adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/b7a486af-8b67-4f58-873b-0ae25fea43e9.json

807 lines
No EOL
33 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--b7a486af-8b67-4f58-873b-0ae25fea43e9",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-24T08:56:38.000Z",
"modified": "2022-10-24T08:56:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--b7a486af-8b67-4f58-873b-0ae25fea43e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-24T08:56:38.000Z",
"modified": "2022-10-24T08:56:38.000Z",
"name": "[OSINT] No Honor Among Thieves - Prynt Stealer\u2019s Backdoor Exposed",
"published": "2022-10-24T08:56:47Z",
"object_refs": [
"indicator--9888e096-1341-4655-9a0c-1e53df9a6096",
"indicator--6de8e173-c0fd-4be3-b4b1-42fc8c76c8e7",
"indicator--d1d5db20-15d9-4e1f-a4e6-cab7a0bdf0b5",
"indicator--d451551e-c177-4ed9-a989-af74bb028188",
"indicator--a9b86903-b79c-455c-bbf0-7b488d90a3dc",
"indicator--ae705dbd-6b31-41b9-9cfb-eb8ac1121210",
"indicator--f54aa09c-1841-4826-9b28-22ef426079b6",
"indicator--74ed1b4c-6d5b-4d42-91fb-b642d4079067",
"indicator--ce2ad6bb-1747-4b74-bfce-8fb70c2051a0",
"indicator--5ed227fe-15f1-44e9-bd7f-7fc04710ec7c",
"indicator--b2cce1cd-8669-4f40-8215-2f4f141c8b1d",
"indicator--4ec5a062-377a-4d46-954f-c0e9a5c9d798",
"indicator--ff207b26-10e9-41d8-a901-208460f5f1f8",
"indicator--3f959b7e-8c08-4fe2-b769-7ace9f1d3b20",
"indicator--967a4473-5c38-421a-b44c-68d71767fec5",
"indicator--b25ef0d4-7c29-4dbc-8cd5-b9619400bf65",
"indicator--b176d8c2-0949-4e79-b7e7-4891a729c352",
"indicator--59827e8b-9dab-44b4-aab4-4ed13b02b39b",
"x-misp-object--39c86d1d-05bd-4dae-a488-360079914b64",
"x-misp-object--32c7146e-8ac3-4543-889b-1c39754b6303",
"x-misp-object--535b633e-9e74-4f90-8e28-bfbbc342fb33",
"x-misp-object--921b1fa9-a804-47ec-99fc-2b0c63517d7a",
"x-misp-object--09b2266a-460d-45cd-968a-f903dcb8e938",
"x-misp-object--89ca0c35-28ce-4896-97ef-96a1277a042b",
"indicator--ae21fd17-1261-4d84-a0ac-44d65e3a9c31",
"indicator--df65f997-8718-4042-9aee-c63b8065db3d",
"indicator--fb51780b-d597-4c98-9c55-e84bea603537",
"indicator--422c54fd-935c-4f2d-b07d-3e8701cad357"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:malpedia=\"Prynt Stealer\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:malpedia=\"WorldWind\"",
"misp-galaxy:stealer=\"DarkEye\"",
"misp-galaxy:stealer=\"Prynt Stealer\"",
"misp-galaxy:stealer=\"WorldWind\"",
"misp-galaxy:malpedia=\"DarkEye\"",
"ecsirt:intrusions=\"backdoor\"",
"veris:action:malware:variety=\"Backdoor\"",
"ms-caro-malware:malware-type=\"Backdoor\"",
"ms-caro-malware-full:malware-type=\"Backdoor\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9888e096-1341-4655-9a0c-1e53df9a6096",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Prynt Stealer",
"pattern": "[file:hashes.SHA256 = 'd8469e32afc3499a04f9bcb0ca34fde63140c3b872c41e898f4e31f2a7c1f61f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6de8e173-c0fd-4be3-b4b1-42fc8c76c8e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Prynt Stealer",
"pattern": "[file:hashes.SHA256 = 'f15e92c34dd8adfcd471d726e88292d6698217f05f1d2bcce8193eb2536f817c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d1d5db20-15d9-4e1f-a4e6-cab7a0bdf0b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "WorldWind Stealer",
"pattern": "[file:hashes.SHA256 = '3b948a0eb0e9bbca72fc363b63ffd3a5983e23c47f14f8296e8559fd98c25094']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d451551e-c177-4ed9-a989-af74bb028188",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "DarkEye Stealer",
"pattern": "[file:hashes.SHA256 = 'bb96db7406566ec0e9305acde9205763d4e9d7a65f257f3d5c47c15f393628ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9b86903-b79c-455c-bbf0-7b488d90a3dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "DarkEye Stealer (old version without AsyncRAT)",
"pattern": "[file:hashes.SHA256 = 'e48179c4629b5ab9e53ccb785ab3ee5eeb2e246e1897154a15fec8fd9237f44b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae705dbd-6b31-41b9-9cfb-eb8ac1121210",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Celesty Binder payload",
"pattern": "[file:hashes.SHA256 = '9678ca06068b705da310aa2f76713d2d59905b12b67097364160857cd1f90c58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f54aa09c-1841-4826-9b28-22ef426079b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Builder",
"pattern": "[file:hashes.SHA256 = '654f080d5790054f0cd1a0f9b31cd7a82a4722ff3ce5093acdc31ff154f1ae24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--74ed1b4c-6d5b-4d42-91fb-b642d4079067",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "LodaRAT",
"pattern": "[file:hashes.SHA256 = 'cb132691793e93ad8065f857b4b1baba92e937cfc3d3a8042ce9109e12d32b4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce2ad6bb-1747-4b74-bfce-8fb70c2051a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Prynt Stealer Stub",
"pattern": "[file:hashes.SHA256 = 'd37d0ae4c5ced373fe1960af5ea494a6131717d1c400da877d9daa13f55439bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ed227fe-15f1-44e9-bd7f-7fc04710ec7c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:56:41.000Z",
"modified": "2022-10-17T06:56:41.000Z",
"description": "Loader",
"pattern": "[file:hashes.SHA256 = 'c79aed9551260daf74a2af2ec5b239332f3b89764ede670106389c3078e74d1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T06:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b2cce1cd-8669-4f40-8215-2f4f141c8b1d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:49:50.000Z",
"modified": "2022-10-17T07:49:50.000Z",
"description": "DarkEye Stealer Hosting",
"pattern": "[url:value = 'https://cdn.discordapp.com/attachments/523238636561629190/890007970207907871/vltn.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4ec5a062-377a-4d46-954f-c0e9a5c9d798",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:54:10.000Z",
"modified": "2022-10-17T07:54:10.000Z",
"description": "WorldWind - Market Website (Inactive)",
"pattern": "[url:value = 'http://shop.prynt.market']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ff207b26-10e9-41d8-a901-208460f5f1f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:54:10.000Z",
"modified": "2022-10-17T07:54:10.000Z",
"description": "Prynt Stealer - Market Website (Inactive)",
"pattern": "[url:value = 'http://market.prynt.market']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f959b7e-8c08-4fe2-b769-7ace9f1d3b20",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:54:10.000Z",
"modified": "2022-10-17T07:54:10.000Z",
"description": "Prynt Stealer - Market Website (Active)",
"pattern": "[url:value = 'http://venoxxxx.xxx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--967a4473-5c38-421a-b44c-68d71767fec5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T08:14:55.000Z",
"modified": "2022-10-17T08:14:55.000Z",
"description": "Prynt Stealer builder package - Prynt stub used by the builder",
"pattern": "[file:name = 'Stub.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T08:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b25ef0d4-7c29-4dbc-8cd5-b9619400bf65",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T08:14:55.000Z",
"modified": "2022-10-17T08:14:55.000Z",
"description": "Prynt Stealer builder package - Builder executable",
"pattern": "[file:name = 'Prynt Stealer.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T08:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b176d8c2-0949-4e79-b7e7-4891a729c352",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T08:14:55.000Z",
"modified": "2022-10-17T08:14:55.000Z",
"description": "Prynt Stealer builder package - Unmanaged PE",
"pattern": "[file:name = 'Prynt sub.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T08:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59827e8b-9dab-44b4-aab4-4ed13b02b39b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T08:14:55.000Z",
"modified": "2022-10-17T08:14:55.000Z",
"description": "Prynt Stealer builder package - Backdoor that downloads and executes DarkEye Stealer",
"pattern": "[file:name = 'Prynt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T08:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--39c86d1d-05bd-4dae-a488-360079914b64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T06:52:52.000Z",
"modified": "2022-10-17T06:52:52.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed",
"category": "External analysis",
"uuid": "3f4d70ad-8208-4707-afa6-0f7400f55025"
},
{
"type": "text",
"object_relation": "summary",
"value": "Technical Comparison of Prynt Stealer, WorldWind, and DarkEye Malware",
"category": "Other",
"uuid": "ccb48af3-8af0-428e-9c57-ba2b922f879a"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "6aad45d1-0674-4854-b666-4d813ffbbc1f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--32c7146e-8ac3-4543-889b-1c39754b6303",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:04:02.000Z",
"modified": "2022-10-17T07:04:02.000Z",
"labels": [
"misp:name=\"telegram-bot\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "chat-id",
"value": "1096425866",
"category": "Other",
"uuid": "19aa10d9-e55d-4bed-b8fd-2a4e1403553b"
},
{
"type": "text",
"object_relation": "token",
"value": "1119746739:AAGMhvpUjXI4CzIfizRC--VXilxnkJlhaf8",
"category": "Other",
"uuid": "ae8f5b64-bd3c-4c9e-896c-4c3dff3b5374"
}
],
"x_misp_comment": "WorldWind (hardcoded)",
"x_misp_meta_category": "misc",
"x_misp_name": "telegram-bot"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--535b633e-9e74-4f90-8e28-bfbbc342fb33",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:06:18.000Z",
"modified": "2022-10-17T07:06:18.000Z",
"labels": [
"misp:name=\"telegram-bot\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "chat-id",
"value": "1937717367",
"category": "Other",
"uuid": "29b53d36-ff5a-4e5f-8f0b-b4f072e0ab66"
},
{
"type": "text",
"object_relation": "token",
"value": "1784055443:AAG-bXLYtnFpjJ_L3ogxA3bq6Mx09cqh8ug",
"category": "Other",
"uuid": "5a092591-61bc-436f-8dd4-be5af46783ce"
}
],
"x_misp_comment": "Prynt Stealer (hardcoded)",
"x_misp_meta_category": "misc",
"x_misp_name": "telegram-bot"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--921b1fa9-a804-47ec-99fc-2b0c63517d7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:13:00.000Z",
"modified": "2022-10-17T07:13:00.000Z",
"labels": [
"misp:name=\"telegram-bot\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "chat-id",
"value": "5038570348",
"category": "Other",
"uuid": "3508cefe-b0b3-4906-ab78-d73a06e0260a"
},
{
"type": "text",
"object_relation": "token",
"value": "5292408150:AAHAPbTr2Jc9L4hgsfkDkvfw_hISg6lPMMI",
"category": "Other",
"uuid": "b17b02c2-bc88-42bb-9de7-0106b1edf26b"
}
],
"x_misp_comment": "Prynt Stealer",
"x_misp_meta_category": "misc",
"x_misp_name": "telegram-bot"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--09b2266a-460d-45cd-968a-f903dcb8e938",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:27:23.000Z",
"modified": "2022-10-17T07:27:23.000Z",
"labels": [
"misp:name=\"telegram-bot\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "chat-id",
"value": "1856525476",
"category": "Other",
"uuid": "57e39ba6-a415-4771-96c5-62ceadadc360"
},
{
"type": "text",
"object_relation": "token",
"value": "5292408150:AAHAPbTr2Jc9L4hgsfkDkvfw_hISg6lPMMI",
"category": "Other",
"uuid": "7849bf84-5d84-4049-a686-8834b91323ce"
}
],
"x_misp_comment": "Prynt Stealer",
"x_misp_meta_category": "misc",
"x_misp_name": "telegram-bot"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--89ca0c35-28ce-4896-97ef-96a1277a042b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:30:57.000Z",
"modified": "2022-10-17T07:30:57.000Z",
"labels": [
"misp:name=\"telegram-bot\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "chat-id",
"value": "849561191",
"category": "Other",
"uuid": "a02fdd87-9fd4-4b74-af29-72cc7d256918"
},
{
"type": "text",
"object_relation": "token",
"value": "1916193181:AAHhdcx3k6mHbnJ6JLfyWtJBMChny-la8Xs",
"category": "Other",
"uuid": "5f075a20-5076-45dc-9217-90afc883968a"
}
],
"x_misp_comment": "Prynt Stealer",
"x_misp_meta_category": "misc",
"x_misp_name": "telegram-bot"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae21fd17-1261-4d84-a0ac-44d65e3a9c31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:50:35.000Z",
"modified": "2022-10-17T07:50:35.000Z",
"description": "DarkEye Stealer C&C ",
"pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '6606']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:50:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df65f997-8718-4042-9aee-c63b8065db3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:50:59.000Z",
"modified": "2022-10-17T07:50:59.000Z",
"description": "DarkEye Stealer C&C ",
"pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '7707']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fb51780b-d597-4c98-9c55-e84bea603537",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:51:30.000Z",
"modified": "2022-10-17T07:51:30.000Z",
"description": "DarkEye Stealer C&C ",
"pattern": "[domain-name:value = 'bigdaddy-service.biz' AND domain-name:x_misp_port = '8808']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:51:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--422c54fd-935c-4f2d-b07d-3e8701cad357",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T07:52:29.000Z",
"modified": "2022-10-17T07:52:29.000Z",
"description": "LodaRAT C&C",
"pattern": "[domain-name:value = 'daddy.linkpc.net' AND domain-name:x_misp_port = '1199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-17T07:52:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink