ro"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "70d262a3-c8f3-4a62-b8e4-9f701b3a47a0" ,
"value" : "4c.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b02dcadf-019a-4a1e-bd5c-2257cba4d96f" ,
"value" : "4j.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5cf61fa2-cf33-4592-92e1-2b01d845292f" ,
"value" : "4j1.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1cdb15c5-7d1c-4c4b-8640-1cea926705a0" ,
"value" : "4j5.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "73147215-3645-46b6-988f-caf7759359dc" ,
"value" : "4k1.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6f7041eb-1d19-410f-825d-7e7e0bc2d806" ,
"value" : "4kx.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "cfdc5b83-aa9a-45ee-af2d-b300c3649278" ,
"value" : "4m.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1fe32bf3-70c5-4c67-8120-a87e775c667f" ,
"value" : "4n.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e2fbe282-1aef-401f-988d-5732ecbc3658" ,
"value" : "4q.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e39d7a10-e379-45b0-964c-b755b41a7394" ,
"value" : "4s.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "426d0b10-64bc-46e2-8226-92f909ff53d1" ,
"value" : "4s3.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "972ea084-a516-41e7-bdd6-ef1b49105d75" ,
"value" : "4w.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "715ce51d-e3fe-4beb-85a9-5728dbcda2ef" ,
"value" : "4w.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6c0ff296-037b-4b65-8380-31d80767e8d5" ,
"value" : "4w.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7e7b2978-1410-4d24-9fe4-b890ba5ed5bc" ,
"value" : "4xq.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7326c4a9-727f-4b61-b1be-403bffc49c90" ,
"value" : "5ap.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0da10963-3c11-4c47-a832-682895907df4" ,
"value" : "5g7.at"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3b771589-417b-4957-b713-95709bb147f5" ,
"value" : "5j8.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "dfeb6e55-e066-4ff1-ad3a-097d63ef7d37" ,
"value" : "5jb.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "36ede7ea-74ae-41b8-b23a-50d7552eea31" ,
"value" : "5jk.club"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "276c754e-60ff-476b-a11d-d03dca0df8f5" ,
"value" : "5kj.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c5212bd5-aa7c-489c-b899-e97e3f4c271e" ,
"value" : "5kx.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "29ac9533-2f77-41ce-a7e2-af96c180abae" ,
"value" : "5qe8.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1b674845-cbe1-4908-b0f2-241b5aa6951d" ,
"value" : "5qw.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1b276564-8dc8-4eab-a5e4-06a8ef185dff" ,
"value" : "5qy.ro"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7c9d843b-77c7-4ef6-9a51-3863866f5523" ,
"value" : "5s.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e5b29a97-7196-47f8-ad21-4a4a9e2adc12" ,
"value" : "5v0.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "62634849-6bc2-4fc4-ae22-267762c4e6a8" ,
"value" : "5z.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f6762a31-3477-44f0-ab06-aed59ed0f562" ,
"value" : "5z.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b21c5805-1e3d-4919-b8a6-edc8b2667d6e" ,
"value" : "60i.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "eff3ec09-2d72-42b7-aa77-91d49a5c5509" ,
"value" : "66j.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5035f976-6838-4f20-8e61-36ef99e26771" ,
"value" : "6ax.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "154a7e94-8deb-45cf-b294-2539635484f2" ,
"value" : "6gcr.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ecd60927-356f-414a-871a-2a1ecd3f567c" ,
"value" : "6id.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c2228cbd-365a-4762-a6be-d6f3bf7ab4bf" ,
"value" : "6j2.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "62023b08-2687-4a2d-a5f1-c405856c6c39" ,
"value" : "6qo.at"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7140b55e-67d6-47b3-8450-09fa02a7d702" ,
"value" : "6t.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b5b9b43d-c312-4dab-90ce-3cd36c5fc6f5" ,
"value" : "6t.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c86cd3a7-5f0b-41b4-a723-a6e2bc965095" ,
"value" : "6t4.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7e91e10a-2a87-4f90-b71b-37adc886ae9c" ,
"value" : "6uy.at"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "68e364b9-0bd7-42fc-8736-e1f69ce28fa9" ,
"value" : "6w.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e639c93a-6450-41e6-b5a3-8c8fd7277f68" ,
"value" : "6wr9.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7f6b0ea3-c3dd-4950-bc47-827b221a1ed7" ,
"value" : "6xj.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ebdfea59-e2dd-47cd-b6ba-2e552a48d815" ,
"value" : "6y.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7e24d173-1ed5-4edb-ae1f-deb9dac1a6b8" ,
"value" : "79r.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "cbdde65f-8a50-4c49-810d-77c306afd4c6" ,
"value" : "7d.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "275e207a-ecd0-4f6d-b75f-f6643c343695" ,
"value" : "7d.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fbf8c793-37f4-415e-b835-0dccd365f525" ,
"value" : "7yfb.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c8b69cc0-64ce-40d8-b4a1-bcea42b7b73f" ,
"value" : "8t.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d99fcf05-1782-4a76-97fc-11980400b5f1" ,
"value" : "8t.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441767" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6a7345f8-8950-4874-94b7-a4a2076d053f" ,
"value" : "9r.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a04003b9-e918-4305-80f3-8a93756bf065" ,
"value" : "9r.sk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8b4025a8-3a6b-4397-ba28-7282159ea66f" ,
"value" : "a0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "bdc6549a-d120-4f2f-b849-0aad16e696cd" ,
"value" : "aij.hk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f9c4b5b1-dd7a-48fe-9de2-14c3ead2f3ce" ,
"value" : "as3.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "157501d2-ed48-4319-8408-591d47992e10" ,
"value" : "b3vv.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fcc8ca3c-ce57-4a20-b64c-a594eaef51e1" ,
"value" : "b8x.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9bb37e82-5f95-4c38-af73-42f5ef774efb" ,
"value" : "b9.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3aa2653f-45f0-4fd5-b9b9-481e16df488c" ,
"value" : "bcomb.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0cf5b70f-ae08-4fe2-b17c-8a0ed780afea" ,
"value" : "bo2sv.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "afe125d0-cac4-4dbb-86af-f0a8540ec197" ,
"value" : "bpyo.in"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "86464d8d-457f-4407-9933-e1d97fce1e0b" ,
"value" : "c0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "22a2ad94-1122-480d-ad65-1b25795058f0" ,
"value" : "c4z.pl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "41083164-f714-4e7d-a0de-18d24e1a6746" ,
"value" : "c7.lc"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7013ae3b-6908-417c-872f-9fae33f6a128" ,
"value" : "cb3u.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "01c2726f-77a0-465b-b0fb-91b572bffec6" ,
"value" : "d0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ca8f4268-2950-4ebe-b443-3118b973682a" ,
"value" : "d4j.club"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5988cb26-a1f4-4a46-be3b-172e9fb1f445" ,
"value" : "dj2.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "eab8228e-60ab-44e9-be88-e366a235e7e1" ,
"value" : "doem.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8eda6b78-cf59-4d4c-b761-668729db4e3f" ,
"value" : "dsi.mk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a3b96aab-8b3e-428b-9de8-9741f629ab36" ,
"value" : "e0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "edb25eef-c613-43dd-a4e0-6da3e7c0a6e6" ,
"value" : "e9.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7b226ee8-65de-444c-8da4-ee6cdf2ac29f" ,
"value" : "egso.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e4e29065-ca30-4fee-9dad-c9e7c790ef0f" ,
"value" : "ej3.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "966fa2fa-44f6-4423-a44a-71853f103e06" ,
"value" : "ejk.bz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ab6e4045-d470-4216-bd6d-8d0276ebdb09" ,
"value" : "ejk.li"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "dc5914a1-0315-4247-bb5d-758ec0e52737" ,
"value" : "euya.cn"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "13689d8e-3ad0-4116-aad6-748f626b89a2" ,
"value" : "eznb.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c4a7865b-9a11-4076-94fd-e6ae4321f48d" ,
"value" : "f0.tel"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d9873050-4a42-482c-9661-93a9dc547d6d" ,
"value" : "fgcz.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "bf561941-5a8c-41fb-b9cd-b719440ef1a9" ,
"value" : "fnx.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d990861c-25b9-417c-95e9-33cfad3fbc52" ,
"value" : "fxb.tw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "41bed45b-24e9-4544-92b3-c6698061fc7f" ,
"value" : "fz.ms"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "71548cbb-0df4-45f8-a2bf-c380a2a23410" ,
"value" : "g0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f7bf7cec-d28a-43f9-a122-ab59e1511f79" ,
"value" : "g3.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "4d17873a-e80c-440d-8ec8-b450c4ca6ed1" ,
"value" : "g4.nu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ea77ffa1-45f5-4c2f-ba1b-7d5b1e7aba87" ,
"value" : "g4.tel"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8c987922-5569-4602-a655-e8ff1a6f475c" ,
"value" : "g4.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "74f9449f-6b9b-4ded-97fd-b7fc5e2a01f7" ,
"value" : "getmyfile.click"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0ba27902-1562-491f-a07b-16ea65628f24" ,
"value" : "getmyfile.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9dbe222c-a5ca-4f70-96fa-f1b938968f53" ,
"value" : "getmyfile.link"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7b855019-b2bf-46b5-8b05-e3ae92cf4df6" ,
"value" : "glnj.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7002684d-5768-482c-94e0-536e43e36e89" ,
"value" : "gloa.in"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "31513a41-ae4b-49ef-b55b-0417beb19720" ,
"value" : "gz.qa"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "4cb5cb02-3498-4e43-b6dd-39a1e0f12dca" ,
"value" : "gz3.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6f9aefc8-e628-4f3d-8083-91ade72ddb6f" ,
"value" : "h0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "698d3bd0-be71-4ad4-9346-118b3e7138a0" ,
"value" : "h0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d6ac5848-acd5-487f-a991-32d4594ce085" ,
"value" : "h6.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f312e637-6d37-42e6-89db-33862cfc53f8" ,
"value" : "i0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "68c1cce9-cb1a-4141-be31-abf1f5092eb4" ,
"value" : "i0up.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "88561fb9-f9c3-4c35-a1aa-5622c9699f02" ,
"value" : "i1.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "17cb1c6c-d01b-4541-b03e-b7f1f9ee5ab3" ,
"value" : "i49.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d2eb1970-c337-4e7b-80df-a40bc0973f6a" ,
"value" : "i4x.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3ad00795-589d-4cac-8ebc-148cfec832ac" ,
"value" : "i6n.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "092c2afe-15ce-4976-bfe6-af512860d11c" ,
"value" : "iyw5.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d8d986da-886b-4370-97db-dcf740e59b62" ,
"value" : "iz.gy"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "90643393-a341-41e1-92f3-aa735fc848b8" ,
"value" : "j1n.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "18b44377-7389-4a74-8a43-1019da17fd7e" ,
"value" : "j2.gy"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2fbaf3f7-bc52-4b7a-99bc-35aef9177b59" ,
"value" : "j3n.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fec38676-707c-40b5-964d-0af571004fbc" ,
"value" : "j4r.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "44f9a258-23c5-4b6f-9610-8447a7c0d716" ,
"value" : "j4z.co"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e4b2026c-6684-4da5-bccf-dadfc6439386" ,
"value" : "j4z.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3acda878-9a09-4485-97a1-b0d7d7e69627" ,
"value" : "j5m.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "eb18dfe4-76a6-4f4b-bf37-f063946fd232" ,
"value" : "j5n.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "82585293-3047-4f49-b519-3cef85fc214f" ,
"value" : "j68.info"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8e8596ca-dd98-4dd3-9b53-6b59b85e6437" ,
"value" : "j8.si"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "33288511-ea3b-4d9e-b47e-1f7f0f7917e3" ,
"value" : "jjl.one"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "91020589-5ba7-41db-b3f8-6f3ae570aa39" ,
"value" : "jrtz.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6d6cbd04-a68c-41db-b29d-e4e4c64f025c" ,
"value" : "jrx.fr"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "347c0396-d7cf-48be-8974-691522d49720" ,
"value" : "jrx.tw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c019e48a-8811-4121-8107-7b9febb9cd28" ,
"value" : "jzm.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c356bdf7-1d08-4e24-8e34-f75ba2e9333b" ,
"value" : "k0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e2165d59-90bd-4d3f-a6c8-34a3938ce8cb" ,
"value" : "k1n.club"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c161810c-c301-4c0d-a601-4007a153f238" ,
"value" : "k5j.one"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "92fef36c-3a97-44ab-9534-0c5b217316dc" ,
"value" : "k5m.co"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "be59de04-fdb1-49cc-8033-f052d8057c61" ,
"value" : "k5x.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f96671c9-33a6-4e87-8974-e92530f70e83" ,
"value" : "k6c.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8bd24384-5c85-43cb-9a7a-57fdf4e910c4" ,
"value" : "k6j.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2515959a-b108-4a29-a58f-edcb66a71001" ,
"value" : "k6j.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "dde463c0-e60b-4013-b0e1-724dafddf38d" ,
"value" : "kglo.link"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441768" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "cc983cd9-ccaa-41fe-a65b-d2aee1e28a8a" ,
"value" : "kj1.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "84e3be7b-3f0c-41ec-bb68-5e144543bd37" ,
"value" : "kjaj.top"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "96d55b85-0caa-401b-9780-e9edfdc04e51" ,
"value" : "kr4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5cef6e17-187f-43a5-9414-586e346ad226" ,
"value" : "krrz.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d7ad8277-d2fe-4e0b-9fd2-324341934cb0" ,
"value" : "l0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "808aba47-263b-4721-93ce-c108184afa01" ,
"value" : "l5k.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b5ec6afc-72e6-484b-94cf-4accecf28b56" ,
"value" : "l6nk.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "510d376b-3a57-4eef-8104-9a7eef131935" ,
"value" : "l9b.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "25d02cc3-d18b-430d-8e01-9c795d538cbd" ,
"value" : "ldnr.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "042ba6de-8e69-4316-9979-3037eeb66d9f" ,
"value" : "lgf.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9e6b4eed-d73a-4bab-89f0-56a256315189" ,
"value" : "li1iv.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "87c572a8-4e7c-469a-87a9-fa4e8782dbb2" ,
"value" : "lwip.re"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5fc48a95-d409-45e1-a2d1-38da607694dc" ,
"value" : "lwxa.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7517a6f3-05e6-4720-96bf-17582a017634" ,
"value" : "m0.nu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2b0a6440-193a-447b-8036-3f14f8d6537b" ,
"value" : "m0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8dc59744-8247-4ef6-8a1b-c4d0e319e2f8" ,
"value" : "m0.yt"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1f16d835-7679-4672-a54b-e4084253cb65" ,
"value" : "m5n.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c05caab4-18bf-4665-b0e4-1117634d7b16" ,
"value" : "mirw.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "edb5b0e6-002d-42dd-8658-68f97a2f7105" ,
"value" : "mn1.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "86ccd18f-dedd-4276-be87-b093f6e05aab" ,
"value" : "mnem.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a71e0ee5-8416-4672-ad45-bc93d2ad8dc8" ,
"value" : "msix.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "03204596-9a53-4726-93e0-360fdd593825" ,
"value" : "mwgq.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fc96f8be-951b-4839-a8b8-25ded7e2fc18" ,
"value" : "mz3.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "57c4b12e-c87e-444c-a399-3f610427e4f6" ,
"value" : "mzjc.is"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "22e7ee7f-2fe8-471c-bd52-410bcc21a2eb" ,
"value" : "n3.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c930f2d6-0395-484b-9753-dab954b5c7e6" ,
"value" : "n5.ms"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "34ab9aac-fe9b-45a3-a7ba-252e61fb0cb4" ,
"value" : "n51.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "09b741da-1eee-4e36-8b9b-60d045d5aa49" ,
"value" : "n54.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "68a79251-7658-4ab2-a8c7-e2589744fef5" ,
"value" : "n5k.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7720e7aa-e600-4596-98fa-74de77a4e11a" ,
"value" : "n9fz.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9499e299-3f16-4872-9165-04e513d8a4b2" ,
"value" : "nk0.club"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c0acafa2-3a27-4600-a33f-393adc7c152f" ,
"value" : "nt3.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6f44f21b-22cd-4b61-9801-d842a76635b5" ,
"value" : "nwz.li"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "171aee96-4194-44ea-a89f-b790523d3b8f" ,
"value" : "nz4.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a6a506a9-010d-4f14-8cbe-c49beaf3a2d0" ,
"value" : "nzm.one"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "9d436d9a-7c83-44b2-800b-0cfc6a7889e2" ,
"value" : "o7car.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6dad13b0-bf92-4c59-ab3f-6d0ea79d7afe" ,
"value" : "oj8.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0ad3845b-67eb-4846-b217-8574e814ffdc" ,
"value" : "omzk.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "31caf8fa-2ad9-461f-815a-067097fac9b8" ,
"value" : "p0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "32909740-173d-4581-96d7-635809613bdc" ,
"value" : "p3.ms"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "63a10464-b79d-481f-93c2-d975f515cd7e" ,
"value" : "p9.tel"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1d2ce439-c305-48f4-bd66-db737e29c2c1" ,
"value" : "pjz.one"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c6c5d4d8-8dcb-4ab5-b267-fe4dd7d6c1dd" ,
"value" : "q0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "011d2ca7-c6b9-4b68-a74e-afb6b4292c14" ,
"value" : "q0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "666605e0-8195-4e35-b822-b724f48fdb82" ,
"value" : "q2.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "ab930a69-5cf3-4b73-a894-c194c3e222ca" ,
"value" : "qji6.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d88ac7d5-7f96-47ff-b0dc-7af6b8305b8c" ,
"value" : "qmpo.art"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "85af1a0f-79a4-4005-87c6-a98730cbff56" ,
"value" : "r0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2b672d12-ee76-4922-80a4-395d054ba4ce" ,
"value" : "r0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f9925fb3-0eb4-4a3b-8e46-50b7eb6c2841" ,
"value" : "r4e.pl"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d25ab28e-76be-49d7-816a-ee061fcd1e4e" ,
"value" : "r6.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "29b9bb04-d050-4bcc-a98f-fd6b02291f89" ,
"value" : "ri7.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "2bc52b9c-e726-45f3-b0e3-f1fb80e5b4e3" ,
"value" : "rn9v.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a956c9ba-972c-497a-be29-d12caa8d913b" ,
"value" : "rx3.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a941fb2a-8350-440a-bb7d-3aa6a30ae815" ,
"value" : "s0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a8c53e6f-226b-4821-a8a1-633d4c105ce2" ,
"value" : "s8.cx"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "b1aefcbe-5027-4e6c-a054-9475eca7563e" ,
"value" : "skqv.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "90049ad6-387e-4bba-8e57-341ba2b245e3" ,
"value" : "t0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3316bfd2-d0f8-4986-bb2f-352cd7a0d40b" ,
"value" : "t7.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a02a87b3-5512-467f-a924-8a32444319be" ,
"value" : "tiua.uk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1db68a30-fd23-41e8-9586-17780a722d7f" ,
"value" : "trzx.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6410d437-dd10-431a-a623-7ad1aa73618a" ,
"value" : "tz6.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "4dac994f-9876-4af0-a018-37c55201af23" ,
"value" : "u0.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f041b0b9-e3db-4bd3-b3c3-4143635ba598" ,
"value" : "u0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "35675372-9e38-4d54-bced-9ecd8da2edd5" ,
"value" : "u0.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "bcccd3c7-0229-4bbf-80f1-601af2d9cc3e" ,
"value" : "u7u.ro"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "61d5b4ab-befd-42d6-9075-c33f0ffd95ed" ,
"value" : "u8wp.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5dc8d521-78f7-4d83-97c8-09dfe1643d24" ,
"value" : "ubv5.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0514722f-8bbd-4011-95f8-a1037cb35586" ,
"value" : "ue2.eu"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "74882ad9-585a-4b42-a321-8bf90ed620cd" ,
"value" : "uoej.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "50dec3dd-a589-486d-b6cb-12e786a912e2" ,
"value" : "uqw.futbol"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "973467b3-ea0b-4d56-9524-0c9b832e0d20" ,
"value" : "uz3.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "daf73e02-df2d-4ec3-a748-7d6912876b70" ,
"value" : "v0.cx"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "189a0034-94e7-4191-8b1b-cfb632de62e0" ,
"value" : "vn6.co"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "fc61082b-adbd-4300-a75b-29b91fd44acb" ,
"value" : "vqdn.net"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c9fbdb0e-e0a8-4735-9a29-16868ca92d3d" ,
"value" : "vs.gy"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8322355d-cb9b-4be6-97bd-6e84b725bb5a" ,
"value" : "w0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "63a90297-d7a6-46a7-81f2-c5da074ddec1" ,
"value" : "w0iq.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "19c50e52-6313-4ec6-9806-347086ddcef0" ,
"value" : "w4.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "93e774f3-c40a-484b-b373-b745ab88b71f" ,
"value" : "w4.rs"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "8999fc5f-41a9-425a-a5a0-e6f526982b8d" ,
"value" : "w4.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441769" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e9b84ead-97c5-48fd-92f8-f91ea1c75f93" ,
"value" : "w6.nz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "e9bf9c36-9553-4e38-876d-c623c7530c6e" ,
"value" : "wak.rocks"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "dfc8564c-0c28-4cd7-8421-cdde39edc91f" ,
"value" : "xjam.hk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "70ab60c9-d7bd-4081-9bd9-afb64536d330" ,
"value" : "xtabr.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "d098a898-40f9-4c8a-80b7-79e9ebfe1bdf" ,
"value" : "xz4.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "795c92f0-5474-4bb1-b4fc-4d89b85cf003" ,
"value" : "y0.pm"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "22ad1e21-a348-4ed4-b224-6d866a1ab682" ,
"value" : "y0.wf"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f5a3c0c3-5763-4119-a016-5e370eda1f1c" ,
"value" : "y3x.biz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "1f85f78c-a812-4756-9843-2a805c45ff18" ,
"value" : "ynns.uk"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "960dccfc-5180-46a6-a36f-8089eb9d3825" ,
"value" : "yuiw.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "aa046f62-44ca-460d-86e7-7b5a16732a80" ,
"value" : "z7s.org"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a8aa69bd-063c-414d-9edf-b21e3fd68692" ,
"value" : "zbs.is"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "3d69e18b-5341-4c4c-9cb7-73af223c1704" ,
"value" : "zi9f.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "a68fb465-f713-4c3c-a658-368f30c0ca5c" ,
"value" : "zie5.com"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "bd99e9ed-e0e1-4ffa-a93e-2b3e9d47ac89" ,
"value" : "zjc.bz"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "15d682aa-5c0e-41f2-a9a4-f67dc643e183" ,
"value" : "zk.qa"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "21d6b907-0d2a-4167-967f-6c58a42fc304" ,
"value" : "zk4.me"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "996b832c-4b83-4b20-ae83-2ae5a138e058" ,
"value" : "zk5.co"
} ,
{
"category" : "Network activity" ,
"comment" : "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1671441770" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "0ff9b6e9-a2be-40db-b8a1-266e0df2f33a" ,
"value" : "zxn.fyi"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "7" ,
"timestamp" : "1671442083" ,
"uuid" : "aaf09192-2cff-4665-aae1-05a6e8cae7ba" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1671442083" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "39dc2fbe-f68c-414e-94ec-5867c8bd095c" ,
"value" : "https://redcanary.com/blog/raspberry-robin/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1671442083" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e2350615-9e5d-4e34-8dbb-0cda7b2d70f3" ,
"value" : "Raspberry Robin gets the worm early\r\n\r\nRed Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1671442083" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bc877e77-decb-4913-aecf-8f62a917a257" ,
"value" : "Blog"
}
]
}
] ,
"EventReport" : [
{
"name" : "Raspberry Robin gets the worm early" ,
"content" : "@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") gets the worm early\r\n===================================\r\n\r\nRed Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious @[tag](dll).\r\n\r\n###### [Lauren Podber](https://redcanary.com/authors/lauren-podber)- [Stef Rand](https://redcanary.com/authors/stef-rand)\r\n\r\n*Originally published May 5, 2022. Last modified September 16, 2022.*\r\n\r\n*Over the past several months, Red Canary @[tag](misp-galaxy:sector=\"Intelligence\") has been tracking a cluster of malicious activity we call @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"). Read on for details on what @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") is, high-fidelity opportunities to detect known behaviors, and background on how we decided to cluster this activity.*\r\n\r\n*Check out this [video update](https://www.youtube.com/watch?v=xLteZDHiA1Y) for the latest developments and guidance on how to test your detection capabilities\u00a0with [@[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omic Red Team](https://atomicredteam.io/).*\r\n\r\n\"@[tag](misp-galaxy:malpedia=\"Raspberry Robin\")\" is Red Canary's name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive. This activity cluster relies on `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` to call out to its infrastructure, often compromised QNAP devices, using HTTP requests that contain a victim's user and device names. We also observed @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") use TOR exit nodes as additional command and control (@[tag](c2)) infrastructure.\r\n\r\nLike most activity clusters we track, @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") began as a handful of detections with similar characteristics that we saw in multiple customers' environments, first noticed by [Jason Killam](https://redcanary.com/authors/jason-killam/) from Red Canary's Detection Engineering team. We saw @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") activity as far back as September 2021, though most related activity occurred during or after January 2022. As we observed additional activity, we couldn't find public reporting to corroborate our analysis, aside from [some findings on VirusTotal](https://www.virustotal.com/gui/collection/cea528052dc6137b9ec1f2b03342921894fd0bb3b21209320bfdcb4ff7d27fb8) that we suspected were related based on overlap in @[tag](c2) domains.\r\n\r\nTo date, we've observed @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") in organizations with ties to technology and manufacturing, though it's not yet clear if there are other links among victims. We have several intelligence gaps around this cluster, including the operators' objectives. While we don't yet have the full picture, we want to share what we know about this activity cluster so far to enrich collective understanding of this threat and empower defenders to identify this activity. We use the cluster name \"@[tag](misp-galaxy:malpedia=\"Raspberry Robin\")\" to refer to the entire chain of activity described below, including the initial access method, the worm itself, and the follow-on execution and @[tag](c2) activity.\r\n\r\nBelow we've provided a comprehensive analysis of known @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") behavior with corresponding detection opportunities along the way.\r\n\r\n![raspberry robin intrusion @[attribute](3bec64e6-9f0a-473d-976f-8b4176059784))\r\n\r\n*Figure 1: @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") event outline*\r\n\r\nInitial access\r\n--------------\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") is typically introduced via infected removable drives, often USB devices. The @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") worm often appears as a shortcut `.lnk` file masquerading as a legitimate folder on the infected USB device.\r\n\r\nSoon after the @[tag](misp-galaxy:malpedia=\"Raspberry Robin\" ) i n f e c t e d d r i v e i s c o n n e c t e d t o t h e s
"id" : "142" ,
"event_id" : "109238" ,
"timestamp" : "1671442262" ,
"uuid" : "20084cb0-fdb3-4c37-bd8d-692470e66ed7" ,
"deleted" : false
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}