adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/7cf90d8d-61f0-4e36-8083-15f66e3556ad.json

3743 lines
502 KiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"type": "bundle",
"id": "bundle--7cf90d8d-61f0-4e36-8083-15f66e3556ad",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T21:02:36.000Z",
"modified": "2024-12-16T21:02:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--7cf90d8d-61f0-4e36-8083-15f66e3556ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T21:02:36.000Z",
"modified": "2024-12-16T21:02:36.000Z",
"name": "OSINT - Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT",
"published": "2024-12-16T21:04:01Z",
"object_refs": [
"indicator--2a3cbf4b-0547-442a-8a81-a707bf76375d",
"indicator--1efbc29a-2358-4e7d-ad16-627a107d97d1",
"indicator--241468ed-be4b-43c8-b6bf-0d75b66bfc85",
"indicator--fe56dac5-88bb-4f0a-9f36-4bacb924b495",
"indicator--422e40f2-940f-4b2a-acc7-8b08005f6286",
"indicator--3653db53-a8e4-416e-b25d-10479f36cbf6",
"indicator--4c5b281e-c0df-4e2b-bdd3-4361d4d4f12c",
"indicator--051989ae-b4c5-4e90-9e9d-11a18d2c45fe",
"indicator--d6bc21e8-af66-4b6a-8fd2-a4f52c0ec288",
"indicator--85df81f4-e2f1-415d-8336-394f9d87e55a",
"indicator--b24e38c7-cdff-4cfe-9dbf-91535bfd2f75",
"indicator--9d1fc8b3-c8c0-4262-9112-934bd2b4da19",
"indicator--87a24b96-acb3-4eb3-b267-f5520185d508",
"indicator--f080cefc-5992-4978-b418-12f0d6c5e1f7",
"indicator--4d0535b4-d2c2-45d9-913f-866a1c8dac44",
"indicator--45573158-2d1f-4c05-b7b0-9e92bd449a5d",
"indicator--6b8511a9-c14a-42f8-9e16-250bdf5fe516",
"indicator--cfbb294e-d3bc-47aa-b821-8c7fe4d841cd",
"indicator--4f002b52-bcdf-4ad6-afac-937a519ef091",
"indicator--010404a8-b080-43e5-99bc-87aa032efc7b",
"indicator--ef45812f-379b-4fdb-a42c-c3b9752dc848",
"indicator--ce211a52-7096-4201-b26f-a06e2f7be0ac",
"indicator--6cfa124d-0db6-4610-8e86-16a507ad4c14",
"indicator--928659e9-d158-4b40-a69e-4577e772cd08",
"indicator--8ade369a-f546-4c01-b8b7-19d52a095896",
"indicator--78e5183a-1ea1-498b-9dc2-c2f38deb20d7",
"indicator--bae9bf15-bf26-4586-b5c0-93a0c01a5499",
"indicator--f769db70-334e-4d3e-b822-2deb0ddd4d12",
"indicator--084a22fb-e2c1-4e63-acce-fadeef01c49c",
"indicator--fef0a6b9-81af-4f1a-be47-a73679a136f6",
"indicator--f36cb96b-68d0-4199-96ba-44fbeca35bb9",
"indicator--0d938d1c-dc36-4e8f-b57c-890607b0eb4c",
"indicator--64356b1c-445b-4be3-8199-37cfa2a27f8f",
"indicator--cdc781d8-c0c7-48b1-8310-de2a4d2dc832",
"indicator--6c39f7af-dcbf-455c-bd51-87b59529a8b6",
"indicator--c83edb29-cb02-4f99-b6de-f55c63a03af3",
"indicator--45bd37cc-6cd6-4140-917f-50fdeb1ce564",
"indicator--c64d7beb-532a-4c77-8fbf-e868bf944a78",
"indicator--055e0c96-6348-498e-ad53-90ce34dd8fcf",
"indicator--38b08594-33f3-411b-a48a-380f11ee3ec7",
"indicator--d31e7bf2-9805-4a6d-845a-f6e148bb8cc4",
"indicator--ca1c5d86-613a-4389-a452-78db56f74979",
"indicator--e45730e1-d193-4736-a5f4-b4366c82a37c",
"indicator--ac811922-9686-4a06-9bb3-a8e59c028647",
"indicator--7433d380-2860-425e-9d00-7c94d24462d5",
"indicator--8368b207-54b7-42a7-9df7-728cc55aa8e2",
"indicator--f432e955-2d33-4e0b-a350-95ec72a03062",
"indicator--391d1796-40cb-493c-ac74-ea00ccf82489",
"indicator--39121211-29cf-49b5-ac5d-2c1c5cd48022",
"indicator--29f36a8a-249d-4246-9bec-89344be74858",
"indicator--5b3f58cf-5f42-4f45-8bcf-a3e47bb30f02",
"indicator--880a0c61-6dd5-4da4-bee4-84e8102f2222",
"indicator--4ccca9b8-fb10-4bc3-ab89-8d630509969f",
"indicator--a4f338e0-028b-4c81-bb14-815ccddd4816",
"indicator--bab18bb7-0553-47d0-b41b-4b1c2d676d1e",
"indicator--628b26aa-ad82-460d-9ee4-acdf61c6a599",
"indicator--d15670b3-bb2a-403f-8a85-e14474bff9bd",
"indicator--308e76e5-4647-47f4-b8d8-67728d940e38",
"indicator--2d61fd2b-fd07-40a3-bdc1-98f15703d687",
"indicator--c7a3910a-6f60-4fc0-8276-19374c213c9c",
"indicator--23a59a34-f768-4545-af8a-b5f4de0f548c",
"indicator--a2e3cab1-eed4-45ea-95c3-9e718ecb703b",
"indicator--cd912603-287f-4937-af2c-971cf5d5baf2",
"indicator--a42eeed1-ae73-47d0-88fd-6bbf3ea337dd",
"indicator--0bcd2e68-a3df-4aee-8fcf-457ed33fdefd",
"indicator--e6911eaa-0a31-4c7f-8d10-cfc7be7ab366",
"indicator--6fa8a725-27a2-4734-a292-e6892c5580e5",
"indicator--697b231b-d1ba-4559-9c7c-5becc4b89f11",
"indicator--d123b340-4080-4688-a56b-84366e7adef0",
"indicator--72c1158c-8139-4015-bc16-86ae12c99939",
"indicator--479653ac-d7db-4af0-9427-c3100b3f00e0",
"indicator--3ffa22cf-4804-4b9a-bc2a-4d9245a2a764",
"indicator--9fcca7a0-0caf-4fb2-8156-af8235de40e0",
"indicator--7ddeb9a3-6727-4ec7-9cca-0296f9e69f24",
"indicator--589fe53b-9efa-4079-a997-862ccb64a04d",
"indicator--36070e39-3cbf-4119-b750-d52369b15b9c",
"indicator--304a440a-8ef2-44bb-8384-09b1c2e3af44",
"indicator--db9cad03-7f64-44ab-9558-97370e5e7bb2",
"indicator--cb37178b-7c88-4668-983c-fddd3a7f81a8",
"indicator--bcdc4736-38fd-493d-90c5-a543c35e9b7b",
"indicator--36c155ae-c65d-4257-b6ad-41c389597849",
"indicator--6a54afef-452d-4ab7-89cc-a271c702ac2d",
"indicator--41a9568d-24db-4e8e-aa38-3f26fedb76e4",
"indicator--70ee491e-bf01-4e73-ad33-83e912a09d63",
"indicator--f8988c66-590a-4c04-8303-ca0209dbdceb",
"indicator--3b3c5a18-7c60-4e06-a3ed-60bfd9420b21",
"indicator--81e56ca5-9991-458e-afbe-fa6fd70f00cb",
"indicator--6c5f9ff0-c759-4fe3-9020-97ee415da789",
"indicator--d04e3e3d-929b-49fc-8198-2da404acd8b6",
"indicator--ba0f1d48-842c-4ac6-9457-477fb25c8750",
"indicator--6bbd18e0-3fd1-4124-a4f2-e35329ecd802",
"indicator--6d214ccb-f27d-44e3-92da-252e50e9049b",
"indicator--adc4ce5b-fcd0-49a5-bb3c-3b9d8a9be53c",
"indicator--739932bf-18e3-4447-a785-f6bf8168c1ed",
"indicator--10501b15-bb32-4ee8-977b-d1cc5b6be2d0",
"indicator--08fe1269-dbfb-4d87-a6eb-2e6bf9220958",
"indicator--6183f436-d0c0-489e-912a-a04790d282a8",
"indicator--603e411e-f9cf-4a8a-b89f-7ca03b44e7f8",
"indicator--cfdcd030-4a66-4502-b99f-1c1112cde3fd",
"indicator--98a61f88-de94-4acf-b2f5-810e89b77797",
"indicator--e024592d-e245-46ab-af73-df6d39adbdf6",
"indicator--c5a798b8-b1ad-40b3-af4c-06c9e09b9738",
"indicator--b814fb6e-f665-4a9f-b405-65e4d20a49d5",
"indicator--02b9e4f1-3cc8-4637-9665-1a196eb965a2",
"indicator--69e987e6-a7ce-4ffc-8360-254f2601bd02",
"indicator--f1517ceb-f404-447f-a595-07726745c385",
"indicator--6ddd5a63-058c-4733-8435-d43b95e6cf42",
"indicator--81acf70b-7b41-49bb-84a2-03f00ee1af3b",
"indicator--2a61f7ac-0684-4756-8184-7f37ac5f03d5",
"indicator--02fdc69a-66c2-483d-868a-503bf23df1b4",
"indicator--f787b0fc-520f-4245-85f3-96aed1a8aaaa",
"indicator--2944c22c-26d5-4c77-b5cf-deb002608c58",
"indicator--d9126436-9b1e-4427-a218-fc1b7d4e806d",
"indicator--08a3b247-040a-4b32-b2f2-107a8c49b786",
"indicator--97c20788-8716-4c7b-9fbc-912d375696b9",
"indicator--50263906-95f6-4537-bd41-4c9c56e6825f",
"indicator--be23b00a-6148-42d7-ac8e-80166753fbd4",
"indicator--152ba95e-ff6a-4393-97f6-2457ca3777fa",
"indicator--34a2b19f-caa0-437f-836e-f05499277afb",
"indicator--0c9e15fb-5032-4f52-afed-ce0b22a8a8ac",
"indicator--46c7b705-2d28-4f7b-9911-f464fc0e240a",
"indicator--945e47da-ff3a-4e2b-ba99-b2b1fbc98bb3",
"indicator--3dc093d3-1839-43e3-9e41-67f2f71118cf",
"indicator--8e15c842-efd7-4a7d-bacc-76c7584bfec0",
"indicator--5e179092-4c98-4662-ba6e-f2673a073f64",
"indicator--df315935-0286-4b1e-8d2b-76c39bf07724",
"indicator--48dda3bd-7fce-4ed4-8ef3-f1fa59e82479",
"indicator--c9585b74-2c7c-41af-9887-c85ead7b2859",
"indicator--a82638c4-5434-42c1-95f9-5c7964d242ab",
"indicator--aa04ea3d-5e35-4ba7-b4bb-a8f8c0d1b5f8",
"indicator--60954e84-8e45-43fd-b0c0-6aba666773d3",
"indicator--25975dd3-54d0-43dd-9108-4d9d12be5a9e",
"indicator--13567a66-a34c-4541-b6ff-18e306861179",
"indicator--0c15e873-2007-421f-9d63-2445579cee55",
"indicator--17571a28-a508-44de-954c-1be467b418e5",
"indicator--16c9d33d-acf4-4756-8b10-a40e77431018",
"indicator--7e66a959-22cb-4780-af9b-6f0daefb3b14",
"indicator--1733b6bb-130e-4bb3-a446-9b3d58d38db2",
"indicator--fa525819-83ef-4d22-aeb5-44cba227630a",
"indicator--d5d90182-2008-4beb-81fc-873f49e309c6",
"indicator--39472063-5423-4000-bc99-c0090482243d",
"indicator--cc8fba4b-8b5e-4b7a-ae2f-ce734d12c9d2",
"indicator--866070b0-d3db-4108-9d72-4c922fa8aaa0",
"indicator--0a7a12cc-91c4-421f-91ea-34944f92fcb2",
"indicator--c3e8d444-de14-4e22-aba1-3d9ea5c556f5",
"indicator--be77f791-73a1-43fd-ba49-e5516ff2aa57",
"indicator--a4818855-340d-4a7d-b3d6-f54045596ea3",
"indicator--150465cb-abed-4e38-bc8f-c6c9928be219",
"indicator--a629f8f8-70d3-465c-8709-d893a5f5405b",
"x-misp-object--b2151afd-6b22-41f4-8f1c-1dfd85f5d61c",
"x-misp-object--70cf3fcb-f790-4ece-950d-17cf1798dda8",
"note--9149f7ba-3239-413f-80b3-91370b42c4e8"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:country=\"russia\"",
"misp-galaxy:threat-actor=\"Gamaredon Group\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a3cbf4b-0547-442a-8a81-a707bf76375d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'llkeyvost.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1efbc29a-2358-4e7d-ad16-627a107d97d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'fiordmoss.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--241468ed-be4b-43c8-b6bf-0d75b66bfc85",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'winterknowing.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe56dac5-88bb-4f0a-9f36-4bacb924b495",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'weeklyoptional.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--422e40f2-940f-4b2a-acc7-8b08005f6286",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'ltkwark.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3653db53-a8e4-416e-b25d-10479f36cbf6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'ollymap.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c5b281e-c0df-4e2b-bdd3-4361d4d4f12c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'wleak.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--051989ae-b4c5-4e90-9e9d-11a18d2c45fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:13:38.000Z",
"modified": "2024-12-16T11:13:38.000Z",
"pattern": "[domain-name:value = 'goos.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T11:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6bc21e8-af66-4b6a-8fd2-a4f52c0ec288",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '2c7827f92a103db1b299f334043fbdc73805bbee11f4bfac195f672ba0464d22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85df81f4-e2f1-415d-8336-394f9d87e55a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '114d2a25bb4c296f8ef5bfca4e8192b5aca9b169099ac6291139e68cfc7e37dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b24e38c7-cdff-4cfe-9dbf-91535bfd2f75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '8af63d7aa2142701116207f61e3e01c9e0239731e5bbbdf79114889b56ca46ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d1fc8b3-c8c0-4262-9112-934bd2b4da19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'ce6e5838f3ada452b64ffc6261e9bf74479bd31e83f77c7409c89564846db6a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87a24b96-acb3-4eb3-b267-f5520185d508",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '8407fed605805f0e7ef9628767d0aff1014e7231549b09f3c0d0cb723f07c48a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f080cefc-5992-4978-b418-12f0d6c5e1f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'cb648ba5cce810e5ba17b89ca2c346bd3f0ad612834c225ec7b55871c4acc085']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d0535b4-d2c2-45d9-913f-866a1c8dac44",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '39cb17cb03a794e69eb4f0694e90e41a8cfb8480b82da82fcbd4a88dfe49930d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45573158-2d1f-4c05-b7b0-9e92bd449a5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'fd5fa718a7411b18845b76d7007db6b4431b1a2ce2f8b2cc047c0fff7c46161f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6b8511a9-c14a-42f8-9e16-250bdf5fe516",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'f0acf9558b7a4fcdaa119731ad5fb5bbdf5a704c9be9e929735a4679735989db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cfbb294e-d3bc-47aa-b821-8c7fe4d841cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '7de055018723b612dfa66a90c83a69afce7db918fb7fa88619833557c4fc61c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4f002b52-bcdf-4ad6-afac-937a519ef091",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '551b8917f57c5cf8cd0a34c1d500db1dd4aed8ec8f31d28a5fabc4720e5b89a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--010404a8-b080-43e5-99bc-87aa032efc7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = '533ff7ba5eb5329cb860486a952259a4dfc0d74654831eb08dbcadc1ae5ca333']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef45812f-379b-4fdb-a42c-c3b9752dc848",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:55.000Z",
"modified": "2024-12-16T12:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'acede5fa46e09803adf9de5e731ca690dc7b02b69a63bacd4836429d289ec4f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce211a52-7096-4201-b26f-a06e2f7be0ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'a3b0c178ab5e6e4b3442d358a78df7409461fa48f6ca8e63b730b0a455a89b18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6cfa124d-0db6-4610-8e86-16a507ad4c14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '7a8ec25f3d4a5c6b4fbdb1002ce22ff0352ce65c0f4ddc9567458e8fcb964845']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--928659e9-d158-4b40-a69e-4577e772cd08",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '86e51f1cc8213e173e47080ab45577e922e624006954de73ebae531589c912f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8ade369a-f546-4c01-b8b7-19d52a095896",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '2ef72c67cf76e8162f5e4bf0a743ac4ed756e153593c430cedf2043a310b24e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--78e5183a-1ea1-498b-9dc2-c2f38deb20d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '5b7b5a2995c102121695225797f12f0b860500150472126b3b465b51ccad07bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bae9bf15-bf26-4586-b5c0-93a0c01a5499",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '9dd73c9caa547358b6fe5acddf59443d7bf0ffc5b92867e9b67edd5bb2a9f786']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f769db70-334e-4d3e-b822-2deb0ddd4d12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '3b5794ca6051740fff6e1b449db06f169df2749f81aaf4c329e18b12afb9a5c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--084a22fb-e2c1-4e63-acce-fadeef01c49c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'dfaa47ed20021c4f84bf68820a618f9e8a2e077d36b6d7281e8724b2124c7825']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fef0a6b9-81af-4f1a-be47-a73679a136f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'f948b650bdc63cf9b1781d651974a9c54d2b2981d3bf4b882f48c3a406272470']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f36cb96b-68d0-4199-96ba-44fbeca35bb9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'c82f0a1546bf7025993f2e7da33d1a741d91c78b01268a2d44afa31e66eb2fe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0d938d1c-dc36-4e8f-b57c-890607b0eb4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'de3a0b30b8976da933fe6bf88e6e7ab2386a967ada2599ef1dc1b12100a37694']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64356b1c-445b-4be3-8199-37cfa2a27f8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'bd65dbd61f27a90c0770d5f8cc02cfa7d9552f0fb300868611d69972b42d3f1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cdc781d8-c0c7-48b1-8310-de2a4d2dc832",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'bed2cf8758d86daaf25475cc6ed1c71fd3f9a922247c42fe246f8542c76d8c15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6c39f7af-dcbf-455c-bd51-87b59529a8b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '255996e1aa2a7514b167d9c940d7c8ff3c34393e97e43bda319eb92ea626c4eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c83edb29-cb02-4f99-b6de-f55c63a03af3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '46b10de13887c36d61517125bec87c4557f325114221291a3ac7142cbc15de29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45bd37cc-6cd6-4140-917f-50fdeb1ce564",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '6bfdc285dee8ae3e3dade52a34f5d178163e4a08904b651ff5c906e78ddccec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c64d7beb-532a-4c77-8fbf-e868bf944a78",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'e0c5656ca9877b37e92f5208caf9c65365e9d35ea6eb351915eb3efee235db31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--055e0c96-6348-498e-ad53-90ce34dd8fcf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '30429e95b9318816709e23488c77e364a294b6f5f7e3ee414a6a2bef74620ca6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--38b08594-33f3-411b-a48a-380f11ee3ec7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '278c9819583ce64913882d425c1d7634307b290709e0143e9268f8f999dacfba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d31e7bf2-9805-4a6d-845a-f6e148bb8cc4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '3a4fa698536111f377030a5d794851d2e23b18d67e6d440ce883b9906d65037d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca1c5d86-613a-4389-a452-78db56f74979",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '629ca39d2c90ff8b343ba1f4cfae11bbc2f61ca6bae80bd093f22efbcf4e4770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e45730e1-d193-4736-a5f4-b4366c82a37c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = '633875ce353391ea8bd4c92d8f3f57a525ff0abf9eba8d78528de616b1ee7118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac811922-9686-4a06-9bb3-a8e59c028647",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:14:56.000Z",
"modified": "2024-12-16T12:14:56.000Z",
"pattern": "[file:hashes.SHA256 = 'eadd9c3e3f7a1c5e008ca157cb850aa72d283f702da2ab4daf0e4af4d926ab3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T12:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7433d380-2860-425e-9d00-7c94d24462d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.87.216.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8368b207-54b7-42a7-9df7-728cc55aa8e2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.98.99.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f432e955-2d33-4e0b-a350-95ec72a03062",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'waltermanage.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--391d1796-40cb-493c-ac74-ea00ccf82489",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.247.184.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--39121211-29cf-49b5-ac5d-2c1c5cd48022",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'tokyoprepared.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29f36a8a-249d-4246-9bec-89344be74858",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.133.88.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3f58cf-5f42-4f45-8bcf-a3e47bb30f02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'tacticsnovelty.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--880a0c61-6dd5-4da4-bee4-84e8102f2222",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.185.84.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4ccca9b8-fb10-4bc3-ab89-8d630509969f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'sonic-needed.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4f338e0-028b-4c81-bb14-815ccddd4816",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.192.14.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bab18bb7-0553-47d0-b41b-4b1c2d676d1e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'warrantiesford.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--628b26aa-ad82-460d-9ee4-acdf61c6a599",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.87.31.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d15670b3-bb2a-403f-8a85-e14474bff9bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'threateningdealer.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--308e76e5-4647-47f4-b8d8-67728d940e38",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.185.84.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2d61fd2b-fd07-40a3-bdc1-98f15703d687",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'twentymicrophone.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7a3910a-6f60-4fc0-8276-19374c213c9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'slopepainting.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23a59a34-f768-4545-af8a-b5f4de0f548c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'rogermayor.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2e3cab1-eed4-45ea-95c3-9e718ecb703b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'stocksharbour.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd912603-287f-4937-af2c-971cf5d5baf2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'wivespassed.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a42eeed1-ae73-47d0-88fd-6bbf3ea337dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'savageprozac.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bcd2e68-a3df-4aee-8fcf-457ed33fdefd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'rhythmfunky.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e6911eaa-0a31-4c7f-8d10-cfc7be7ab366",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'sauce-patio.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fa8a725-27a2-4734-a292-e6892c5580e5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'skinpublishing.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--697b231b-d1ba-4559-9c7c-5becc4b89f11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'yields-drew.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d123b340-4080-4688-a56b-84366e7adef0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'inspiredflow.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72c1158c-8139-4015-bc16-86ae12c99939",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'rakinal.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--479653ac-d7db-4af0-9427-c3100b3f00e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'sabipro.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ffa22cf-4804-4b9a-bc2a-4d9245a2a764",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'roomsecuador.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9fcca7a0-0caf-4fb2-8156-af8235de40e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'savagelouisiana.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7ddeb9a3-6727-4ec7-9cca-0296f9e69f24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'walletdimension.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589fe53b-9efa-4079-a997-862ccb64a04d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'whiteeligible.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36070e39-3cbf-4119-b750-d52369b15b9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'wenticdss.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--304a440a-8ef2-44bb-8384-09b1c2e3af44",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'spoken-object.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--db9cad03-7f64-44ab-9558-97370e5e7bb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'spreadingearning.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb37178b-7c88-4668-983c-fddd3a7f81a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'televisionshandle.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bcdc4736-38fd-493d-90c5-a543c35e9b7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'tongue-forms.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36c155ae-c65d-4257-b6ad-41c389597849",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'throwingcoupons.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a54afef-452d-4ab7-89cc-a271c702ac2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'shakecostume.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41a9568d-24db-4e8e-aa38-3f26fedb76e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'tabs-iowa.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--70ee491e-bf01-4e73-ad33-83e912a09d63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'saferexpansys.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f8988c66-590a-4c04-8303-ca0209dbdceb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'stringscrap.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b3c5a18-7c60-4e06-a3ed-60bfd9420b21",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'sony-high.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81e56ca5-9991-458e-afbe-fa6fd70f00cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'seasonalfamily.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6c5f9ff0-c759-4fe3-9020-97ee415da789",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'soilentirely.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d04e3e3d-929b-49fc-8198-2da404acd8b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:38.000Z",
"modified": "2024-12-16T20:58:38.000Z",
"pattern": "[domain-name:value = 'seeklemon.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ba0f1d48-842c-4ac6-9457-477fb25c8750",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'spacesknowledge.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6bbd18e0-3fd1-4124-a4f2-e35329ecd802",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'rendercounting.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d214ccb-f27d-44e3-92da-252e50e9049b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'regimapessive.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--adc4ce5b-fcd0-49a5-bb3c-3b9d8a9be53c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'standardfebruary.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--739932bf-18e3-4447-a785-f6bf8168c1ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'towerextraordinary.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--10501b15-bb32-4ee8-977b-d1cc5b6be2d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'ruleglance.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08fe1269-dbfb-4d87-a6eb-2e6bf9220958",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'twistedfaces.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6183f436-d0c0-489e-912a-a04790d282a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'vasifgo.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--603e411e-f9cf-4a8a-b89f-7ca03b44e7f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'baloglandi.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cfdcd030-4a66-4502-b99f-1c1112cde3fd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'bucks0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98a61f88-de94-4acf-b2f5-810e89b77797",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'bashardi.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e024592d-e245-46ab-af73-df6d39adbdf6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'detroit0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5a798b8-b1ad-40b3-af4c-06c9e09b9738",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'lopert0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b814fb6e-f665-4a9f-b405-65e4d20a49d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'dowrang.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02b9e4f1-3cc8-4637-9665-1a196eb965a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'hitrovana.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69e987e6-a7ce-4ffc-8360-254f2601bd02",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'molotras.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f1517ceb-f404-447f-a595-07726745c385",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'milashto.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6ddd5a63-058c-4733-8435-d43b95e6cf42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'quyenz0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81acf70b-7b41-49bb-84a2-03f00ee1af3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'drivento.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a61f7ac-0684-4756-8184-7f37ac5f03d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'ihsnal.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02fdc69a-66c2-483d-868a-503bf23df1b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'antropa.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f787b0fc-520f-4245-85f3-96aed1a8aaaa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'ibragim0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2944c22c-26d5-4c77-b5cf-deb002608c58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'witchdors.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d9126436-9b1e-4427-a218-fc1b7d4e806d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'cavaliers0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08a3b247-040a-4b32-b2f2-107a8c49b786",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'vilitord.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--97c20788-8716-4c7b-9fbc-912d375696b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'phoenix0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--50263906-95f6-4537-bd41-4c9c56e6825f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'pistons0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be23b00a-6148-42d7-ac8e-80166753fbd4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'makdart.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--152ba95e-ff6a-4393-97f6-2457ca3777fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'bishotent.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--34a2b19f-caa0-437f-836e-f05499277afb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'forensit.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c9e15fb-5032-4f52-afed-ce0b22a8a8ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'hornets0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--46c7b705-2d28-4f7b-9911-f464fc0e240a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'miltras.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--945e47da-ff3a-4e2b-ba99-b2b1fbc98bb3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'flashik0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3dc093d3-1839-43e3-9e41-67f2f71118cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'vipertos.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e15c842-efd7-4a7d-bacc-76c7584bfec0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'batterlas.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e179092-4c98-4662-ba6e-f2673a073f64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'snipotas.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df315935-0286-4b1e-8d2b-76c39bf07724",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'bartop1.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--48dda3bd-7fce-4ed4-8ef3-f1fa59e82479",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'exportan.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c9585b74-2c7c-41af-9887-c85ead7b2859",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'chromat0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a82638c4-5434-42c1-95f9-5c7964d242ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'volnaps.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aa04ea3d-5e35-4ba7-b4bb-a8f8c0d1b5f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'bilodon.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--60954e84-8e45-43fd-b0c0-6aba666773d3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'silentar.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25975dd3-54d0-43dd-9108-4d9d12be5a9e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'intigm.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--13567a66-a34c-4541-b6ff-18e306861179",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'skymagra.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c15e873-2007-421f-9d63-2445579cee55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'gayad0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17571a28-a508-44de-954c-1be467b418e5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'vezirgo.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--16c9d33d-acf4-4756-8b10-a40e77431018",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'savit1.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e66a959-22cb-4780-af9b-6f0daefb3b14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'tilofol.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1733b6bb-130e-4bb3-a446-9b3d58d38db2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'kramatl.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa525819-83ef-4d22-aeb5-44cba227630a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'plumbum0.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5d90182-2008-4beb-81fc-873f49e309c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'ziyaft.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--39472063-5423-4000-bc99-c0090482243d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'hydrargyrumo.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc8fba4b-8b5e-4b7a-ae2f-ce734d12c9d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'aghsinsa.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--866070b0-d3db-4108-9d72-4c922fa8aaa0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'hersopa.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0a7a12cc-91c4-421f-91ea-34944f92fcb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:39.000Z",
"modified": "2024-12-16T20:58:39.000Z",
"pattern": "[domain-name:value = 'kistrop0n.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3e8d444-de14-4e22-aba1-3d9ea5c556f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:40.000Z",
"modified": "2024-12-16T20:58:40.000Z",
"pattern": "[domain-name:value = 'militrar.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be77f791-73a1-43fd-ba49-e5516ff2aa57",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:40.000Z",
"modified": "2024-12-16T20:58:40.000Z",
"pattern": "[domain-name:value = 'minhzo.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4818855-340d-4a7d-b3d6-f54045596ea3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:40.000Z",
"modified": "2024-12-16T20:58:40.000Z",
"pattern": "[domain-name:value = 'kaelos.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--150465cb-abed-4e38-bc8f-c6c9928be219",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:40.000Z",
"modified": "2024-12-16T20:58:40.000Z",
"pattern": "[domain-name:value = 'lugarto.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a629f8f8-70d3-465c-8709-d893a5f5405b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T20:58:40.000Z",
"modified": "2024-12-16T20:58:40.000Z",
"pattern": "[domain-name:value = 'cicind.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-12-16T20:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b2151afd-6b22-41f4-8f1c-1dfd85f5d61c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T12:16:05.000Z",
"modified": "2024-12-16T12:16:05.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware",
"category": "External analysis",
"uuid": "1a6dd2cb-93b6-4b31-869e-a3cb97ab0aa2"
},
{
"type": "text",
"object_relation": "summary",
"value": "Lookout has discovered BoneSpy and PlainGnome Android surveillance families and attributed them to the Russian Gamaredon (Primitive Bear, Shuckworm) APT group associated with the Federal Security Service (FSB).\r\n BoneSpy has been in use since at least 2021, while PlainGnome first appeared in 2024. Both families are still active at the time of writing.\r\n BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims. Lookout assesses this targeting may be related to worsening relations between these countries and Russia since the outbreak of the Ukraine invasion.\r\n Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists.\r\n PlainGnome acts as a dropper for a surveillance payload, stored within the dropper package, while BoneSpy is deployed as a standalone application.",
"category": "Other",
"uuid": "fc16c931-0107-4d3d-b7b8-85af1d751fda"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "58e2abae-cdcf-47d0-b7a5-1b61a94f6763"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--70cf3fcb-f790-4ece-950d-17cf1798dda8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T21:02:36.000Z",
"modified": "2024-12-16T21:02:36.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "title",
"value": "Extracted IOCs via GPT4o",
"category": "Other",
"uuid": "504a615e-21f7-4171-ba96-3a6fdaaef2a4"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "720900ac-7426-442a-b236-3a4dd3968fae"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "67589a71c3f613ce4d7c74ee_67589a5b5ab2144c3b220bec_Screenshot_202024-12-10_20at_202.44.41_E2_80_AFPM.png",
"category": "External analysis",
"uuid": "c33bf4ae-5b6f-4c2e-ba92-d824f054cb33",
"data": "iVBORw0KGgoAAAANSUhEUgAAAjMAAAEgCAYAAABB+PJqAAAKqWlDQ1BJQ0MgUHJvZmlsZQAASImVlwdQk9kWgO//p4eElhDphN4E6QSQEkILXTrYCEmAUEIMBBW7srgCK4qKCCqCrgoouCpF1oootkVBAfsGWQSUdbFgQ+X9wBDcffPem3dmzpwvJ+eec+6de2fODwBZkSMSpcGKAKQLs8Rhvp70mNg4Om4I4IEiIAA0IHG4mSJmaGggQGTG/l3e9wBo0t61mMz17///V1Hi8TO5AEChCCfwMrnpCJ9G9AVXJM4CAHUA8esvzxJNchvCVDHSIML3JzlpmkcmOWGK0WAqJiKMhTAVADyJwxEnAUCiI356NjcJyUPyQNhKyBMIERYh7JaensFD+ATCJkgM4iNN5mckfJcn6W85E2Q5OZwkGU/vZUrwXoJMURpn5f95HP9b0tMkMzWMECUli/3CEKuMnNn91IwAGQsTgkNmWMCbip/iZIlf5AxzM1lxM8zjeAXI1qYFB85wosCHLcuTxY6YYX6md/gMizPCZLUSxSzmDHPEs3UlqZEyfzKfLcufkxwRPcPZgqjgGc5MDQ+YjWHJ/GJJmKx/vtDXc7auj2zv6Znf7VfAlq3NSo7wk+2dM9s/X8iczZkZI+uNx/fyno2JlMWLsjxltURpobJ4fpqvzJ+ZHS5bm4VcyNm1obIzTOH4h84wYIEMkIaoGNBBIPLLC4As/oqsyY2wMkQrxYKk5Cw6E3lhfDpbyLWcS7exsrEDYPK9Tl+Ht7SpdwjRbsz6NhEBcBVOTEycnfUFfAbgtC4AROmsz7gLAHnk3l/bzpWIs6d9U28JA4hAAVCBGtAG+sAEWAAb4ABcgAfwBv4gBESAWLAEcEEySEc6Xw5Wgw0gDxSAbWAXKAMV4CA4Co6Dk6AJnAWXwFVwE9wB3eARkIIB8BKMgvdgHIIgHESGKJAapAMZQuaQDcSA3CBvKBAKg2KheCgJEkISaDW0CSqAiqEyqBKqhn6BzkCXoOtQJ/QA6oOGoTfQZxgFk2AqrAUbwfNgBsyEA+AIeDGcBC+Dc+BceCtcClfBx+BG+BJ8E+6GpfBLeAwFUHIoGkoXZYFioFioEFQcKhElRq1F5aNKUFWoOlQLqh11FyVFjaA+obFoCpqOtkC7oP3QkWguehl6LboQXYY+im5Et6HvovvQo+hvGDJGE2OOccawMTGYJMxyTB6mBHMY04C5gunGDGDeY7FYGtYY64j1w8ZiU7CrsIXYfdh67EVsJ7YfO4bD4dRw5jhXXAiOg8vC5eH24I7hLuC6cAO4j3g5vA7eBu+Dj8ML8RvxJfga/Hl8F34QP05QJBgSnAkhBB5hJaGIcIjQQrhNGCCME5WIxkRXYgQxhbiBWEqsI14hPia+lZOT05NzklsgJ5BbL1cqd0Lumlyf3CeSMsmMxCItIklIW0lHSBdJD0hvyWSyEdmDHEfOIm8lV5Mvk5+SP8pT5C3l2fI8+XXy5fKN8l3yrxQICoYKTIUlCjkKJQqnFG4rjCgSFI0UWYocxbWK5YpnFHsVx5QoStZKIUrpSoVKNUrXlYaUccpGyt7KPOVc5YPKl5X7KSiKPoVF4VI2UQ5RrlAGqFiqMZVNTaEWUI9TO6ijKsoqdipRKitUylXOqUhpKJoRjU1LoxXRTtJ6aJ/naM1hzuHP2TKnbk7XnA+qGqoeqnzVfNV61W7Vz2p0NW+1VLXtak1qT9TR6mbqC9SXq+9Xv6I+okHVcNHgauRrnNR4qAlrmmmGaa7SPKh5S3NMS1vLV0uktUfrstaINk3bQztFe6f2ee1hHYqOm45AZ6fOBZ0XdBU6k55GL6W30Ud1NXX9dCW6lboduuN6xnqRehv16vWe6BP1GfqJ+jv1W/VHDXQMggxWG9QaPDQkGDIMkw13G7YbfjAyNoo22mzUZDRkrGrMNs4xrjV+bEI2cTdZZlJlcs8Ua8owTTXdZ3rHDDazN0s2Kze7bQ6bO5gLzPeZd87FzHWaK5xbNbfXgmTBtMi2qLXos6RZBlputGyyfDXPYF7cvO3z2ud9s7K3SrM6ZPXIWtna33qjdYv1GxszG65Nuc09W7Ktj+0622bb13bmdny7/Xb37Sn2Qfab7Vvtvzo4Oogd6hyGHQ0c4x33OvYyqIxQRiHjmhPGydNpndNZp0/ODs5Zzied/3KxcEl1qXEZmm88nz//0Px+Vz1Xjmulq9SN7hbvdsBN6q7rznGvcn/moe/B8zjsMcg0ZaYwjzFfeVp5ij0bPD+wnFlrWBe9UF6+XvleHd7K3pHeZd5PffR8knxqfUZ97X1X+V70w/gF+G3362Vrsbnsavaov6P/Gv+2AFJAeEBZwLNAs0BxYEsQHOQftCPocbBhsDC4KQSEsEN2hDwJNQ5dFvrrAuyC0AXlC56HWYetDmsPp4QvDa8Jfx/hGVEU8SjSJFIS2RqlELUoqjrqQ7RXdHG0NGZezJqYm7HqsYLY5jhcXFTc4bixhd4Ldy0cWGS/KG9Rz2LjxSsWX1+iviRtybmlCks5S0/FY+Kj42viv3BCOFWcsQR2wt6EUS6Lu5v7kufB28kb5rvyi/mDia6JxYlDSa5JO5KGk92TS5JHBCxBmeB1il9KRcqH1JDUI6kTadFp9en49Pj0M0JlYaqwLUM7Y0VGp8hclCeSLnNetmvZqDhAfDgTylyc2ZxFRQajWxITyQ+Svmy37PLsj8ujlp9aobRCuOLWSrOVW1YO5vjk/LwKvYq7qnW17uoNq/vWMNdUroXWJqxtXae/LnfdwHrf9Uc3EDekbvhto9XG4o3vNkVvasnVyl2f2/+D7w+1efJ54rzezS6bK35E/yj4sWOL7ZY9W77l8/JvFFgVlBR8KeQW3vjJ+qfSnya2Jm7tKHIo2r8Nu024rWe7+/ajxUrFOcX9O4J2NO6k78zf+W7X0l3XS+xKKnYTd0t2S0sDS5v3GOzZtudLWXJZd7lnef1ezb1b9n7Yx9vXtd9jf12FVkVBxecDggP3K30rG6uMqkoOYg9mH3x+KOpQ+8+Mn6sPqx8uOPz1iPCI9GjY0bZqx+rqGs2aolq4VlI7fGzRsTvHvY4311nUVdbT6gtOgBOSEy9+if+l52TAydZTjFN1pw1P722gNOQ3Qo0rG0ebkpukzbHNnWf8z7S2uLQ0/Gr565GzumfLz6mcKzpPPJ97fuJCzoWxi6KLI5eSLvW3Lm19dDnm8r22BW0dVwKuXLvqc/VyO7P9wjXXa2evO18/c4Nxo+mmw83GW/a3Gn6z/62hw6Gj8bbj7eY7TndaOud3nu9y77p01+vu1Xvseze7g7s7eyJ77vcu6pXe590fepD24PXD7Ifjj9Y/xjzOf6L4pOSp5tOq301/r5c6SM/1efXdehb+7FE/t//lH5l/fBnIfU5+XjKoM1g9ZDN0dthn+M6LhS8GXopejo/k/an0595XJq9O/+Xx163RmNGB1+LXE28K36q9PfLO7l3rWOjY0/fp78c/5H9U+3j0E+NT++foz4Pjy7/gvpR+Nf3a8i3g2+OJ9IkJEUfMmRoFUIjCiYkAvDkCADkWAModZH5YOD1PTwk0/Q0wReA/8fTMPSUOANQhZnIsYl0E4ASiRuuR3IhOjkQRHgC2tZXpzOw7NadPChb5YjngOkndqrz14B8yPcN/1/c/LZjMagf+af8FqcEGdgZEZ90AAABWZVhJZk1NACoAAAAIAAGHaQAEAAAAAQAAABoAAAAAAAOShgAHAAAAEgAAAESgAgAEAAAAAQAAAjOgAwAEAAAAAQAAASAAAAAAQVNDSUkAAABTY3JlZW5zaG90UAym9gAAAdZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcm
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "67589a71c3f613ce4d7c751c_67589a4dea143dc3466b8c8d_Screenshot_202024-12-10_20at_202.44.25_E2_80_AFPM.png",
"category": "External analysis",
"uuid": "d2fa61fc-1768-47d4-85ad-3880fe283225",
"data": "iVBORw0KGgoAAAANSUhEUgAAAjMAAANdCAYAAABh2/1cAAAKqWlDQ1BJQ0MgUHJvZmlsZQAASImVlwdQk9kWgO//p4eElhDphN4E6QSQEkILXTrYCEmAUEIMBBW7srgCK4qKCCqCrgoouCpF1oootkVBAfsGWQSUdbFgQ+X9wBDcffPem3dmzpwvJ+eec+6de2fODwBZkSMSpcGKAKQLs8Rhvp70mNg4Om4I4IEiIAA0IHG4mSJmaGggQGTG/l3e9wBo0t61mMz17///V1Hi8TO5AEChCCfwMrnpCJ9G9AVXJM4CAHUA8esvzxJNchvCVDHSIML3JzlpmkcmOWGK0WAqJiKMhTAVADyJwxEnAUCiI356NjcJyUPyQNhKyBMIERYh7JaensFD+ATCJkgM4iNN5mckfJcn6W85E2Q5OZwkGU/vZUrwXoJMURpn5f95HP9b0tMkMzWMECUli/3CEKuMnNn91IwAGQsTgkNmWMCbip/iZIlf5AxzM1lxM8zjeAXI1qYFB85wosCHLcuTxY6YYX6md/gMizPCZLUSxSzmDHPEs3UlqZEyfzKfLcufkxwRPcPZgqjgGc5MDQ+YjWHJ/GJJmKx/vtDXc7auj2zv6Znf7VfAlq3NSo7wk+2dM9s/X8iczZkZI+uNx/fyno2JlMWLsjxltURpobJ4fpqvzJ+ZHS5bm4VcyNm1obIzTOH4h84wYIEMkIaoGNBBIPLLC4As/oqsyY2wMkQrxYKk5Cw6E3lhfDpbyLWcS7exsrEDYPK9Tl+Ht7SpdwjRbsz6NhEBcBVOTEycnfUFfAbgtC4AROmsz7gLAHnk3l/bzpWIs6d9U28JA4hAAVCBGtAG+sAEWAAb4ABcgAfwBv4gBESAWLAEcEEySEc6Xw5Wgw0gDxSAbWAXKAMV4CA4Co6Dk6AJnAWXwFVwE9wB3eARkIIB8BKMgvdgHIIgHESGKJAapAMZQuaQDcSA3CBvKBAKg2KheCgJEkISaDW0CSqAiqEyqBKqhn6BzkCXoOtQJ/QA6oOGoTfQZxgFk2AqrAUbwfNgBsyEA+AIeDGcBC+Dc+BceCtcClfBx+BG+BJ8E+6GpfBLeAwFUHIoGkoXZYFioFioEFQcKhElRq1F5aNKUFWoOlQLqh11FyVFjaA+obFoCpqOtkC7oP3QkWguehl6LboQXYY+im5Et6HvovvQo+hvGDJGE2OOccawMTGYJMxyTB6mBHMY04C5gunGDGDeY7FYGtYY64j1w8ZiU7CrsIXYfdh67EVsJ7YfO4bD4dRw5jhXXAiOg8vC5eH24I7hLuC6cAO4j3g5vA7eBu+Dj8ML8RvxJfga/Hl8F34QP05QJBgSnAkhBB5hJaGIcIjQQrhNGCCME5WIxkRXYgQxhbiBWEqsI14hPia+lZOT05NzklsgJ5BbL1cqd0Lumlyf3CeSMsmMxCItIklIW0lHSBdJD0hvyWSyEdmDHEfOIm8lV5Mvk5+SP8pT5C3l2fI8+XXy5fKN8l3yrxQICoYKTIUlCjkKJQqnFG4rjCgSFI0UWYocxbWK5YpnFHsVx5QoStZKIUrpSoVKNUrXlYaUccpGyt7KPOVc5YPKl5X7KSiKPoVF4VI2UQ5RrlAGqFiqMZVNTaEWUI9TO6ijKsoqdipRKitUylXOqUhpKJoRjU1LoxXRTtJ6aJ/naM1hzuHP2TKnbk7XnA+qGqoeqnzVfNV61W7Vz2p0NW+1VLXtak1qT9TR6mbqC9SXq+9Xv6I+okHVcNHgauRrnNR4qAlrmmmGaa7SPKh5S3NMS1vLV0uktUfrstaINk3bQztFe6f2ee1hHYqOm45AZ6fOBZ0XdBU6k55GL6W30Ud1NXX9dCW6lboduuN6xnqRehv16vWe6BP1GfqJ+jv1W/VHDXQMggxWG9QaPDQkGDIMkw13G7YbfjAyNoo22mzUZDRkrGrMNs4xrjV+bEI2cTdZZlJlcs8Ua8owTTXdZ3rHDDazN0s2Kze7bQ6bO5gLzPeZd87FzHWaK5xbNbfXgmTBtMi2qLXos6RZBlputGyyfDXPYF7cvO3z2ud9s7K3SrM6ZPXIWtna33qjdYv1GxszG65Nuc09W7Ktj+0622bb13bmdny7/Xb37Sn2Qfab7Vvtvzo4Oogd6hyGHQ0c4x33OvYyqIxQRiHjmhPGydNpndNZp0/ODs5Zzied/3KxcEl1qXEZmm88nz//0Px+Vz1Xjmulq9SN7hbvdsBN6q7rznGvcn/moe/B8zjsMcg0ZaYwjzFfeVp5ij0bPD+wnFlrWBe9UF6+XvleHd7K3pHeZd5PffR8knxqfUZ97X1X+V70w/gF+G3362Vrsbnsavaov6P/Gv+2AFJAeEBZwLNAs0BxYEsQHOQftCPocbBhsDC4KQSEsEN2hDwJNQ5dFvrrAuyC0AXlC56HWYetDmsPp4QvDa8Jfx/hGVEU8SjSJFIS2RqlELUoqjrqQ7RXdHG0NGZezJqYm7HqsYLY5jhcXFTc4bixhd4Ldy0cWGS/KG9Rz2LjxSsWX1+iviRtybmlCks5S0/FY+Kj42viv3BCOFWcsQR2wt6EUS6Lu5v7kufB28kb5rvyi/mDia6JxYlDSa5JO5KGk92TS5JHBCxBmeB1il9KRcqH1JDUI6kTadFp9en49Pj0M0JlYaqwLUM7Y0VGp8hclCeSLnNetmvZqDhAfDgTylyc2ZxFRQajWxITyQ+Svmy37PLsj8ujlp9aobRCuOLWSrOVW1YO5vjk/LwKvYq7qnW17uoNq/vWMNdUroXWJqxtXae/LnfdwHrf9Uc3EDekbvhto9XG4o3vNkVvasnVyl2f2/+D7w+1efJ54rzezS6bK35E/yj4sWOL7ZY9W77l8/JvFFgVlBR8KeQW3vjJ+qfSnya2Jm7tKHIo2r8Nu024rWe7+/ajxUrFOcX9O4J2NO6k78zf+W7X0l3XS+xKKnYTd0t2S0sDS5v3GOzZtudLWXJZd7lnef1ezb1b9n7Yx9vXtd9jf12FVkVBxecDggP3K30rG6uMqkoOYg9mH3x+KOpQ+8+Mn6sPqx8uOPz1iPCI9GjY0bZqx+rqGs2aolq4VlI7fGzRsTvHvY4311nUVdbT6gtOgBOSEy9+if+l52TAydZTjFN1pw1P722gNOQ3Qo0rG0ebkpukzbHNnWf8z7S2uLQ0/Gr565GzumfLz6mcKzpPPJ97fuJCzoWxi6KLI5eSLvW3Lm19dDnm8r22BW0dVwKuXLvqc/VyO7P9wjXXa2evO18/c4Nxo+mmw83GW/a3Gn6z/62hw6Gj8bbj7eY7TndaOud3nu9y77p01+vu1Xvseze7g7s7eyJ77vcu6pXe590fepD24PXD7Ifjj9Y/xjzOf6L4pOSp5tOq301/r5c6SM/1efXdehb+7FE/t//lH5l/fBnIfU5+XjKoM1g9ZDN0dthn+M6LhS8GXopejo/k/an0595XJq9O/+Xx163RmNGB1+LXE28K36q9PfLO7l3rWOjY0/fp78c/5H9U+3j0E+NT++foz4Pjy7/gvpR+Nf3a8i3g2+OJ9IkJEUfMmRoFUIjCiYkAvDkCADkWAModZH5YOD1PTwk0/Q0wReA/8fTMPSUOANQhZnIsYl0E4ASiRuuR3IhOjkQRHgC2tZXpzOw7NadPChb5YjngOkndqrz14B8yPcN/1/c/LZjMagf+af8FqcEGdgZEZ90AAABWZVhJZk1NACoAAAAIAAGHaQAEAAAAAQAAABoAAAAAAAOShgAHAAAAEgAAAESgAgAEAAAAAQAAAjOgAwAEAAAAAQAAA10AAAAAQVNDSUkAAABTY3JlZW5zaG90FPzxfAAAAdZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcm
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "67589a71c3f613ce4d7c7516_67589a36e09031426f9eb27e_Screenshot_202024-12-10_20at_202.44.12_E2_80_AFPM.png",
"category": "External analysis",
"uuid": "31cc8814-19bd-4975-8ee8-6c8363aad4ca",
"data": "iVBORw0KGgoAAAANSUhEUgAAAjMAAAOMCAYAAAC4uTLWAAAKqWlDQ1BJQ0MgUHJvZmlsZQAASImVlwdQk9kWgO//p4eElhDphN4E6QSQEkILXTrYCEmAUEIMBBW7srgCK4qKCCqCrgoouCpF1oootkVBAfsGWQSUdbFgQ+X9wBDcffPem3dmzpwvJ+eec+6de2fODwBZkSMSpcGKAKQLs8Rhvp70mNg4Om4I4IEiIAA0IHG4mSJmaGggQGTG/l3e9wBo0t61mMz17///V1Hi8TO5AEChCCfwMrnpCJ9G9AVXJM4CAHUA8esvzxJNchvCVDHSIML3JzlpmkcmOWGK0WAqJiKMhTAVADyJwxEnAUCiI356NjcJyUPyQNhKyBMIERYh7JaensFD+ATCJkgM4iNN5mckfJcn6W85E2Q5OZwkGU/vZUrwXoJMURpn5f95HP9b0tMkMzWMECUli/3CEKuMnNn91IwAGQsTgkNmWMCbip/iZIlf5AxzM1lxM8zjeAXI1qYFB85wosCHLcuTxY6YYX6md/gMizPCZLUSxSzmDHPEs3UlqZEyfzKfLcufkxwRPcPZgqjgGc5MDQ+YjWHJ/GJJmKx/vtDXc7auj2zv6Znf7VfAlq3NSo7wk+2dM9s/X8iczZkZI+uNx/fyno2JlMWLsjxltURpobJ4fpqvzJ+ZHS5bm4VcyNm1obIzTOH4h84wYIEMkIaoGNBBIPLLC4As/oqsyY2wMkQrxYKk5Cw6E3lhfDpbyLWcS7exsrEDYPK9Tl+Ht7SpdwjRbsz6NhEBcBVOTEycnfUFfAbgtC4AROmsz7gLAHnk3l/bzpWIs6d9U28JA4hAAVCBGtAG+sAEWAAb4ABcgAfwBv4gBESAWLAEcEEySEc6Xw5Wgw0gDxSAbWAXKAMV4CA4Co6Dk6AJnAWXwFVwE9wB3eARkIIB8BKMgvdgHIIgHESGKJAapAMZQuaQDcSA3CBvKBAKg2KheCgJEkISaDW0CSqAiqEyqBKqhn6BzkCXoOtQJ/QA6oOGoTfQZxgFk2AqrAUbwfNgBsyEA+AIeDGcBC+Dc+BceCtcClfBx+BG+BJ8E+6GpfBLeAwFUHIoGkoXZYFioFioEFQcKhElRq1F5aNKUFWoOlQLqh11FyVFjaA+obFoCpqOtkC7oP3QkWguehl6LboQXYY+im5Et6HvovvQo+hvGDJGE2OOccawMTGYJMxyTB6mBHMY04C5gunGDGDeY7FYGtYY64j1w8ZiU7CrsIXYfdh67EVsJ7YfO4bD4dRw5jhXXAiOg8vC5eH24I7hLuC6cAO4j3g5vA7eBu+Dj8ML8RvxJfga/Hl8F34QP05QJBgSnAkhBB5hJaGIcIjQQrhNGCCME5WIxkRXYgQxhbiBWEqsI14hPia+lZOT05NzklsgJ5BbL1cqd0Lumlyf3CeSMsmMxCItIklIW0lHSBdJD0hvyWSyEdmDHEfOIm8lV5Mvk5+SP8pT5C3l2fI8+XXy5fKN8l3yrxQICoYKTIUlCjkKJQqnFG4rjCgSFI0UWYocxbWK5YpnFHsVx5QoStZKIUrpSoVKNUrXlYaUccpGyt7KPOVc5YPKl5X7KSiKPoVF4VI2UQ5RrlAGqFiqMZVNTaEWUI9TO6ijKsoqdipRKitUylXOqUhpKJoRjU1LoxXRTtJ6aJ/naM1hzuHP2TKnbk7XnA+qGqoeqnzVfNV61W7Vz2p0NW+1VLXtak1qT9TR6mbqC9SXq+9Xv6I+okHVcNHgauRrnNR4qAlrmmmGaa7SPKh5S3NMS1vLV0uktUfrstaINk3bQztFe6f2ee1hHYqOm45AZ6fOBZ0XdBU6k55GL6W30Ud1NXX9dCW6lboduuN6xnqRehv16vWe6BP1GfqJ+jv1W/VHDXQMggxWG9QaPDQkGDIMkw13G7YbfjAyNoo22mzUZDRkrGrMNs4xrjV+bEI2cTdZZlJlcs8Ua8owTTXdZ3rHDDazN0s2Kze7bQ6bO5gLzPeZd87FzHWaK5xbNbfXgmTBtMi2qLXos6RZBlputGyyfDXPYF7cvO3z2ud9s7K3SrM6ZPXIWtna33qjdYv1GxszG65Nuc09W7Ktj+0622bb13bmdny7/Xb37Sn2Qfab7Vvtvzo4Oogd6hyGHQ0c4x33OvYyqIxQRiHjmhPGydNpndNZp0/ODs5Zzied/3KxcEl1qXEZmm88nz//0Px+Vz1Xjmulq9SN7hbvdsBN6q7rznGvcn/moe/B8zjsMcg0ZaYwjzFfeVp5ij0bPD+wnFlrWBe9UF6+XvleHd7K3pHeZd5PffR8knxqfUZ97X1X+V70w/gF+G3362Vrsbnsavaov6P/Gv+2AFJAeEBZwLNAs0BxYEsQHOQftCPocbBhsDC4KQSEsEN2hDwJNQ5dFvrrAuyC0AXlC56HWYetDmsPp4QvDa8Jfx/hGVEU8SjSJFIS2RqlELUoqjrqQ7RXdHG0NGZezJqYm7HqsYLY5jhcXFTc4bixhd4Ldy0cWGS/KG9Rz2LjxSsWX1+iviRtybmlCks5S0/FY+Kj42viv3BCOFWcsQR2wt6EUS6Lu5v7kufB28kb5rvyi/mDia6JxYlDSa5JO5KGk92TS5JHBCxBmeB1il9KRcqH1JDUI6kTadFp9en49Pj0M0JlYaqwLUM7Y0VGp8hclCeSLnNetmvZqDhAfDgTylyc2ZxFRQajWxITyQ+Svmy37PLsj8ujlp9aobRCuOLWSrOVW1YO5vjk/LwKvYq7qnW17uoNq/vWMNdUroXWJqxtXae/LnfdwHrf9Uc3EDekbvhto9XG4o3vNkVvasnVyl2f2/+D7w+1efJ54rzezS6bK35E/yj4sWOL7ZY9W77l8/JvFFgVlBR8KeQW3vjJ+qfSnya2Jm7tKHIo2r8Nu024rWe7+/ajxUrFOcX9O4J2NO6k78zf+W7X0l3XS+xKKnYTd0t2S0sDS5v3GOzZtudLWXJZd7lnef1ezb1b9n7Yx9vXtd9jf12FVkVBxecDggP3K30rG6uMqkoOYg9mH3x+KOpQ+8+Mn6sPqx8uOPz1iPCI9GjY0bZqx+rqGs2aolq4VlI7fGzRsTvHvY4311nUVdbT6gtOgBOSEy9+if+l52TAydZTjFN1pw1P722gNOQ3Qo0rG0ebkpukzbHNnWf8z7S2uLQ0/Gr565GzumfLz6mcKzpPPJ97fuJCzoWxi6KLI5eSLvW3Lm19dDnm8r22BW0dVwKuXLvqc/VyO7P9wjXXa2evO18/c4Nxo+mmw83GW/a3Gn6z/62hw6Gj8bbj7eY7TndaOud3nu9y77p01+vu1Xvseze7g7s7eyJ77vcu6pXe590fepD24PXD7Ifjj9Y/xjzOf6L4pOSp5tOq301/r5c6SM/1efXdehb+7FE/t//lH5l/fBnIfU5+XjKoM1g9ZDN0dthn+M6LhS8GXopejo/k/an0595XJq9O/+Xx163RmNGB1+LXE28K36q9PfLO7l3rWOjY0/fp78c/5H9U+3j0E+NT++foz4Pjy7/gvpR+Nf3a8i3g2+OJ9IkJEUfMmRoFUIjCiYkAvDkCADkWAModZH5YOD1PTwk0/Q0wReA/8fTMPSUOANQhZnIsYl0E4ASiRuuR3IhOjkQRHgC2tZXpzOw7NadPChb5YjngOkndqrz14B8yPcN/1/c/LZjMagf+af8FqcEGdgZEZ90AAABWZVhJZk1NACoAAAAIAAGHaQAEAAAAAQAAABoAAAAAAAOShgAHAAAAEgAAAESgAgAEAAAAAQAAAjOgAwAEAAAAAQAAA4wAAAAAQVNDSUkAAABTY3JlZW5zaG90gKO2tAAAAdZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcm
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "Extracted_IOC_List.csv",
"category": "External analysis",
"uuid": "e9f9eb1f-fe7c-4eab-ad31-48e7af6bb1a1",
"data": "RG9tYWluLElQIEFkZHJlc3MKd2Vla2x5b3B0aW9uYWwuZGRuc1suXW5ldCwxOTQuODcuMjE2Wy5dMTM2Cmdvb3NbLl1wdywzNC45OC45OVsuXTMwCndhbHRlcm1hbmFnZS5kZG5zWy5dbmV0LDE4NS4yNDcuMTg0Wy5dNjMKdG9reW9wcmVwYXJlZC5kZG5zWy5dbmV0LDE5NS4xMzMuODhbLl0zCnRhY3RpY3Nub3ZlbHR5LmRkbnNbLl1uZXQsODkuMTg1Ljg0Wy5dNDYKc29uaWMtbmVlZGVkLmRkbnNbLl1uZXQsMjEyLjE5Mi4xNFsuXTM0CndhcnJhbnRpZXNmb3JkLmRkbnNbLl1uZXQsMTk0Ljg3LjMxWy5dMwp0aHJlYXRlbmluZ2RlYWxlci5kZG5zWy5dbmV0LDg5LjE4NS44NFsuXTgxCnR3ZW50eW1pY3JvcGhvbmUuZGRuc1suXW5ldCwKc2xvcGVwYWludGluZy5kZG5zWy5dbmV0LApyb2dlcm1heW9yLmRkbnNbLl1uZXQsCnN0b2Nrc2hhcmJvdXIuZGRuc1suXW5ldCwKd2l2ZXNwYXNzZWQuZGRuc1suXW5ldCwKc2F2YWdlcHJvemFjLmRkbnNbLl1uZXQsCnJoeXRobWZ1bmt5LmRkbnNbLl1uZXQsCnNhdWNlLXBhdGlvLmRkbnNbLl1uZXQsCnNraW5wdWJsaXNoaW5nLmRkbnNbLl1uZXQsCnlpZWxkcy1kcmV3LmRkbnNbLl1uZXQsCmluc3BpcmVkZmxvdy5kZG5zWy5dbmV0LApmaW9yZG1vc3MuZGRuc1suXW5ldCwKcmFraW5hbFsuXXJ1LApzYWJpcHJvWy5dcnUsCnJvb21zZWN1YWRvci5kZG5zWy5dbmV0LApzYXZhZ2Vsb3Vpc2lhbmEuZGRuc1suXW5ldCwKd2FsbGV0ZGltZW5zaW9uLmRkbnNbLl1uZXQsCndoaXRlZWxpZ2libGUuZGRuc1suXW5ldCwKd2VudGljZHNzLmRkbnNbLl1uZXQsCnNwb2tlbi1vYmplY3QuZGRuc1suXW5ldCwKc3ByZWFkaW5nZWFybmluZy5kZG5zWy5dbmV0LAp0ZWxldmlzaW9uc2hhbmRsZS5kZG5zWy5dbmV0LAp0b25ndWUtZm9ybXMuZGRuc1suXW5ldCwKdGhyb3dpbmdjb3Vwb25zLmRkbnNbLl1uZXQsCnNoYWtlY29zdHVtZS5kZG5zWy5dbmV0LAp0YWJzLWlvd2EuZGRuc1suXW5ldCwKc2FmZXJleHBhbnN5cy5kZG5zWy5dbmV0LApzdHJpbmdzY3JhcC5kZG5zWy5dbmV0LApzb255LWhpZ2guZGRuc1suXW5ldCwKc2Vhc29uYWxmYW1pbHkuZGRuc1suXW5ldCwKc29pbGVudGlyZWx5LmRkbnNbLl1uZXQsCnNlZWtsZW1vbi5kZG5zWy5dbmV0LApzcGFjZXNrbm93bGVkZ2UuZGRuc1suXW5ldCwKcmVuZGVyY291bnRpbmcuZGRuc1suXW5ldCwKcmVnaW1hcGVzc2l2ZS5kZG5zWy5dbmV0LApzdGFuZGFyZGZlYnJ1YXJ5LmRkbnNbLl1uZXQsCnRvd2VyZXh0cmFvcmRpbmFyeS5kZG5zWy5dbmV0LApydWxlZ2xhbmNlLmRkbnNbLl1uZXQsCnR3aXN0ZWRmYWNlcy5kZG5zWy5dbmV0LApsbGtleXZvc3QuZGRuc1suXW5ldCwKdmFzaWZnb1suXXJ1LApiYWxvZ2xhbmRpWy5dcnUsCmJ1Y2tzMFsuXXJ1LApiYXNoYXJkaVsuXXJ1LApkZXRyb2l0MFsuXXJ1LApsb3BlcnQwWy5dcnUsCmRvd3JhbmdbLl1ydSwKaGl0cm92YW5hWy5dcnUsCm1vbG90cmFzWy5dcnUsCm1pbGFzaHRvWy5dcnUsCnF1eWVuejBbLl1ydSwKZHJpdmVudG9bLl1ydSwKaWhzbmFsWy5dcnUsCmFudHJvcGFbLl1ydSwKaWJyYWdpbTBbLl1ydSwKd2l0Y2hkb3JzWy5dcnUsCmNhdmFsaWVyczBbLl1ydSwKdmlsaXRvcmRbLl1ydSwKcGhvZW5peDBbLl1ydSwKcGlzdG9uczBbLl1ydSwKbWFrZGFydFsuXXJ1LApiaXNob3RlbnRbLl1ydSwKZm9yZW5zaXRbLl1ydSwKaG9ybmV0czBbLl1ydSwKbWlsdHJhc1suXXJ1LApmbGFzaGlrMFsuXXJ1LAp2aXBlcnRvc1suXXJ1LApiYXR0ZXJsYXNbLl1ydSwKc25pcG90YXNbLl1ydSwKYmFydG9wMVsuXXJ1LApleHBvcnRhblsuXXJ1LApjaHJvbWF0MFsuXXJ1LAp2b2xuYXBzWy5dcnUsCmJpbG9kb25bLl1ydSwKc2lsZW50YXJbLl1ydSwKaW50aWdtWy5dcnUsCnNreW1hZ3JhWy5dcnUsCmdheWFkMFsuXXJ1LAp2ZXppcmdvWy5dcnUsCnNhdml0MVsuXXJ1LAp0aWxvZm9sWy5dcnUsCmtyYW1hdGxbLl1ydSwKcGx1bWJ1bTBbLl1ydSwKeml5YWZ0Wy5dcnUsCmh5ZHJhcmd5cnVtb1suXXJ1LAphZ2hzaW5zYVsuXXJ1LApoZXJzb3BhWy5dcnUsCmtpc3Ryb3AwblsuXXJ1LAptaWxpdHJhclsuXXJ1LAptaW5oem9bLl1ydSwKa2FlbG9zWy5dcnUsCmx1Z2FydG9bLl1ydSwKY2ljaW5kWy5dcnUsCg=="
}
],
"x_misp_comment": "As the blog post was containing images, the IOCs were extracted with OpenAI ChatGPT 4o",
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "note",
"spec_version": "2.1",
"id": "note--9149f7ba-3239-413f-80b3-91370b42c4e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-12-16T11:12:39.000Z",
"modified": "2024-12-16T11:12:39.000Z",
"abstract": "Report from - https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware (1734347559)",
"content": "Lookout ResearchThreat GuidancesThreat DataResourcesAbout UsContact UsAndroidSpywareIn\\-Depth AnalysisDecember 11, 2024# Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT\n\n* Lookout has discovered BoneSpy and PlainGnome Android surveillance families and attributed them to the Russian Gamaredon (Primitive Bear, Shuckworm) APT group associated with the Federal Security Service (FSB).\n* BoneSpy has been in use since at least 2021, while PlainGnome first appeared in 2024\\. Both families are still active at the time of writing.\n* BoneSpy and PlainGnome target former Soviet states and focus on Russian\\-speaking victims. Lookout assesses this targeting may be related to worsening relations between these countries and Russia since the outbreak of the Ukraine invasion.\n* Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists.\n* PlainGnome acts as a dropper for a surveillance payload, stored within the dropper package, while BoneSpy is deployed as a standalone application.\nResearchers at the Lookout Threat Lab have discovered two Android surveillance families dubbed BoneSpy and PlainGnome. They are both attributed to Russia\\-aligned cyber espionage threat group Gamaredon (aka Primitive Bear, Shuckworm). This group was identified as a component of the Russian Federal Security Service (FSB) by the Security Service of Ukraine (SSU) in 2021\\. These are the first known mobile families to be attributed to Gamaredon.\u00c2\u00a0\n\nBoneSpy and PlainGnome appear to target Russian speaking victims across the former Soviet Union in countries including Uzbekistan, Kazakhstan, Tajikistan, and Kyrgyzstan. While Gamaredon has historically targeted Ukraine, the targeting of Central Asian countries like Uzbekistan likely resulted from worsening relations between these countries and Russia since the start of the Russian invasion of Ukraine in 2022\\. Also, while specific targets are difficult to pinpoint, Lookout researchers uncovered an indication of possible enterprise targeting using the BoneSpy family in early 2022\\. While the Gamaredon threat group has long been known to target Ukraine, Lookout has no specific evidence to show BoneSpy or PlainGnome were used against Ukrainian victims.\n\n# Attribution to Gamaredon\n\nLookout researchers attribute BoneSpy and PlainGnome to Gamaredon based on use of IP addresses that point to command and control (C2\\) domains for both the mobile families that were also observed in Gamaredon\u00e2\u0080\u0099s desktop campaigns. We also observed a large number of domains sharing Gamaredon\u00e2\u0080\u0099s known domain naming convention described by MSTIC in April 2023, which were hosted on IP infrastructure shared with dynamic DNS C2 domains in use with the group\u00e2\u0080\u0099s mobile surveillanceware. In addition, Gamaredon has been known to use ddns\\[.]net and other dynamic DNS providers since at least 2017, a consistent technique used by BoneSpy and PlainGnome.\u00c2\u00a0\n\nThese infrastructure connections, together with the evidence of Russian development and targeting of Russian speaking groups in former Soviet states, lead us to the conclusion that both BoneSpy and PlainGnome are operated by Gamaredon.\n\n# App Families Analysis\n\nLookout has tracked BoneSpy since December 2021 and discovered PlainGnome in January 2024\\. BoneSpy is derived from the Russian open\\-source DroidWatcher, a surveillance app developed between 2013 and 2014\\. Conversely, PlainGnome is not based on open\\-source code, but shares similar theming and C2 server properties with BoneSpy. PlainGnome is also a two\\-stage deployment while BoneSpy is a self\\-contained single app. Each of these have broad surveillance capabilities including:\n\n* Attempting to gain root access to the device\n* Anti\\-analysis checks\u00c2\n* Location tracking\n* Getting information about the device\n* Getting sensitive user data such as:some text\n\t+ SMS messages\u00c2\n\t+ ambient
"object_refs": [
"report--7cf90d8d-61f0-4e36-8083-15f66e3556ad"
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink