{ "type": "bundle", "id": "bundle--b0135754-b115-47c4-811c-e6840fe03f50", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--b0135754-b115-47c4-811c-e6840fe03f50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "name": "Serverless InfoStealer delivered in Est European Countries", "published": "2023-07-12T12:46:03Z", "object_refs": [ "indicator--32089aee-e968-4036-81ba-7624c35ac4d7", "indicator--630568fd-a16f-4923-b962-8cd4501da921", "indicator--8d6c5ed1-d204-4162-9a77-48d8ecce0bae", "indicator--b8419835-5db0-46da-862c-a33bcdf87ae8", "indicator--32aaa5eb-08ff-4692-905d-3a9299c82689", "indicator--d6cdd00c-6cf1-4508-a334-c1675389c4a1", "indicator--9bb9ce3d-4c87-4219-8dd9-c06451060545", "indicator--8756bc58-f42c-4a7f-b871-4b0f43ca2f7d", "indicator--e08a796c-8241-41f5-a0f9-f44d041bf61d", "indicator--6c67ea83-da1f-428f-b8b1-555c5a592098", "indicator--d12a405a-4d7e-4fb7-8c91-1e548af5c7fd", "indicator--650497e7-700d-4b67-a051-e49e6839a537", "indicator--b03e958f-4e52-4af2-b54f-556a3d4d282c", "indicator--0798a83f-44c4-4634-a2f7-b6ecd8b2da0e", "indicator--684fb21a-5b06-4aa4-8bfe-84f2fa5ac53f", "indicator--e572f482-7f0c-4529-9c2f-2e4a22658916", "indicator--6ed047d8-0795-4ec0-bb7a-ebe14c6ff0ec", "indicator--4737f676-4ff6-4e82-94f0-9102eecec537", "indicator--d4d540c5-f33f-484d-b06f-fac919ecb26b", "indicator--44d29af2-c1d6-4d07-80c8-946e7ed0c6cb", "indicator--d33e7116-1ba7-49e5-abb5-9acf804a9587", "indicator--da3189cc-0235-484f-8e85-977fb1a61d73", "indicator--3404c521-413b-4e73-9fa7-e82ce9376f94", "indicator--892d430e-0ca6-4ce3-9439-8e8b075f91e6", "indicator--76ff4fc7-0106-4a1c-a63a-ca3472e06907", "indicator--2c893001-4778-4534-bab8-a6c850f47dfc", "indicator--01af4767-33bc-4aba-9973-6a353cf5fb23", "indicator--5e5b9a25-2628-47be-8eeb-cdeef3f9d37f", "indicator--1b5726d6-3d8f-4b47-b3ef-56235ccdce9f", "indicator--dc902153-1115-4531-ba86-757cc9dc5faa", "indicator--461e1888-aaa6-4102-908e-180c14af2cb3", "indicator--489aa087-aac8-4054-8e17-1abb1ec7a59a", "indicator--96a96090-6a9a-423a-9324-996c005570ca", "indicator--0d6f1f05-eceb-4ab8-b8bd-c4749ae2d79a", "indicator--358c78da-7fe5-44f6-a565-d4a1cf951e34", "indicator--2f004a3e-d63f-4130-bda9-3ebd027256a9", "indicator--7969287f-795d-4366-a389-05cd0fc2d6b4", "indicator--b0eab0d8-740b-4ff4-965c-859d99c71ddd", "indicator--9db74dc5-3f89-400a-9d04-2d1722bc14bb", "indicator--137206b4-41e7-49a8-b8a7-15f04a3f0f51", "indicator--b455dce0-4048-453f-a0ef-9fec55e74505", "indicator--031ce0aa-1884-4419-92c5-a5f2f299d279", "indicator--22a021ca-484b-4818-8f97-39c264c0004f", "indicator--38ff91e7-5d34-43b5-92cc-4ba1fe0b09a4", "indicator--87e83393-5003-478e-9085-ade6c2762d09", "indicator--cbb6d961-abc3-43aa-8e25-f77c15dd710e", "indicator--85ba72a9-3a60-4979-bfbf-ef263bc4160c", "indicator--f85057a4-3d7e-43c7-bf69-a5b7b7f84ae6", "indicator--8ad343a2-3853-4287-8918-2659eca905cc", "indicator--6ed9fe69-d3d5-4876-95de-5559f3083639", "indicator--68059aa3-b7f5-405c-b49e-64535aa3f928", "indicator--c2f6630d-41bb-45ba-97f7-745091064e38", "indicator--27a2e274-3a77-4c26-b0fe-f657823ebb8d", "indicator--3937a026-6732-4b7d-abb2-85d29c590a1d", "indicator--780ae267-d937-4acd-a291-95777bc324b5", "indicator--1fac7fd2-1168-4a1f-945c-f0ee32dfb502", "indicator--48903724-1866-454b-889b-5ce503d0d571", "indicator--34a61b72-2558-4259-9cff-ca63f27078ed", "indicator--754e5066-1cf1-4043-9213-ebfe4047372c", "indicator--87903ba3-0efc-468f-ac75-52898b7e8f73", "indicator--14a3d130-019a-44ec-8748-3a413daa0eea", "indicator--514c5895-c0be-4be5-afff-966e646e8a15", "indicator--f3727a52-8a65-4981-88f6-e59a19859276", "indicator--f56444b5-bdf9-4797-b119-d498ca952a2b", "indicator--125c6d4e-f6d4-418f-906c-52d84f1e7716", "indicator--2a40d59f-db23-4321-9d8c-c42c975bfeb1", "indicator--bf4b8df7-30ab-47b7-8ab1-7613904b16f1", "indicator--b5d5d93a-efe0-4b92-a598-f0469238c1d8", "indicator--6fa62a80-10d3-4231-8a91-93821b26d441", "indicator--7194dc14-19a1-4e15-b6c4-e719d2173fe0", "indicator--37e5410d-b856-407f-87f9-8af2b9d5e912", "indicator--2363aa94-f60a-42bf-bea3-a991125de5aa", "indicator--4921aa93-bf1f-482f-8c45-86493772fb90", "indicator--e18c8e9e-a022-4d12-9fc1-a459bdcea74c", "indicator--d80daa77-cafc-4a98-980e-32d6c4a49510", "indicator--a0d545d3-2b52-4c76-a9b2-e8812eb70bfa", "indicator--18612900-27a4-4e2c-b1a1-bdfa8550108e", "indicator--851bb9d1-2476-401a-a4f3-159d373eae4c", "indicator--59291766-0fde-4d8b-bf2e-e6717da8de96", "indicator--38714092-3e5e-4cd1-9033-05f1a6bcd33b", "indicator--de80555f-cbfd-410f-86f1-f5079e658295", "indicator--7201dd76-373a-4ef3-ae32-ed5e2d9954b4", "indicator--60d47caf-e4a8-40c9-9bd2-1d95bcc979cf", "indicator--c70724eb-b1a5-431c-92cb-63d501c114ed", "indicator--274428fa-9e17-4088-9180-80d7b0928cdb", "indicator--04eef561-3636-43cc-858c-3664aa62f0ba", "indicator--528e61dd-f4ed-4771-b6d5-1afac360565b", "indicator--d4ff3f40-de55-46f1-8c6b-c1ab576707c0", "indicator--a885c8ec-1181-4c63-860d-51c900e368ea", "indicator--5f57c44c-f15e-4da3-b506-49a2b55ac7ed", "indicator--6c8187a6-aebf-4c7a-9dbb-5544994f6df9", "indicator--9edae6cf-b14a-4342-b86c-0514f9801aa7", "indicator--770e7b1a-7aa9-48a5-b59f-9da26a65fdaa", "indicator--23c9db84-2c6e-4d2f-b276-b1a045f5611f", "indicator--dbd6f45e-3c19-455c-b011-865719bd32ce", "indicator--92197b09-0f1a-4407-b999-52c680bf03aa", "x-misp-object--af3be992-38a1-4658-83ef-815740dddd20", "indicator--1bf76bf3-2ac7-432d-8632-da0a3f879e2e", "indicator--9b0fd0fa-4b8f-4b68-8297-6060e5956dad" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "tlp:clear" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32089aee-e968-4036-81ba-7624c35ac4d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-20T11:45:46.000Z", "modified": "2023-06-20T11:45:46.000Z", "pattern": "[file:name = 'hulalalMCROSOFT.vbs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-20T11:45:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--630568fd-a16f-4923-b962-8cd4501da921", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T08:29:08.000Z", "modified": "2023-06-21T08:29:08.000Z", "pattern": "[url:value = 'http://crypters.coolpage.biz/rumps/Rumppp.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T08:29:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d6c5ed1-d204-4162-9a77-48d8ecce0bae", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T08:29:08.000Z", "modified": "2023-06-21T08:29:08.000Z", "pattern": "[url:value = 'https://bitbucket.org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T08:29:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b8419835-5db0-46da-862c-a33bcdf87ae8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T08:29:08.000Z", "modified": "2023-06-21T08:29:08.000Z", "description": "hogya - harsh singh", "pattern": "[url:value = 'https://bitbucket.org/hogya/workspace/snippets/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T08:29:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--32aaa5eb-08ff-4692-905d-3a9299c82689", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T08:29:08.000Z", "modified": "2023-06-21T08:29:08.000Z", "description": "choasknight", "pattern": "[url:value = 'https://bitbucket.org/choasknight/workspace/snippets/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T08:29:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d6cdd00c-6cf1-4508-a334-c1675389c4a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:12:29.000Z", "modified": "2023-06-21T10:12:29.000Z", "pattern": "[url:value = 'https://1230948\\\\%1230948\\\\%1230948\\\\%1230948\\\\%1230948\\\\%1230948@bitly.]com/dsasabshjkahsadnjksalhndjksa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:12:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9bb9ce3d-4c87-4219-8dd9-c06451060545", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/dghiaksgdbshagdh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8756bc58-f42c-4a7f-b871-4b0f43ca2f7d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/etwuiqdbshadbsgha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e08a796c-8241-41f5-a0f9-f44d041bf61d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/etyqwuidgshaja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c67ea83-da1f-428f-b8b1-555c5a592098", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/etywuiqdbhsnadg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d12a405a-4d7e-4fb7-8c91-1e548af5c7fd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/etywuiqdhbsgjj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--650497e7-700d-4b67-a051-e49e6839a537", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/etywuiqdhjkasdnbvh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b03e958f-4e52-4af2-b54f-556a3d4d282c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiasdbnjkasdhkashd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0798a83f-44c4-4634-a2f7-b6ecd8b2da0e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiqwdbhasgdjsha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--684fb21a-5b06-4aa4-8bfe-84f2fa5ac53f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiqwdhjkasdbsadgb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e572f482-7f0c-4529-9c2f-2e4a22658916", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiqwdhksbgjsha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ed047d8-0795-4ec0-bb7a-ebe14c6ff0ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiqwdhsgaddasvdj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4737f676-4ff6-4e82-94f0-9102eecec537", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eyuiqwhdjkasdghj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4d540c5-f33f-484d-b06f-fac919ecb26b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eywuiqdbnamsdgjh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--44d29af2-c1d6-4d07-80c8-946e7ed0c6cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eywuiqdhjkasdbgmh']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d33e7116-1ba7-49e5-abb5-9acf804a9587", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/eywuiqdhnjkasbdjsghah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--da3189cc-0235-484f-8e85-977fb1a61d73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/qywuiehasgdshaj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3404c521-413b-4e73-9fa7-e82ce9376f94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/twyiqgshagsja']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--892d430e-0ca6-4ce3-9439-8e8b075f91e6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/yeuioqwhdkjasgd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--76ff4fc7-0106-4a1c-a63a-ca3472e06907", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/yeuiwqhdbasnvgjha']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2c893001-4778-4534-bab8-a6c850f47dfc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:28:12.000Z", "modified": "2023-06-21T10:28:12.000Z", "pattern": "[url:value = 'https://bitly.com/yqweikkajsbdjsgadhasdbg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:28:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--01af4767-33bc-4aba-9973-6a353cf5fb23", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:53:59.000Z", "modified": "2023-06-21T10:53:59.000Z", "pattern": "[url:value = 'https://madarbloghogya.blogspot.com/p/longdickback1.]html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:53:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5e5b9a25-2628-47be-8eeb-cdeef3f9d37f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:53:59.000Z", "modified": "2023-06-21T10:53:59.000Z", "pattern": "[url:value = 'https://madarbloghogya.blogspot.com/p/rothwellback.]html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:53:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b5726d6-3d8f-4b47-b3ef-56235ccdce9f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/bxkkpz/4118f44550b85bec2ae65d3e55bf77b2101991c8/files/calib111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dc902153-1115-4531-ba86-757cc9dc5faa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/dxkkpr/2a7b31d0309cf290a0a4c692077fd013669991b2/files/charles11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--461e1888-aaa6-4102-908e-180c14af2cb3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/7XkkMb/3cb71404b16fd36f48bb66d71c61d6055fe8fbd3/files/dark1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--489aa087-aac8-4054-8e17-1abb1ec7a59a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkMx/5b19e6bac2c7b95e36211bb737603c38bcc64885/files/ghul1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96a96090-6a9a-423a-9324-996c005570ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/Epgg7x/90823c7b15d8d3c9aa74b74766a264f2cdaff147/files/long11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d6f1f05-eceb-4ab8-b8bd-c4749ae2d79a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqjX/1cf020a5bcfd0f3a613b1356558b4e5c67136435/files/mrk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--358c78da-7fe5-44f6-a565-d4a1cf951e34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEMa/2c4fbe9f83764ed4c53961886e563861399257d5/files/muti']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2f004a3e-d63f-4130-bda9-3ebd027256a9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/A9MM7b/b1f5d79e5438016d91d7a42680532aed1cff8657/files/qw2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7969287f-795d-4366-a389-05cd0fc2d6b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLg/a2975578cff84cf6c198f055b21a7a6e3f14cd15/files/rotyh12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b0eab0d8-740b-4ff4-965c-859d99c71ddd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgk/81cf1a8c4f8ec324adf7e8729c8c19d6f3191d34/files/van1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9db74dc5-3f89-400a-9d04-2d1722bc14bb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/7Xkkdr/71b71d4e957ac56cd5bc6d1558b81f44210cd884/files/calib-1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--137206b4-41e7-49a8-b8a7-15f04a3f0f51", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLe/b4e47bf432d722a20ecd7b8d532de88c5274468e/files/charles123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b455dce0-4048-453f-a0ef-9fec55e74505", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgA/236882c179c87120ea611078d65f6af854a3da76/files/dark123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--031ce0aa-1884-4419-92c5-a5f2f299d279", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbx/b985a138bfcc230075309d6393d9a77a013146d2/files/ghul123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--22a021ca-484b-4818-8f97-39c264c0004f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/yXEEdx/fd5b2f66e22535e681f5d9b75f380f15645e8ea5/files/long132']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38ff91e7-5d34-43b5-92cc-4ba1fe0b09a4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/KpMMLk/30b96224276ce0482b9ca6a8e8d51b1a80af06dc/files/mrk123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87e83393-5003-478e-9085-ade6c2762d09", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/rXEEgg/947b59abdf17355aa212f65cc26ed3a0a694dd30/files/muti001']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cbb6d961-abc3-43aa-8e25-f77c15dd710e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/nxkkbj/93313de40a32b1c85bf7c5ef52d103808e400c89/files/qwe22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--85ba72a9-3a60-4979-bfbf-ef263bc4160c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/LpMMnx/78c83d16ba68da5bd2cdc3a25e26e367c7b10f05/files/roth123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f85057a4-3d7e-43c7-bf69-a5b7b7f84ae6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/qXkkda/da9c321b635563490e760230601e6da016df6172/files/van123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8ad343a2-3853-4287-8918-2659eca905cc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/kxqqay/1b716492745a665eea93dd18261a7a3c9f8ac85f/files/reza']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6ed9fe69-d3d5-4876-95de-5559f3083639", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/hogya/exEE5y/c407ebf390895c289726d38e17ace212689e34f8/files/reza-111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--68059aa3-b7f5-405c-b49e-64535aa3f928", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/choasknight/6XEXAo/6602fb280c0f18337286988b9af658023a7cc994/files/test']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2f6630d-41bb-45ba-97f7-745091064e38", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/choasknight/kxqxxA/5864261b6610d863302b06c528fe1a85d4db7072/files/darkhorse']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27a2e274-3a77-4c26-b0fe-f657823ebb8d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T10:55:20.000Z", "modified": "2023-06-21T10:55:20.000Z", "pattern": "[url:value = 'https://bitbucket.]org/!api/2.0/snippets/choasknight/yXEXXn/2b8cdcdeaa63834b21dba9c15a50226a5629a888/files/darkhorsepart2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T10:55:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3937a026-6732-4b7d-abb2-85d29c590a1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '014d5412e803d0abe1bdf1f29d02e389603ad5c30e449920f6995748e9310542']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--780ae267-d937-4acd-a291-95777bc324b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '19451a668953bd2a206283163714425ed75f822b8ac915f1e04b966671a1a23c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fac7fd2-1168-4a1f-945c-f0ee32dfb502", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '27b7e68d5d728b339dc5d8fbc6a9f4194da0ba1ffc471d58c3cabf2a2ebd426d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48903724-1866-454b-889b-5ce503d0d571", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '29a4107734ec549b59d5babd945ceb6c254375011165d34e70e86553c27581c8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--34a61b72-2558-4259-9cff-ca63f27078ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '36f26fffbe92ea0a9fbd25908fd12af52f2dad967a1369c77ef97e76c1638ca3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--754e5066-1cf1-4043-9213-ebfe4047372c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '414f56a4bbedb067cfa571d107103f705d742d10e2fe7163c97d6925e62ea853']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87903ba3-0efc-468f-ac75-52898b7e8f73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '468f28807ef4d3e8cbd812d808b9573fb87ba83a037503c9c14f032ca08deb2e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14a3d130-019a-44ec-8748-3a413daa0eea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '54f8342dec4a0b60e369292eee00cb6b8676ec48973a3a345a217febb0f3488e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--514c5895-c0be-4be5-afff-966e646e8a15", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '5665e106ce98224e6f1d02a49c86e01778ed630ab53b55f5ed50126bd1666c06']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3727a52-8a65-4981-88f6-e59a19859276", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '639f108d6fa7469827be4396f086b95158ee28a7eec6867cedaf2d4007a3784b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f56444b5-bdf9-4797-b119-d498ca952a2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '6d492bbc2e972b9720bb9463733ed550236742341952e0d5a31c0f0220beffdd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--125c6d4e-f6d4-418f-906c-52d84f1e7716", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '81698424c325e40c1cd537719a228cf99fcacd1b954e717f27c4ba32c5cd83fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a40d59f-db23-4321-9d8c-c42c975bfeb1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '89d2bfac1aa9427857b229ec9f1acae69a865bb33a88f33e7264e82bd4463b35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--bf4b8df7-30ab-47b7-8ab1-7613904b16f1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '8a17d0e4a4f310a8aeb27a2e30cfc463c2d5a2bfa2772b0a5d5700b4c1e1c3bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b5d5d93a-efe0-4b92-a598-f0469238c1d8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '8ed21a5bfe917fcba312ed2b630deadba0a4d623f4bccf74dd80149b176d414e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6fa62a80-10d3-4231-8a91-93821b26d441", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '9c3ecaecc2339b973eacaa4da07dae33964c75c7766f36c862c988491d4ecbb0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7194dc14-19a1-4e15-b6c4-e719d2173fe0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '9f4a60a9f9c8ac29814bf0e94360ca1502973ad2530bb66f8c4e2b75977d7311']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--37e5410d-b856-407f-87f9-8af2b9d5e912", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'a3d8bc6d455eaeca2f0fbe462f6348c0f61242dc7bde1c48d27b33f1d8cf1d9d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2363aa94-f60a-42bf-bea3-a991125de5aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'a98f6606e576078f0735d504dfd4c4276fd91d918117a29334ff41107c3d269e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4921aa93-bf1f-482f-8c45-86493772fb90", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'acd370830c92939272a8503ef834d5892108133de131407d10c7435e1514208b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e18c8e9e-a022-4d12-9fc1-a459bdcea74c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'bc1254a16b628102bb13c3501d2c52063f16c7857419455790863beec30f31e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d80daa77-cafc-4a98-980e-32d6c4a49510", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'c4d3db664407cd7dde28b6490dc2cbaafad0b91740bf51b480b1f4c324834fd1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a0d545d3-2b52-4c76-a9b2-e8812eb70bfa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'd0d36b28f2d009efd9ebf8006d5a937bdf61e408166d7d811ed01bc4a6cc61ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--18612900-27a4-4e2c-b1a1-bdfa8550108e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'd3b83d76e76c22b2881a3e5b86afbfd020b631584ed0a40f67d5820a572bc5f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--851bb9d1-2476-401a-a4f3-159d373eae4c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'd4ee5546b462eb2cf6f88ca39fcc208904d02488782ab0285c06e1e35c1a754e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59291766-0fde-4d8b-bf2e-e6717da8de96", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'fe5811c318713cbdf188b2fae370dd8827715fd9e0e5a1ee367823343d0d5a0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--38714092-3e5e-4cd1-9033-05f1a6bcd33b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'e2a2f3d6aae6a4ca060d5f761591f6edb9db80677bdd7bb9ba71f8c88b0dbf38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--de80555f-cbfd-410f-86f1-f5079e658295", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = 'bb5bdc809fe22bdc88652c5ca93aba8c90798d55e62d7fc0cbc44740bf6bf1d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7201dd76-373a-4ef3-ae32-ed5e2d9954b4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--60d47caf-e4a8-40c9-9bd2-1d95bcc979cf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:35:51.000Z", "modified": "2023-06-21T11:35:51.000Z", "pattern": "[file:hashes.SHA256 = '94ac4b5dc33bd0374952731853642a4eca8bdb9be12b861297d7dd8f0e527c19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c70724eb-b1a5-431c-92cb-63d501c114ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-calib/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--274428fa-9e17-4088-9180-80d7b0928cdb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-charles/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--04eef561-3636-43cc-858c-3664aa62f0ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-dark/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--528e61dd-f4ed-4771-b6d5-1afac360565b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-ghul/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d4ff3f40-de55-46f1-8c6b-c1ab576707c0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-greg/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a885c8ec-1181-4c63-860d-51c900e368ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-long/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5f57c44c-f15e-4da3-b506-49a2b55ac7ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-mrk/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6c8187a6-aebf-4c7a-9dbb-5544994f6df9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-muti/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9edae6cf-b14a-4342-b86c-0514f9801aa7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-reza/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--770e7b1a-7aa9-48a5-b59f-9da26a65fdaa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-roth/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--23c9db84-2c6e-4d2f-b276-b1a045f5611f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-trade/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbd6f45e-3c19-455c-b011-865719bd32ce", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-van/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92197b09-0f1a-4407-b999-52c680bf03aa", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-21T11:37:06.000Z", "modified": "2023-06-21T11:37:06.000Z", "pattern": "[url:value = 'http://69.174.99.181/webpanel-zoe/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-21T11:37:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--af3be992-38a1-4658-83ef-815740dddd20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-20T11:41:32.000Z", "modified": "2023-06-20T11:41:32.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/", "category": "External analysis", "uuid": "8a3ad064-de1d-40aa-ab74-6ab83b3ba159" }, { "type": "text", "object_relation": "summary", "value": "Threat actors' consistency over time represents an indication of effectiveness and experience, resulting in an increasing risk for targeted companies. \r\n\r\nThe Yoroi Malware ZLAB is tracking the threat actor Aggah (TH-157) since 2019, along with PaloAlto UNIT42, HP and Juniper Networks, and the persistency of its malicious operation over time reveals a structured information stealing infrastructure, a worldwide campaign capable of quickly varying its distribution technique. \r\n\r\nWe discovered new data theft and reconnaissance operations targeting multiple victims worldwide, including Ukraine, Lithuania, and Italy. The whole campaign impacted hundreds of victims and lasted for two months. CERT Yoroi was able to track the malware distribution infrastructure which was abusing the Bitbucket code repository infrastructures to evade detection mechanism, URL and domain reputation security check. \r\n\r\nThe following article describes how TH-157 conducted this new wave of attacks along with all the indicators needed by security teams to hunt down active intrusions.", "category": "Other", "uuid": "3aa32c47-1ff2-4665-bcbb-352028f449c6" }, { "type": "text", "object_relation": "type", "value": "Report", "category": "Other", "uuid": "d8c7ec8b-0c83-4a9d-ab32-06ff30b2302d" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1bf76bf3-2ac7-432d-8632-da0a3f879e2e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-20T11:42:48.000Z", "modified": "2023-06-20T11:42:48.000Z", "description": "Aggah Campaign November 2021 - Malicious PPA macro dropper \t", "pattern": "[file:hashes.SHA256 = '17f3f34d7814338c40153073fed0ed0414ecb4f76ca9d3d337b8b09da85f2a57' AND file:hashes.SSDEEP = '384:IKyo59LwWOIZlIjlaRKPPYglCLMvu61aUr/clFo39D:J59UWOI3mbkLhHmcjo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-20T11:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9b0fd0fa-4b8f-4b68-8297-6060e5956dad", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2023-06-20T11:47:22.000Z", "modified": "2023-06-20T11:47:22.000Z", "pattern": "[file:name = 'xxx1.txt' AND file:x_misp_fullpath = '\\\\%PUBLIC\\\\%\\\\xxx1.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2023-06-20T11:47:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }