{ "type": "bundle", "id": "bundle--a52a070a-6925-41ea-94d8-56f0d85dc268", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:37:26.000Z", "modified": "2023-05-12T08:37:26.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--a52a070a-6925-41ea-94d8-56f0d85dc268", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:37:26.000Z", "modified": "2023-05-12T08:37:26.000Z", "name": "An Analysis of Infrastructure linked to the Hagga Threat Actor", "published": "2023-05-12T08:38:33Z", "object_refs": [ "indicator--cbead78b-f2b6-4279-9f9b-760420d366ab", "indicator--df26f1d2-1e2d-480c-946c-69f4e3f0d617", "indicator--158e7dbc-fd60-4031-a302-26097b8e5d8c", "indicator--46c1065d-66f2-4ccb-bbf3-1459eec881cf", "indicator--324ce2c6-7e04-44ec-9325-82b5225a8101", "indicator--4e6dc86f-c996-4c8f-a550-ee15bac5f7f3", "indicator--72216c98-e591-4d6b-8d48-82762ddb0627", "indicator--22e8ab53-be66-4b46-9c57-294a65ba2fb2", "indicator--aa88e877-b1ba-4ec1-947b-c2d206dd9080", "indicator--cba90e06-b842-4ab4-88a7-79367207d0a5", "indicator--1f35f404-9f60-47dc-81ea-45edcef1e5ef", "indicator--314039bb-5998-48e4-9fda-366c65db0b22", "indicator--64aa2a2d-e351-4b48-9672-3a8e75bcb275", "indicator--73dd3d56-9652-4d7b-b5f9-8ad6d153731a", "indicator--fddf65bc-c9d4-4ee6-b05d-09ba4fb80dec", "indicator--3129cd28-319d-4dc2-9463-1d31a8765ea4", "indicator--1820bf2f-6410-4830-8672-ed85eb2532d1", "indicator--6d25aa36-58a8-4777-81bb-bfe23b687d20", "indicator--96ee6d7b-1203-4ae0-a32c-a434d9d27adb", "indicator--1c51ef63-4dfb-4cda-a671-07e4a69ad04a", "indicator--14363f7a-3cb3-4a28-906d-f6b23fe733a4", "indicator--c6b8a7a9-6bd0-471f-9041-acb3d06dd018", "indicator--fc0bf391-fa33-44be-8ea5-6be15d45e663", "indicator--20cbb332-3782-46b6-877c-70d333be8b7d", "indicator--766f6112-f59c-476b-b1f4-d48fa6239f0d", "indicator--e06a5dc4-7e23-4a7c-bed7-8c5df6f2cce8", "indicator--8cb4bf09-5189-40bd-922e-f8751d0fe54b", "indicator--b0e5b109-770c-42f6-9dfe-7fe1f369ffc4", "indicator--6e1db3ae-4cbf-46fa-94ce-5ee82155a3aa", "indicator--dfdd3cf2-4e94-4cdf-8a70-2e54e31ebc43", "indicator--ed8cbf47-92ea-45bf-a96d-7c11023c7818", "indicator--a43ec7e2-60be-4549-a138-b844baaa16eb", "x-misp-object--56e527ae-8733-430e-8a6d-ec5f5b0c7cc8" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "tlp:clear", "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbead78b-f2b6-4279-9f9b-760420d366ab", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.151.122.110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df26f1d2-1e2d-480c-946c-69f4e3f0d617", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.157.208']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--158e7dbc-fd60-4031-a302-26097b8e5d8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.154.226.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--46c1065d-66f2-4ccb-bbf3-1459eec881cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.21.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--324ce2c6-7e04-44ec-9325-82b5225a8101", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.143.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4e6dc86f-c996-4c8f-a550-ee15bac5f7f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.11.143.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72216c98-e591-4d6b-8d48-82762ddb0627", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.32.217.137']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22e8ab53-be66-4b46-9c57-294a65ba2fb2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.31.98.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--aa88e877-b1ba-4ec1-947b-c2d206dd9080", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.133.105.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cba90e06-b842-4ab4-88a7-79367207d0a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.138.105.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f35f404-9f60-47dc-81ea-45edcef1e5ef", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.153.77.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--314039bb-5998-48e4-9fda-366c65db0b22", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.174.99.181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64aa2a2d-e351-4b48-9672-3a8e75bcb275", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '161.129.64.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73dd3d56-9652-4d7b-b5f9-8ad6d153731a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.94.209.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fddf65bc-c9d4-4ee6-b05d-09ba4fb80dec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.27.104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3129cd28-319d-4dc2-9463-1d31a8765ea4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:55.000Z", "modified": "2023-05-12T08:20:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.188.20.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:20:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1820bf2f-6410-4830-8672-ed85eb2532d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'mobibagugu.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d25aa36-58a8-4777-81bb-bfe23b687d20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'mobibanewdan.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96ee6d7b-1203-4ae0-a32c-a434d9d27adb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'mohbeebnew.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c51ef63-4dfb-4cda-a671-07e4a69ad04a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'mubbibun.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14363f7a-3cb3-4a28-906d-f6b23fe733a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'cdec22.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c6b8a7a9-6bd0-471f-9041-acb3d06dd018", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'vncgoga.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc0bf391-fa33-44be-8ea5-6be15d45e663", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'bakuzamokala.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--20cbb332-3782-46b6-877c-70d333be8b7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'warnonmobina.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--766f6112-f59c-476b-b1f4-d48fa6239f0d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'abotherrdpajq.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e06a5dc4-7e23-4a7c-bed7-8c5df6f2cce8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'mobinomomuam.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8cb4bf09-5189-40bd-922e-f8751d0fe54b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'workflowstatus.live']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0e5b109-770c-42f6-9dfe-7fe1f369ffc4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'heavy-dutyindustry.shop']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6e1db3ae-4cbf-46fa-94ce-5ee82155a3aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'microsoftiswear.duckdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dfdd3cf2-4e94-4cdf-8a70-2e54e31ebc43", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'update.newbotv4.monster']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed8cbf47-92ea-45bf-a96d-7c11023c7818", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'newbotv4.monster']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a43ec7e2-60be-4549-a138-b844baaa16eb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:22:11.000Z", "modified": "2023-05-12T08:22:11.000Z", "pattern": "[domain-name:value = 'bot.statusupdate.one']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-05-12T08:22:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--56e527ae-8733-430e-8a6d-ec5f5b0c7cc8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-05-12T08:20:34.000Z", "modified": "2023-05-12T08:20:34.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor", "category": "External analysis", "uuid": "e2725b60-e687-4516-991a-9bb20e24b0c3" }, { "type": "text", "object_relation": "summary", "value": "An Analysis of Infrastructure linked to the Hagga Threat Actor\r\nSummary\r\n\r\nAs this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future threats. A well resourced team with access to the right tools can monitor changes to adversary infrastructure in real time, discoveries can become strategic advantages when fully exploited. This blog is geared towards the practitioner threat hunters and threat researchers, anyone reading this with the bottomline in mind should take a look at our economic study here first.", "category": "Other", "uuid": "88556307-b345-4a83-b55a-091ad1bed69c" }, { "type": "text", "object_relation": "type", "value": "Blog", "category": "Other", "uuid": "89b0ee8b-f0ac-448b-8c3a-ca38b78b9af3" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }