{ "type": "bundle", "id": "bundle--b7a486af-8b67-4f58-873b-0ae25fea43e9", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-24T08:56:38.000Z", "modified": "2022-10-24T08:56:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--b7a486af-8b67-4f58-873b-0ae25fea43e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-24T08:56:38.000Z", "modified": "2022-10-24T08:56:38.000Z", "name": "[OSINT] No Honor Among Thieves - Prynt Stealer\u2019s Backdoor Exposed", "published": "2022-10-24T08:56:47Z", "object_refs": [ "indicator--9888e096-1341-4655-9a0c-1e53df9a6096", "indicator--6de8e173-c0fd-4be3-b4b1-42fc8c76c8e7", "indicator--d1d5db20-15d9-4e1f-a4e6-cab7a0bdf0b5", "indicator--d451551e-c177-4ed9-a989-af74bb028188", "indicator--a9b86903-b79c-455c-bbf0-7b488d90a3dc", "indicator--ae705dbd-6b31-41b9-9cfb-eb8ac1121210", "indicator--f54aa09c-1841-4826-9b28-22ef426079b6", "indicator--74ed1b4c-6d5b-4d42-91fb-b642d4079067", "indicator--ce2ad6bb-1747-4b74-bfce-8fb70c2051a0", "indicator--5ed227fe-15f1-44e9-bd7f-7fc04710ec7c", "indicator--b2cce1cd-8669-4f40-8215-2f4f141c8b1d", "indicator--4ec5a062-377a-4d46-954f-c0e9a5c9d798", "indicator--ff207b26-10e9-41d8-a901-208460f5f1f8", "indicator--3f959b7e-8c08-4fe2-b769-7ace9f1d3b20", "indicator--967a4473-5c38-421a-b44c-68d71767fec5", "indicator--b25ef0d4-7c29-4dbc-8cd5-b9619400bf65", "indicator--b176d8c2-0949-4e79-b7e7-4891a729c352", "indicator--59827e8b-9dab-44b4-aab4-4ed13b02b39b", "x-misp-object--39c86d1d-05bd-4dae-a488-360079914b64", "x-misp-object--32c7146e-8ac3-4543-889b-1c39754b6303", "x-misp-object--535b633e-9e74-4f90-8e28-bfbbc342fb33", "x-misp-object--921b1fa9-a804-47ec-99fc-2b0c63517d7a", "x-misp-object--09b2266a-460d-45cd-968a-f903dcb8e938", "x-misp-object--89ca0c35-28ce-4896-97ef-96a1277a042b", "indicator--ae21fd17-1261-4d84-a0ac-44d65e3a9c31", "indicator--df65f997-8718-4042-9aee-c63b8065db3d", "indicator--fb51780b-d597-4c98-9c55-e84bea603537", "indicator--422c54fd-935c-4f2d-b07d-3e8701cad357" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"", "misp-galaxy:malpedia=\"Prynt Stealer\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:malpedia=\"WorldWind\"", "misp-galaxy:stealer=\"DarkEye\"", "misp-galaxy:stealer=\"Prynt Stealer\"", "misp-galaxy:stealer=\"WorldWind\"", "misp-galaxy:malpedia=\"DarkEye\"", "ecsirt:intrusions=\"backdoor\"", "veris:action:malware:variety=\"Backdoor\"", "ms-caro-malware:malware-type=\"Backdoor\"", "ms-caro-malware-full:malware-type=\"Backdoor\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9888e096-1341-4655-9a0c-1e53df9a6096", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Prynt Stealer", "pattern": "[file:hashes.SHA256 = 'd8469e32afc3499a04f9bcb0ca34fde63140c3b872c41e898f4e31f2a7c1f61f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6de8e173-c0fd-4be3-b4b1-42fc8c76c8e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Prynt Stealer", "pattern": "[file:hashes.SHA256 = 'f15e92c34dd8adfcd471d726e88292d6698217f05f1d2bcce8193eb2536f817c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d1d5db20-15d9-4e1f-a4e6-cab7a0bdf0b5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "WorldWind Stealer", "pattern": "[file:hashes.SHA256 = '3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d451551e-c177-4ed9-a989-af74bb028188", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "DarkEye Stealer", "pattern": "[file:hashes.SHA256 = 'bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9b86903-b79c-455c-bbf0-7b488d90a3dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "DarkEye Stealer (old version without AsyncRAT)", "pattern": "[file:hashes.SHA256 = 'e48179c4629b5ab9e53ccb785ab3ee5eeb2e246e1897154a15fec8fd9237f44b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae705dbd-6b31-41b9-9cfb-eb8ac1121210", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Celesty Binder payload", "pattern": "[file:hashes.SHA256 = '9678ca06068b705da310aa2f76713d2d59905b12b67097364160857cd1f90c58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f54aa09c-1841-4826-9b28-22ef426079b6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Builder", "pattern": "[file:hashes.SHA256 = '654f080d5790054f0cd1a0f9b31cd7a82a4722ff3ce5093acdc31ff154f1ae24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--74ed1b4c-6d5b-4d42-91fb-b642d4079067", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "LodaRAT", "pattern": "[file:hashes.SHA256 = 'cb132691793e93ad8065f857b4b1baba92e937cfc3d3a8042ce9109e12d32b4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ce2ad6bb-1747-4b74-bfce-8fb70c2051a0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Prynt Stealer Stub", "pattern": "[file:hashes.SHA256 = 'd37d0ae4c5ced373fe1960af5ea494a6131717d1c400da877d9daa13f55439bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ed227fe-15f1-44e9-bd7f-7fc04710ec7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:56:41.000Z", "modified": "2022-10-17T06:56:41.000Z", "description": "Loader", "pattern": "[file:hashes.SHA256 = 'c79aed9551260daf74a2af2ec5b239332f3b89764ede670106389c3078e74d1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T06:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b2cce1cd-8669-4f40-8215-2f4f141c8b1d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:49:50.000Z", "modified": "2022-10-17T07:49:50.000Z", "description": "DarkEye Stealer Hosting", "pattern": "[url:value = 'https://cdn.discordapp.com/attachments/523238636561629190/890007970207907871/vltn.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:49:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ec5a062-377a-4d46-954f-c0e9a5c9d798", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:54:10.000Z", "modified": "2022-10-17T07:54:10.000Z", "description": "WorldWind - Market Website (Inactive)", "pattern": "[url:value = 'http://shop.prynt.market']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ff207b26-10e9-41d8-a901-208460f5f1f8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:54:10.000Z", "modified": "2022-10-17T07:54:10.000Z", "description": "Prynt Stealer - Market Website (Inactive)", "pattern": "[url:value = 'http://market.prynt.market']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3f959b7e-8c08-4fe2-b769-7ace9f1d3b20", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:54:10.000Z", "modified": "2022-10-17T07:54:10.000Z", "description": "Prynt Stealer - Market Website (Active)", "pattern": "[url:value = 'http://venoxxxx.xxx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:54:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--967a4473-5c38-421a-b44c-68d71767fec5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T08:14:55.000Z", "modified": "2022-10-17T08:14:55.000Z", "description": "Prynt Stealer builder package - Prynt stub used by the builder", "pattern": "[file:name = 'Stub.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T08:14:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b25ef0d4-7c29-4dbc-8cd5-b9619400bf65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T08:14:55.000Z", "modified": "2022-10-17T08:14:55.000Z", "description": "Prynt Stealer builder package - Builder executable", "pattern": "[file:name = 'Prynt Stealer.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T08:14:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b176d8c2-0949-4e79-b7e7-4891a729c352", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T08:14:55.000Z", "modified": "2022-10-17T08:14:55.000Z", "description": "Prynt Stealer builder package - Unmanaged PE", "pattern": "[file:name = 'Prynt sub.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T08:14:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59827e8b-9dab-44b4-aab4-4ed13b02b39b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T08:14:55.000Z", "modified": "2022-10-17T08:14:55.000Z", "description": "Prynt Stealer builder package - Backdoor that downloads and executes DarkEye Stealer", "pattern": "[file:name = 'Prynt.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T08:14:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--39c86d1d-05bd-4dae-a488-360079914b64", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T06:52:52.000Z", "modified": "2022-10-17T06:52:52.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed", "category": "External analysis", "uuid": "3f4d70ad-8208-4707-afa6-0f7400f55025" }, { "type": "text", "object_relation": "summary", "value": "Technical Comparison of Prynt Stealer, WorldWind, and DarkEye Malware", "category": "Other", "uuid": "ccb48af3-8af0-428e-9c57-ba2b922f879a" }, { "type": "text", "object_relation": "type", "value": "Blog", "category": "Other", "uuid": "6aad45d1-0674-4854-b666-4d813ffbbc1f" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--32c7146e-8ac3-4543-889b-1c39754b6303", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:04:02.000Z", "modified": "2022-10-17T07:04:02.000Z", "labels": [ "misp:name=\"telegram-bot\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "chat-id", "value": "1096425866", "category": "Other", "uuid": "19aa10d9-e55d-4bed-b8fd-2a4e1403553b" }, { "type": "text", "object_relation": "token", "value": "1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8", "category": "Other", "uuid": "ae8f5b64-bd3c-4c9e-896c-4c3dff3b5374" } ], "x_misp_comment": "WorldWind (hardcoded)", "x_misp_meta_category": "misc", "x_misp_name": "telegram-bot" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--535b633e-9e74-4f90-8e28-bfbbc342fb33", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:06:18.000Z", "modified": "2022-10-17T07:06:18.000Z", "labels": [ "misp:name=\"telegram-bot\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "chat-id", "value": "1937717367", "category": "Other", "uuid": "29b53d36-ff5a-4e5f-8f0b-b4f072e0ab66" }, { "type": "text", "object_relation": "token", "value": "1784055443:AAG-bXLYtnFpjJ_L3ogxA3bq6Mx09cqh8ug", "category": "Other", "uuid": "5a092591-61bc-436f-8dd4-be5af46783ce" } ], "x_misp_comment": "Prynt Stealer (hardcoded)", "x_misp_meta_category": "misc", "x_misp_name": "telegram-bot" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--921b1fa9-a804-47ec-99fc-2b0c63517d7a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:13:00.000Z", "modified": "2022-10-17T07:13:00.000Z", "labels": [ "misp:name=\"telegram-bot\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "chat-id", "value": "5038570348", "category": "Other", "uuid": "3508cefe-b0b3-4906-ab78-d73a06e0260a" }, { "type": "text", "object_relation": "token", "value": "5292408150:AAHAPbTr2Jc9L4hgsfkDkvfw_hISg6lPMMI", "category": "Other", "uuid": "b17b02c2-bc88-42bb-9de7-0106b1edf26b" } ], "x_misp_comment": "Prynt Stealer", "x_misp_meta_category": "misc", "x_misp_name": "telegram-bot" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--09b2266a-460d-45cd-968a-f903dcb8e938", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:27:23.000Z", "modified": "2022-10-17T07:27:23.000Z", "labels": [ "misp:name=\"telegram-bot\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "chat-id", "value": "1856525476", "category": "Other", "uuid": "57e39ba6-a415-4771-96c5-62ceadadc360" }, { "type": "text", "object_relation": "token", "value": "5292408150:AAHAPbTr2Jc9L4hgsfkDkvfw_hISg6lPMMI", "category": "Other", "uuid": "7849bf84-5d84-4049-a686-8834b91323ce" } ], "x_misp_comment": "Prynt Stealer", "x_misp_meta_category": "misc", "x_misp_name": "telegram-bot" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--89ca0c35-28ce-4896-97ef-96a1277a042b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:30:57.000Z", "modified": "2022-10-17T07:30:57.000Z", "labels": [ "misp:name=\"telegram-bot\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "chat-id", "value": "849561191", "category": "Other", "uuid": "a02fdd87-9fd4-4b74-af29-72cc7d256918" }, { "type": "text", "object_relation": "token", "value": "1916193181:AAHhdcx3k6mHbnJ6JLfyWtJBMChny-la8Xs", "category": "Other", "uuid": "5f075a20-5076-45dc-9217-90afc883968a" } ], "x_misp_comment": "Prynt Stealer", "x_misp_meta_category": "misc", "x_misp_name": "telegram-bot" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ae21fd17-1261-4d84-a0ac-44d65e3a9c31", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:50:35.000Z", "modified": "2022-10-17T07:50:35.000Z", "description": "DarkEye Stealer C&C ", "pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '6606']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:50:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--df65f997-8718-4042-9aee-c63b8065db3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:50:59.000Z", "modified": "2022-10-17T07:50:59.000Z", "description": "DarkEye Stealer C&C ", "pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '7707']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:50:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fb51780b-d597-4c98-9c55-e84bea603537", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:51:30.000Z", "modified": "2022-10-17T07:51:30.000Z", "description": "DarkEye Stealer C&C ", "pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '8808']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:51:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--422c54fd-935c-4f2d-b07d-3e8701cad357", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T07:52:29.000Z", "modified": "2022-10-17T07:52:29.000Z", "description": "LodaRAT C&C", "pattern": "[domain-name:value = 'daddy.linkpc.net' AND domain-name:x_misp_port = '1199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-17T07:52:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }