misp-circl-feed/feeds/circl/stix-2.1/98eb923a-6da8-4c63-87a0-a97a2eef3c98.json

2162 lines
No EOL
91 KiB
JSON

{
"type": "bundle",
"id": "bundle--98eb923a-6da8-4c63-87a0-a97a2eef3c98",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-09-06T03:00:05.000Z",
"modified": "2023-09-06T03:00:05.000Z",
"name": "Centre for Cyber security Belgium",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--98eb923a-6da8-4c63-87a0-a97a2eef3c98",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-09-06T03:00:05.000Z",
"modified": "2023-09-06T03:00:05.000Z",
"name": "CustomerLoader: a new malware distributing a wide variety of payloads",
"published": "2023-09-06T03:01:02Z",
"object_refs": [
"indicator--73079733-94cc-4977-9ae8-21170b01f192",
"indicator--7729ec3a-f59b-4f10-aa08-610417e76615",
"indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655",
"indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093",
"indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9",
"indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1",
"indicator--7a183367-2ccd-4487-8f10-c749658a7a84",
"indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1",
"indicator--a144d890-79c7-48f9-a832-abc885382a89",
"indicator--2da87919-117a-4f9e-b8ca-436be650c645",
"indicator--fee765d6-e638-43f5-95f5-4e5b4d296752",
"indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4",
"indicator--ae8c6189-1237-4bfa-8669-e36124152dad",
"indicator--7245836c-7dfa-48fc-8330-85a879ee6343",
"indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435",
"indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d",
"indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a",
"indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624",
"indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5",
"indicator--326c6f69-798e-41d5-b88b-6028079609ea",
"indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b",
"indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06",
"indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8",
"indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7",
"indicator--97479af0-ef0e-481c-bec1-82c36ad93e81",
"indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f",
"indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497",
"indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01",
"indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d",
"indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a",
"indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828",
"indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c",
"indicator--a73ebe37-62c8-4325-a594-f19988acc65f",
"indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c",
"indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8",
"indicator--73e3f627-cd30-4740-8003-9876133aa266",
"indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233",
"indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2",
"indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f",
"indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50",
"indicator--49dd8434-0ce8-4635-b256-9a291711fb1d",
"indicator--725faf44-1d4e-4605-874a-c11d7c8037d4",
"indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51",
"indicator--09904864-5c88-4074-aeef-dd3070a2d953",
"indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46",
"indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27",
"indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493",
"indicator--9933c87b-63e9-4545-9b63-f344b3928605",
"indicator--b6daf1a9-ae53-4046-965c-058ce949d60d",
"indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2",
"indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0",
"indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03",
"indicator--268abd35-5515-495d-8671-536c285a1ef8",
"indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6",
"indicator--f46ff266-6855-4207-bfc6-60290cf58094",
"indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8",
"indicator--1dbca102-9c8c-49ce-8a11-17640306433d",
"observed-data--c8573245-d288-478e-946f-a1062740dab5",
"network-traffic--c8573245-d288-478e-946f-a1062740dab5",
"ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
"indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97",
"indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
"indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
"indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
"indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa",
"indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
"indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
"indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
"indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
"indicator--690ead91-a1de-4a85-b227-64f58a2f79dd",
"indicator--a208990a-f956-4cdb-bc5f-09004f922aac",
"indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
"indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
"indicator--f544867c-5acf-4970-a96a-7468d570c56b",
"indicator--2dfde444-2afe-4ca3-9214-c790837a08c5",
"indicator--40be5e44-04aa-41c4-8a97-0e642cb84940",
"indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954",
"x-misp-object--739097b3-9ba6-442c-872f-528f42278bad",
"note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7",
"relationship--62b628db-4794-4fa6-abec-63f73a7a97b8",
"relationship--e62af11f-e111-420a-82c4-30586e19f2ac",
"relationship--ecb2b46f-983b-4ddb-97bc-baa802fd5fb7",
"relationship--14043d3a-bfb8-4b2b-92ab-3e64710fc199",
"relationship--46cb52d3-f323-4eb6-b96a-a42ee62701f2",
"relationship--1bb134b1-74d6-48ba-94ad-f6ef9452fbbe",
"relationship--d9e0b152-8e01-49e2-965a-f648a5287f01",
"relationship--a2f16c2f-f63a-4da0-8701-1df77a30ad55",
"relationship--a870bd76-c541-452d-bf82-9c3b8eab16fb",
"relationship--1dd876a5-3375-4b2c-a00f-6ca15bc27741",
"relationship--8023444b-7eac-40cb-b7c7-c8473b366f15",
"relationship--0c2cb212-86ac-4ed2-a578-f53bebcc3820",
"relationship--05058e0a-b2fe-4e0b-80c1-ca718c731b61",
"relationship--777de234-5a91-466d-899e-81728d266d0f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"admiralty-scale:source-reliability=\"b\"",
"admiralty-scale:information-credibility=\"2\"",
"DOTRUNPEX",
"Loader",
"feedly:source=\"Sekoia.io Blog\"",
"malware_classification:malware-category=\"Downloader\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"",
"misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"",
"misp-galaxy:malpedia=\"vidar\"",
"misp-galaxy:malpedia=\"XLoader\"",
"misp-galaxy:malpedia=\"Agent Tesla\"",
"misp-galaxy:malpedia=\"AsyncRAT\"",
"misp-galaxy:malpedia=\"Ave Maria\"",
"misp-galaxy:malpedia=\"DarkCloud Stealer\"",
"misp-galaxy:malpedia=\"LgoogLoader\"",
"misp-galaxy:malpedia=\"RedLine Stealer\"",
"misp-galaxy:malpedia=\"SectopRAT\"",
"misp-galaxy:malpedia=\"Stealc\"",
"misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"",
"misp-galaxy:mitre-malware=\"WarzoneRAT - S0670\"",
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
"misp-galaxy:mitre-tool=\"Remcos - S0332\"",
"misp-galaxy:rat=\"AsyncRAT\"",
"misp-galaxy:stealer=\"Vidar\"",
"misp-galaxy:stealer=\"DarkCloud Stealer\"",
"misp-galaxy:tool=\"FormBook\"",
"misp-galaxy:tool=\"Agent Tesla\"",
"misp-galaxy:malpedia=\"BitRAT\"",
"misp-galaxy:mitre-malware=\"WannaCry - S0366\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"",
"misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"",
"misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
"misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"",
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
"misp-galaxy:mitre-attack-pattern=\"Dynamic API Resolution - T1027.007\"",
"misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"",
"misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
"misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"",
"misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"",
"tlp:clear"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73079733-94cc-4977-9ae8-21170b01f192",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:23:31.000Z",
"modified": "2023-07-14T13:23:31.000Z",
"description": "C2 server associated with CustomLoader",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.42.94.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7729ec3a-f59b-4f10-aa08-610417e76615",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:23:31.000Z",
"modified": "2023-07-14T13:23:31.000Z",
"description": "C2 server associated with CustomLoader",
"pattern": "[domain-name:value = 'kyliansuperm92139124.sbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:38.000Z",
"modified": "2023-07-14T14:11:38.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'get-vbs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:39.000Z",
"modified": "2023-07-14T14:11:39.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'cmd2.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:39.000Z",
"modified": "2023-07-14T14:11:39.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'mymine.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:39.000Z",
"modified": "2023-07-14T14:11:39.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'vbs1.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7a183367-2ccd-4487-8f10-c749658a7a84",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:39.000Z",
"modified": "2023-07-14T14:11:39.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'vbs22.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:11:39.000Z",
"modified": "2023-07-14T14:11:39.000Z",
"description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
"pattern": "[domain-name:value = 'vbs3.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:11:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a144d890-79c7-48f9-a832-abc885382a89",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:04.000Z",
"modified": "2023-07-14T14:13:04.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'macros-pro.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2da87919-117a-4f9e-b8ca-436be650c645",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:05.000Z",
"modified": "2023-07-14T14:13:05.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'plugin4free.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fee765d6-e638-43f5-95f5-4e5b4d296752",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:05.000Z",
"modified": "2023-07-14T14:13:05.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'self-games.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:05.000Z",
"modified": "2023-07-14T14:13:05.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'slackmessenger.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae8c6189-1237-4bfa-8669-e36124152dad",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:06.000Z",
"modified": "2023-07-14T14:13:06.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'soft-got.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7245836c-7dfa-48fc-8330-85a879ee6343",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:06.000Z",
"modified": "2023-07-14T14:13:06.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'vpnsget.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:06.000Z",
"modified": "2023-07-14T14:13:06.000Z",
"description": "Distribution site (landing page)",
"pattern": "[domain-name:value = 'vstget.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:35.000Z",
"modified": "2023-07-14T14:13:35.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'seif-games.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'self-games.host']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'self-games.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'self-games.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--326c6f69-798e-41d5-b88b-6028079609ea",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'self-games.space']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'soft-got.co']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'soft-got.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'soft-got.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'vst-dw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--97479af0-ef0e-481c-bec1-82c36ad93e81",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:13:36.000Z",
"modified": "2023-07-14T14:13:36.000Z",
"description": "Redirection to distribution website",
"pattern": "[domain-name:value = 'vstdw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:07.000Z",
"modified": "2023-07-14T14:14:07.000Z",
"description": "File hosting domain",
"pattern": "[domain-name:value = 'hardcoverradio.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:07.000Z",
"modified": "2023-07-14T14:14:07.000Z",
"description": "File hosting domain",
"pattern": "[domain-name:value = 'macrospro.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:07.000Z",
"modified": "2023-07-14T14:14:07.000Z",
"description": "File hosting domain",
"pattern": "[domain-name:value = 'plugin4free.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:08.000Z",
"modified": "2023-07-14T14:14:08.000Z",
"description": "File hosting domain",
"pattern": "[domain-name:value = 'slackmessenger.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:08.000Z",
"modified": "2023-07-14T14:14:08.000Z",
"description": "File hosting domain",
"pattern": "[domain-name:value = 'vpnsget.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:48.000Z",
"modified": "2023-07-14T14:14:48.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'adanagram.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'bin-a.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a73ebe37-62c8-4325-a594-f19988acc65f",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'bin-b.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'bin-c.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'bin-d.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73e3f627-cd30-4740-8003-9876133aa266",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'cmd1.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'cmd2.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'cmd22.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-a.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-b.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--49dd8434-0ce8-4635-b256-9a291711fb1d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-c.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--725faf44-1d4e-4605-874a-c11d7c8037d4",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-d.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-i.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--09904864-5c88-4074-aeef-dd3070a2d953",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-vbs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'get-y.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'hautegaleria.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'jacksmanual.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9933c87b-63e9-4545-9b63-f344b3928605",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:49.000Z",
"modified": "2023-07-14T14:14:49.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'vbs1.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b6daf1a9-ae53-4046-965c-058ce949d60d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:50.000Z",
"modified": "2023-07-14T14:14:50.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'vbs2.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:50.000Z",
"modified": "2023-07-14T14:14:50.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'vbs22.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:14:50.000Z",
"modified": "2023-07-14T14:14:50.000Z",
"description": "Redirection to file hosting domain",
"pattern": "[domain-name:value = 'vbs3.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:14:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:15:23.000Z",
"modified": "2023-07-14T14:15:23.000Z",
"description": "Miner\u2019s C2 domain",
"pattern": "[domain-name:value = 'minemy.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--268abd35-5515-495d-8671-536c285a1ef8",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:15:23.000Z",
"modified": "2023-07-14T14:15:23.000Z",
"description": "Miner\u2019s C2 domain",
"pattern": "[domain-name:value = 'mymine.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:16:02.000Z",
"modified": "2023-07-14T14:16:02.000Z",
"description": "Encrypted file hosting domain",
"pattern": "[domain-name:value = 'crypt1.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f46ff266-6855-4207-bfc6-60290cf58094",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:16:02.000Z",
"modified": "2023-07-14T14:16:02.000Z",
"pattern": "[domain-name:value = 'gethere.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:16:02.000Z",
"modified": "2023-07-14T14:16:02.000Z",
"description": "Server hosting macro-pro.]net",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.91.124.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1dbca102-9c8c-49ce-8a11-17640306433d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:16:02.000Z",
"modified": "2023-07-14T14:16:02.000Z",
"description": "On port 80 - Redline C2 server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.193.255.48' AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--c8573245-d288-478e-946f-a1062740dab5",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-17T12:44:03.000Z",
"modified": "2023-07-17T12:44:03.000Z",
"first_observed": "2023-07-17T12:44:03Z",
"last_observed": "2023-07-17T12:44:03Z",
"number_observed": 1,
"object_refs": [
"network-traffic--c8573245-d288-478e-946f-a1062740dab5",
"ipv4-addr--c8573245-d288-478e-946f-a1062740dab5"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--c8573245-d288-478e-946f-a1062740dab5",
"dst_ref": "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
"value": "179.43.170.241"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:12:39.000Z",
"modified": "2023-07-14T13:12:39.000Z",
"pattern": "[url:value = 'http://smartmaster.com.my/48E003A01/48E003A01.7z']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:12:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:15:35.000Z",
"modified": "2023-07-14T13:15:35.000Z",
"pattern": "[file:hashes.SHA256 = 'd40af29bbc4ff1ea1827871711e5bfa3470d59723dd8ea29d2b19f5239e509e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:20:52.000Z",
"modified": "2023-07-14T13:20:52.000Z",
"pattern": "[file:hashes.SHA256 = '3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:20:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:20:17.000Z",
"modified": "2023-07-14T13:20:17.000Z",
"pattern": "[url:value = 'http://5.42.94.169/customer/735']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:20:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:24:59.000Z",
"modified": "2023-07-14T13:24:59.000Z",
"pattern": "[url:value = 'https://telegra.ph/Full-Version-06-03-2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:24:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:29:20.000Z",
"modified": "2023-07-14T13:29:20.000Z",
"pattern": "[url:value = 'https://www.mediafire.com/file/nnamjnckj7h80xz/v2.4_2023.rar/file']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:29:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:30:20.000Z",
"modified": "2023-07-14T13:30:20.000Z",
"pattern": "[url:value = 'https://www.mediafire.com/file/lgoql94feiic0x7/v2.5_2023.rar/file']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:30:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:48:01.000Z",
"modified": "2023-07-14T13:48:01.000Z",
"pattern": "[file:hashes.SHA256 = 'c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6' AND file:name = 'Setup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:48:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:52:33.000Z",
"modified": "2023-07-14T13:52:33.000Z",
"description": "First-stage C2 server used in an infection starting with compromised Youtube channels. An encrypted payload can be downloaded from this address.",
"pattern": "[url:value = 'http://5.42.94.169/customer/770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:52:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:49:53.000Z",
"modified": "2023-07-14T13:49:53.000Z",
"description": "C2 server communicating with Raccoon Stealer",
"pattern": "[domain-name:resolves_to_refs[*].value = '45.9.74.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a208990a-f956-4cdb-bc5f-09004f922aac",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:50:20.000Z",
"modified": "2023-07-14T13:50:20.000Z",
"description": "C2 server communicating with Raccoon Stealer",
"pattern": "[domain-name:resolves_to_refs[*].value = '5.42.65.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:01:13.000Z",
"modified": "2023-07-14T14:01:13.000Z",
"description": "A webpage impersonating the website of the video conferencing software Slack distributed CustomerLoader as a fake installer. The technique used to spread this fake web site remains unknown at the time of writing, it could be SEO-poisoning, phishing emails or redirections from legitimate forums.",
"pattern": "[url:value = 'https://slackmessenger.site/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:03:43.000Z",
"modified": "2023-07-14T14:03:43.000Z",
"description": "The ZIP file contains the executable SlackSetup.exe, which turns out to be a CustomerLoader sample",
"pattern": "[file:hashes.SHA256 = 'b8f5519f7d66e7940e92f49c9f5f0cac0ae12cc9c9072c5308475bd5d093cdca' AND file:name = 'SlackSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:03:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f544867c-5acf-4970-a96a-7468d570c56b",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T13:57:44.000Z",
"modified": "2023-07-14T13:57:44.000Z",
"pattern": "[url:value = 'https://slackmessenger.pw/slack.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T13:57:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:02:58.000Z",
"modified": "2023-07-14T14:02:58.000Z",
"pattern": "[url:value = 'http://5.42.94.169/customer/798']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--40be5e44-04aa-41c4-8a97-0e642cb84940",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:07:33.000Z",
"modified": "2023-07-14T14:07:33.000Z",
"description": "C2 domain for Redline Stealer. Communications over port 80.",
"pattern": "[domain-name:value = 'missunno.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:07:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T14:08:40.000Z",
"modified": "2023-07-14T14:08:40.000Z",
"description": "C2 domain communicating with a cryptominer",
"pattern": "[url:value = 'http://179.43.170.241/BEBRIK.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-14T14:08:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--739097b3-9ba6-442c-872f-528f42278bad",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T12:53:33.000Z",
"modified": "2023-07-14T12:53:33.000Z",
"labels": [
"misp:name=\"annotation\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2023-07-12T00:00:00+00:00",
"category": "Other",
"uuid": "1e5ba5dd-4d09-4d56-8bb8-79d888160c8e"
},
{
"type": "link",
"object_relation": "ref",
"value": "https://blog.sekoia.io/customerloader-a-new-malware-distributing-a-wide-variety-of-payloads/",
"category": "External analysis",
"uuid": "9f328dc4-ec48-434f-9d26-ff17fa542c35"
},
{
"type": "text",
"object_relation": "text",
"value": "Report from Sekoia.io",
"category": "Other",
"uuid": "64add251-c842-49e9-81b7-de2b5514aa0e"
},
{
"type": "text",
"object_relation": "type",
"value": "Executive Summary",
"category": "Other",
"uuid": "b1cd70e0-fb01-4158-9b09-dacc1b0d2a50"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "annotation"
},
{
"type": "note",
"spec_version": "2.1",
"id": "note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7",
"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
"created": "2023-07-14T12:54:09.000Z",
"modified": "2023-07-14T12:54:09.000Z",
"abstract": "CustomerLoader: a new malware distributing a wide variety of payloads",
"content": "During our daily threat hunting routine, we identified an undocumented .NET loader aimed at downloading, decrypting and executing next-stage payloads. In early June 2023, this new loader was actively distributed by multiple threat actors using malicious phishing emails, YouTube videos, and web pages impersonating legitimate websites. \r\n\r\nWe named this new malware \u201cCustomerLoader\u201d because of the presence of the string \u201ccustomer\u201d in its Command and Control (C2) communications and loading capabilities.\r\n\r\nThe malwrhunterteam and g0njxa researchers also observed campaigns distributing CustomerLoader in early June 2023.\r\n\r\nSekoia.io analysts\u2019 investigation led us to discover that all payloads downloaded by CustomerLoader are dotRunpeX samples that deliver a variety of malware families, including infostealers, Remote Access Trojans (RAT) and commodity ransomware. dotRunpeX is an .NET injector implementing several anti-analysis techniques, first publicly documented by Checkpoint in March 2023.\r\n\r\nWe assess that CustomerLoader is almost certainly associated with a Loader-as-a-Service, which remains unknown at the time of writing. It is possible that CustomerLoader is a new stage added before the execution of the dotRunpeX injector by its developer.\r\n\r\nThis blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware families, and details on three infection chains observed distributing the loader.",
"object_refs": [
"report--98eb923a-6da8-4c63-87a0-a97a2eef3c98"
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--62b628db-4794-4fa6-abec-63f73a7a97b8",
"created": "2023-07-14T13:15:35.000Z",
"modified": "2023-07-14T13:15:35.000Z",
"relationship_type": "downloaded-from",
"source_ref": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
"target_ref": "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e62af11f-e111-420a-82c4-30586e19f2ac",
"created": "2023-07-14T13:17:46.000Z",
"modified": "2023-07-14T13:17:46.000Z",
"relationship_type": "contained-within",
"source_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
"target_ref": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ecb2b46f-983b-4ddb-97bc-baa802fd5fb7",
"created": "2023-07-14T13:20:52.000Z",
"modified": "2023-07-14T13:20:52.000Z",
"relationship_type": "redirects-to",
"source_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
"target_ref": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14043d3a-bfb8-4b2b-92ab-3e64710fc199",
"created": "2023-07-14T13:19:32.000Z",
"modified": "2023-07-14T13:19:32.000Z",
"relationship_type": "redirects-to",
"source_ref": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
"target_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--46cb52d3-f323-4eb6-b96a-a42ee62701f2",
"created": "2023-07-14T13:29:20.000Z",
"modified": "2023-07-14T13:29:20.000Z",
"relationship_type": "downloaded-from",
"source_ref": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
"target_ref": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1bb134b1-74d6-48ba-94ad-f6ef9452fbbe",
"created": "2023-07-14T13:30:20.000Z",
"modified": "2023-07-14T13:30:20.000Z",
"relationship_type": "downloaded-from",
"source_ref": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
"target_ref": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d9e0b152-8e01-49e2-965a-f648a5287f01",
"created": "2023-07-14T13:32:45.000Z",
"modified": "2023-07-14T13:32:45.000Z",
"relationship_type": "delivered-by",
"source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
"target_ref": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a2f16c2f-f63a-4da0-8701-1df77a30ad55",
"created": "2023-07-14T13:33:12.000Z",
"modified": "2023-07-14T13:33:12.000Z",
"relationship_type": "delivered-by",
"source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
"target_ref": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a870bd76-c541-452d-bf82-9c3b8eab16fb",
"created": "2023-07-14T13:48:00.000Z",
"modified": "2023-07-14T13:48:00.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
"target_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1dd876a5-3375-4b2c-a00f-6ca15bc27741",
"created": "2023-07-14T13:52:04.000Z",
"modified": "2023-07-14T13:52:04.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
"target_ref": "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8023444b-7eac-40cb-b7c7-c8473b366f15",
"created": "2023-07-14T13:52:33.000Z",
"modified": "2023-07-14T13:52:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
"target_ref": "indicator--a208990a-f956-4cdb-bc5f-09004f922aac"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0c2cb212-86ac-4ed2-a578-f53bebcc3820",
"created": "2023-07-14T14:01:12.000Z",
"modified": "2023-07-14T14:01:12.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
"target_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--05058e0a-b2fe-4e0b-80c1-ca718c731b61",
"created": "2023-07-14T14:03:43.000Z",
"modified": "2023-07-14T14:03:43.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
"target_ref": "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--777de234-5a91-466d-899e-81728d266d0f",
"created": "2023-07-14T13:57:44.000Z",
"modified": "2023-07-14T13:57:44.000Z",
"relationship_type": "executes",
"source_ref": "indicator--f544867c-5acf-4970-a96a-7468d570c56b",
"target_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
}
]
}