adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/636cabbd-4bde-4fb2-bc6b-6b2c05fafcd5.json

1242 lines
45 KiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-08-07 08:13:15 +00:00
{
"Event": {
"analysis": "2",
"date": "2024-07-24",
"extends_uuid": "",
"info": "OSINT - RDGAs: The Next Chapter in Domain Generation Algorithms",
"publish_timestamp": "1721836897",
"published": true,
"threat_level_id": "3",
"timestamp": "1721827141",
"uuid": "636cabbd-4bde-4fb2-bc6b-6b2c05fafcd5",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:nice-framework-skills=\"Skill in performing network data analysis - S0688\"",
"relationship_type": "recommends-use-of"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813628",
"uuid": "0894b4f6-7a29-4bfa-9ad7-251ea49131c1",
"Attribute": [
{
"category": "Network activity",
"comment": "SocGholish/TA569 affiliate traditional DGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813628",
"to_ids": true,
"type": "domain",
"uuid": "76f77c2c-45b4-4610-82f2-043d59d08eb3",
"value": "6rnd9mitqt1rz82.top"
},
{
"category": "Network activity",
"comment": "SocGholish/TA569 affiliate traditional DGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813628",
"to_ids": true,
"type": "domain",
"uuid": "79790f2a-cb31-49bb-bafc-82ea3983cf50",
"value": "7r7suw52ls00i20.top"
},
{
"category": "Network activity",
"comment": "SocGholish/TA569 affiliate traditional DGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813628",
"to_ids": true,
"type": "domain",
"uuid": "4448ab06-66cc-40ad-a9a4-4f2a8317108f",
"value": "9w9ohb5vky5p3dz.top"
},
{
"category": "Network activity",
"comment": "SocGholish/TA569 affiliate traditional DGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813628",
"to_ids": true,
"type": "domain",
"uuid": "7a54ccc1-087c-4532-96bc-a275b14bbb51",
"value": "bjbntaxmh09r09e.top"
},
{
"category": "Network activity",
"comment": "SocGholish/TA569 affiliate traditional DGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813628",
"to_ids": true,
"type": "domain",
"uuid": "17cdd28c-24f4-4c26-bac6-6ac7b92f5204",
"value": "qcj4pirltkpqrcu.top"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813693",
"uuid": "171dd00a-c539-44c8-8aba-548b6d5cf522",
"Attribute": [
{
"category": "Network activity",
"comment": "Weight loss pill scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813693",
"to_ids": true,
"type": "domain",
"uuid": "9012b65e-dc74-47f6-be1d-7b734d23d0fe",
"value": "h87e1mbm0u5f85.xyz"
},
{
"category": "Network activity",
"comment": "Weight loss pill scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813693",
"to_ids": true,
"type": "domain",
"uuid": "c6a781e0-8db4-4bad-9089-05ba095b0ff3",
"value": "n8j1nau3os4otr.xyz"
},
{
"category": "Network activity",
"comment": "Weight loss pill scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813694",
"to_ids": true,
"type": "domain",
"uuid": "4ce4fb59-1b47-470d-b1bd-631be9583bd0",
"value": "xnnxr1jquyupjc.xyz"
},
{
"category": "Network activity",
"comment": "Weight loss pill scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813694",
"to_ids": true,
"type": "domain",
"uuid": "32e5194c-0dec-4d54-ab99-4ab6d44efb51",
"value": "xqajkr8fbrdryp0.xyz"
},
{
"category": "Network activity",
"comment": "Weight loss pill scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813694",
"to_ids": true,
"type": "domain",
"uuid": "40c2e73d-07d2-40a2-a676-11295d98c6a1",
"value": "xryqcgcb2upb28k.xyz"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813727",
"uuid": "f1110fb8-5ca5-4402-b8bf-15aeb4b15c8c",
"Attribute": [
{
"category": "Network activity",
"comment": "VexTrio Viper RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813727",
"to_ids": true,
"type": "domain",
"uuid": "001afeec-997e-47fc-b507-5a5e2afe3106",
"value": "arriveplanetsnow.buzz"
},
{
"category": "Network activity",
"comment": "VexTrio Viper RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813727",
"to_ids": true,
"type": "domain",
"uuid": "62f2964a-43dd-48b0-8843-5088452cd6b6",
"value": "coatthinkverb.buzz"
},
{
"category": "Network activity",
"comment": "VexTrio Viper RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813727",
"to_ids": true,
"type": "domain",
"uuid": "7e1d80ff-ebd9-48f5-985f-57155e478768",
"value": "debtgenepub.live"
},
{
"category": "Network activity",
"comment": "VexTrio Viper RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813727",
"to_ids": true,
"type": "domain",
"uuid": "7e2286a5-9e37-4d8c-aec4-0d20ea1fba23",
"value": "poemtrainsurprise.top"
},
{
"category": "Network activity",
"comment": "VexTrio Viper RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813727",
"to_ids": true,
"type": "domain",
"uuid": "b998255f-6568-400b-8004-fb69d28de92e",
"value": "quarterneighbourforward.xyz"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813761",
"uuid": "ea557bab-91b5-46e4-8bc4-69220dad491f",
"Attribute": [
{
"category": "Network activity",
"comment": "Regional jail RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813761",
"to_ids": true,
"type": "domain",
"uuid": "99a7ee6b-cce6-48a1-94b3-7f8eb957e68c",
"value": "castrocountyjail.org"
},
{
"category": "Network activity",
"comment": "Regional jail RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813761",
"to_ids": true,
"type": "domain",
"uuid": "2aef8055-f108-4a43-bbaa-9c679fdadf14",
"value": "killeencityjail.org"
},
{
"category": "Network activity",
"comment": "Regional jail RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813761",
"to_ids": true,
"type": "domain",
"uuid": "3b25406e-3fa1-4895-b965-9a81661d4ad5",
"value": "lasalleparishjail.org"
},
{
"category": "Network activity",
"comment": "Regional jail RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813761",
"to_ids": true,
"type": "domain",
"uuid": "7b80951e-810c-489d-972d-8bcbc5ff0502",
"value": "miamidadecountyjail.org"
},
{
"category": "Network activity",
"comment": "Regional jail RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813761",
"to_ids": true,
"type": "domain",
"uuid": "3cb283d0-b123-4238-9ebd-4f54ac50cb33",
"value": "northcentralregionaljail.org"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813826",
"uuid": "f730c5ae-9131-4b52-9a43-07ba48929cad",
"Attribute": [
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "760844db-188c-4746-a59c-8f4ba65d41b2",
"value": "arenadiploma.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "50370701-c0f5-4d0b-b137-1b5f59e2202e",
"value": "area-diploman24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "a2c15a75-7d48-45c5-816e-ecf9da23be9e",
"value": "area-diplomans24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "f4ac49ca-4341-4d61-af60-a9cbb4c747cb",
"value": "area-diploms24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "274c4c7f-9e52-41af-b2d6-07916a6960a5",
"value": "area-diplomy24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "e02a39e3-aed1-4acd-8786-b8166950d57e",
"value": "areas-diplom.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "4d1a2e16-8889-420d-a602-2434b02db15b",
"value": "areas-diplom24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "4bc11b95-d9ba-4b62-9d11-2ef1b0a86336",
"value": "areas-diplomy24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "359ccf94-1404-43e9-9e30-d5d5e26bb31e",
"value": "arena-diplomsy24.com"
},
{
"category": "Network activity",
"comment": "Russian diploma scam RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813826",
"to_ids": true,
"type": "domain",
"uuid": "0c006d66-9e5f-48e0-83b7-1392b9eaf388",
"value": "arena-diplomy24.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813860",
"uuid": "fbfd7b15-4943-4039-b4e5-c9bed2c00d20",
"Attribute": [
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "2b621194-c585-4d59-b242-93ff0f0b7e39",
"value": "chopprousite.ru"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "740e0aa0-bb11-4639-963c-ed9195b7d425",
"value": "patiennerrhe.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "2a39b935-cbe4-40e6-9b0a-a455821bf24a",
"value": "thougolograrly.ru"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "54db78ee-e6d4-44e7-92fa-48e72452efe0",
"value": "dintretonid.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "a5581de8-2a30-4130-8275-74b94dcf9a41",
"value": "dintretrewor.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "d9509ce7-0b7c-4901-90b1-9e2150348072",
"value": "dintrolletone.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "81a6d416-6dc6-481c-babe-c4afbf24d9c0",
"value": "dintromparsup.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "b39ed812-d664-43a8-a7d0-452d7bbded3d",
"value": "direnrolpar.ru"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "50a7120f-bd55-481f-9c90-488e9f0438d0",
"value": "hadhecrecled.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "4ab88e57-9c18-4620-a349-f26f78d13d5a",
"value": "hadrecrolof.ru"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "c2c96927-8d88-44d6-8d9a-7dbcc443ff21",
"value": "hadsparmirat.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "406ee475-9821-4dcd-88a0-85a4c5615200",
"value": "hanparolhar.com"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "667fbfa5-45bc-4d1f-b669-094b69a15052",
"value": "rofromandfor.ru"
},
{
"category": "Network activity",
"comment": "Hancitor C2 RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813860",
"to_ids": true,
"type": "domain",
"uuid": "bb0be241-c1f5-476e-9e2f-0824424c500b",
"value": "rowrorofrat.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813913",
"uuid": "df812c0a-5280-4247-9fe2-1cd09d060be5",
"Attribute": [
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "4b0452e2-af83-4597-827b-57312a857024",
"value": "assisted-living-11607.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "a9cae87c-fa6e-4a43-a1bc-a1ba58198d24",
"value": "online-jobs-42681.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "4eb870ed-299c-4180-afeb-1f48cd4087fe",
"value": "perfumes-76753.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "c60ba88f-e475-41db-b4db-65bd8030637e",
"value": "security-surveillance-cameras-42345.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "c5002ca4-9d24-4b86-879e-4696ec2f773d",
"value": "yoga-classes-35904.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "02846f91-0d8a-4cd2-ad97-7963cb8db269",
"value": "ai-courses-12139.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "3fb01ed8-bf2d-40f8-b73c-e562fe78fe70",
"value": "ai-courses-13069.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "8a8bf684-105d-4f9f-82b4-3cc200b028c8",
"value": "ai-courses-14729.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813913",
"to_ids": true,
"type": "domain",
"uuid": "c5798138-690f-4e55-bffe-4174eaa33354",
"value": "ai-courses-16651.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "be0d997b-e4ac-42d0-931f-f901ab0bd9c9",
"value": "ai-courses-17621.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "c9cc568c-f98d-47c8-883a-54b7afece503",
"value": "app-software-development-training-52686.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "1c35be04-539e-41e8-9dde-7cde1fa19ad6",
"value": "app-software-development-training-54449.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "a116a6d4-821b-4db9-b00f-0c73b3aaa239",
"value": "app-software-development-training-55554.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "16535e73-35f0-433b-a050-1a975505dda7",
"value": "app-software-development-training-57549.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "9fc66ccc-bb46-48cc-b75a-84365378dbaf",
"value": "ai-courses-2024-pe.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "bbde60cf-1093-47e0-a8a9-43587233a3f8",
"value": "ai-courses-2024-pk.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813914",
"to_ids": true,
"type": "domain",
"uuid": "6956f1ae-ebc7-42cd-a1fa-a0f7dcf8b282",
"value": "ai-courses-2024sa.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "f085db19-9601-48d5-b92d-df37980f03c5",
"value": "ai-courses2023-in.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "77c61bbe-7d97-45f8-b904-d2aaf7eb907c",
"value": "ai-courses2023in.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "90d8b7a0-2423-480c-9ac5-4920838ae357",
"value": "ai-courses2024in.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "505ea6d1-1967-4160-aaba-0a15ce17e6c7",
"value": "app-software-development-italy.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "f39d1064-4b79-4490-a091-0bd41c52fc09",
"value": "app-software-development-training-usa.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "8ee8e6bd-bfc1-4799-ab1c-ad91dd67907b",
"value": "online-degrees-16099.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "4586a669-8665-4e48-9202-e25e4de17525",
"value": "portable-air-conditioner-12322.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "c34d0fdc-ecba-4b5b-b9e5-575d57813c38",
"value": "river-cruises-13890.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "8f6cf6ff-3dab-45f5-9443-cd53c8e1aabb",
"value": "roofing-services-10175.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "3d1b4416-329f-4f9e-8124-18b6808f1121",
"value": "travel-insurance-43494.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "b25edef1-7b10-47b4-86bf-de65f0975970",
"value": "usa-online-degree-29o.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813915",
"to_ids": true,
"type": "domain",
"uuid": "e3d2a6c0-12ec-43ac-b142-a6bf985994ae",
"value": "bra-portable-air-conditioner-9o.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "b5d62471-69b5-438f-a42f-54a4d1e0ac79",
"value": "uk-river-cruises-8n.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "d5740df5-5c9c-472d-b09f-57b9ea9286f7",
"value": "rsa-roofing-services-8n.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "34fecc36-d555-4bc6-92ea-cbb5541b4088",
"value": "col-travel-insurance-3n.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "03c99643-3ac9-4e6a-9529-9f10c7fcab77",
"value": "welding-machines-10120.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "9ea815a6-61c9-4077-aae5-370acc8bf803",
"value": "welding-machines-35450.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "3ba8a1b5-be52-49e3-80b9-bb99e1d000ff",
"value": "welding-machines-56397.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "f57a4ef7-2de2-416d-9902-ba07307f723f",
"value": "welding-machines-76813.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813916",
"to_ids": true,
"type": "domain",
"uuid": "8ac9cbd6-0a60-44a3-b03b-699508ac0c54",
"value": "welding-machines-99146.bond"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1721813941",
"uuid": "58b85abd-78cc-4671-a80b-8712acd0564b",
"Attribute": [
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains used as C2 / decoy domains for XLoader malware",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813941",
"to_ids": true,
"type": "domain",
"uuid": "8ccf8e56-c077-4941-b320-790a1786a5f9",
"value": "tires-book-robust.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains used as C2 / decoy domains for XLoader malware",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813941",
"to_ids": true,
"type": "domain",
"uuid": "498b4544-9589-4d33-8713-8af995a75591",
"value": "laser-skin-treatment-19799.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains used as C2 / decoy domains for XLoader malware",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813941",
"to_ids": true,
"type": "domain",
"uuid": "c10dc287-566d-49f7-9e65-2dcf860d21b3",
"value": "pool-repair-35063.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains used as C2 / decoy domains for XLoader malware",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813941",
"to_ids": true,
"type": "domain",
"uuid": "1f149527-5148-411a-b1ea-4e9aec58f733",
"value": "apartments-for-rent-72254.bond"
},
{
"category": "Network activity",
"comment": "Revolver Rabbit RDGA domains used as C2 / decoy domains for XLoader malware",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1721813941",
"to_ids": true,
"type": "domain",
"uuid": "e25b65d7-4e95-4b25-91d5-4764eba6a942",
"value": "hemophilia-treatment-41433.bond"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Report object to describe a report along with its metadata.",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "8",
"timestamp": "1721813992",
"uuid": "aed9d622-6409-4fb6-b012-436228a3d0b1",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1721813992",
"to_ids": false,
"type": "link",
"uuid": "41667fe2-4456-4354-9068-379072c9b7f7",
"value": "https://blogs.infoblox.com/threat-intelligence/rdgas-the-next-chapter-in-domain-generation-algorithms/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1721813992",
"to_ids": false,
"type": "text",
"uuid": "33edb1d2-6fb9-4eac-a967-1b57d3d7a127",
"value": "This trailblazing report explores a burgeoning technique that threat actors are using to covertly transform the DNS threat landscape with millions of new domains. You\u2019ll learn how traditional malware-based domain generation algorithms (DGAs) have evolved into registered DGAs (RDGAs) that can be used for malware, phishing, spam, scams, gambling, traffic distribution systems (TDS), virtual private networks (VPNs), and more. We\u2019ll unveil a new RDGA threat actor named Revolver Rabbit who\u2019s associated with XLoader malware. We\u2019ll also reveal how the notorious Hancitor malware used an RDGA to generate its C2 domains for years while most of the security industry remained oblivious to their methods. This blog discusses some of the highlights from our full research paper, which is available here.\r\n\r\nFor nearly two decades, threat actors have used domain generation algorithms (DGAs) to distribute malware. In recent years, threat actors have been employing a technique we call registered domain generation algorithms (RDGAs), in which the actor uses an algorithm to register many domain names at one time. RDGAs are considerably harder to detect and defend against than traditional DGAs, and despite their prevalence on the internet, they have been woefully underreported by the security community. We originally described RDGAs in October 2023 and have published on the topic multiple times since then."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1721813992",
"to_ids": false,
"type": "text",
"uuid": "781d8f8a-40d2-4b3d-98d3-aa468b490f33",
"value": "Blog"
}
]
}
]
}
}
Reference in a new issue Copy permalink