misp-circl-feed/feeds/circl/stix-2.1/98eb923a-6da8-4c63-87a0-a97a2eef3c98.json

{
    "type": "bundle",
    "id": "bundle--98eb923a-6da8-4c63-87a0-a97a2eef3c98",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-09-06T03:00:05.000Z",
            "modified": "2023-09-06T03:00:05.000Z",
            "name": "Centre for Cyber security Belgium",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--98eb923a-6da8-4c63-87a0-a97a2eef3c98",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-09-06T03:00:05.000Z",
            "modified": "2023-09-06T03:00:05.000Z",
            "name": "CustomerLoader: a new malware distributing a wide variety of payloads",
            "published": "2023-09-06T03:01:02Z",
            "object_refs": [
                "indicator--73079733-94cc-4977-9ae8-21170b01f192",
                "indicator--7729ec3a-f59b-4f10-aa08-610417e76615",
                "indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655",
                "indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093",
                "indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9",
                "indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1",
                "indicator--7a183367-2ccd-4487-8f10-c749658a7a84",
                "indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1",
                "indicator--a144d890-79c7-48f9-a832-abc885382a89",
                "indicator--2da87919-117a-4f9e-b8ca-436be650c645",
                "indicator--fee765d6-e638-43f5-95f5-4e5b4d296752",
                "indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4",
                "indicator--ae8c6189-1237-4bfa-8669-e36124152dad",
                "indicator--7245836c-7dfa-48fc-8330-85a879ee6343",
                "indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435",
                "indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d",
                "indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a",
                "indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624",
                "indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5",
                "indicator--326c6f69-798e-41d5-b88b-6028079609ea",
                "indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b",
                "indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06",
                "indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8",
                "indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7",
                "indicator--97479af0-ef0e-481c-bec1-82c36ad93e81",
                "indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f",
                "indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497",
                "indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01",
                "indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d",
                "indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a",
                "indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828",
                "indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c",
                "indicator--a73ebe37-62c8-4325-a594-f19988acc65f",
                "indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c",
                "indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8",
                "indicator--73e3f627-cd30-4740-8003-9876133aa266",
                "indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233",
                "indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2",
                "indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f",
                "indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50",
                "indicator--49dd8434-0ce8-4635-b256-9a291711fb1d",
                "indicator--725faf44-1d4e-4605-874a-c11d7c8037d4",
                "indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51",
                "indicator--09904864-5c88-4074-aeef-dd3070a2d953",
                "indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46",
                "indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27",
                "indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493",
                "indicator--9933c87b-63e9-4545-9b63-f344b3928605",
                "indicator--b6daf1a9-ae53-4046-965c-058ce949d60d",
                "indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2",
                "indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0",
                "indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03",
                "indicator--268abd35-5515-495d-8671-536c285a1ef8",
                "indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6",
                "indicator--f46ff266-6855-4207-bfc6-60290cf58094",
                "indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8",
                "indicator--1dbca102-9c8c-49ce-8a11-17640306433d",
                "observed-data--c8573245-d288-478e-946f-a1062740dab5",
                "network-traffic--c8573245-d288-478e-946f-a1062740dab5",
                "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
                "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97",
                "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
                "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
                "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
                "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa",
                "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
                "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
                "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
                "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
                "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd",
                "indicator--a208990a-f956-4cdb-bc5f-09004f922aac",
                "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
                "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
                "indicator--f544867c-5acf-4970-a96a-7468d570c56b",
                "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5",
                "indicator--40be5e44-04aa-41c4-8a97-0e642cb84940",
                "indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954",
                "x-misp-object--739097b3-9ba6-442c-872f-528f42278bad",
                "note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7",
                "relationship--9dbed85e-832a-43af-a1bf-381611fbea71",
                "relationship--c39fb0f2-c8cf-4b27-8873-7e68ed86deca",
                "relationship--b0f3e44f-0b01-4dfd-b9fa-d08004f39e4a",
                "relationship--7f20e98b-d2f2-471d-9cb4-b785f5e32f8f",
                "relationship--3b944da6-c4a6-45e9-a3a0-80cc34ebfdb1",
                "relationship--d8181100-954c-4bd4-a0a5-a9200ca4dbc5",
                "relationship--8f123e13-36f4-40c8-9b35-812aaf86861b",
                "relationship--73cf4580-5d2f-4748-8a04-c93820fc8a20",
                "relationship--5b0bba51-c09e-4bc1-9859-3f63429f2eb1",
                "relationship--3c1de961-96f1-4885-8287-8f280e782502",
                "relationship--1f552d48-989c-48b1-a832-e7cfbcbc7a74",
                "relationship--53663f9b-1763-4663-aa1b-440a89a80f12",
                "relationship--a71ade8f-0a28-4f85-b0cd-58c43a7cdd38",
                "relationship--6d23f8f0-dd2a-4192-a27c-5417ab103d51"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "admiralty-scale:source-reliability=\"b\"",
                "admiralty-scale:information-credibility=\"2\"",
                "DOTRUNPEX",
                "Loader",
                "feedly:source=\"Sekoia.io Blog\"",
                "malware_classification:malware-category=\"Downloader\"",
                "osint:source-type=\"blog-post\"",
                "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"",
                "misp-galaxy:malpedia=\"vidar\"",
                "misp-galaxy:malpedia=\"XLoader\"",
                "misp-galaxy:malpedia=\"Agent Tesla\"",
                "misp-galaxy:malpedia=\"AsyncRAT\"",
                "misp-galaxy:malpedia=\"Ave Maria\"",
                "misp-galaxy:malpedia=\"DarkCloud Stealer\"",
                "misp-galaxy:malpedia=\"LgoogLoader\"",
                "misp-galaxy:malpedia=\"RedLine Stealer\"",
                "misp-galaxy:malpedia=\"SectopRAT\"",
                "misp-galaxy:malpedia=\"Stealc\"",
                "misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"",
                "misp-galaxy:mitre-malware=\"WarzoneRAT - S0670\"",
                "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
                "misp-galaxy:mitre-tool=\"Remcos - S0332\"",
                "misp-galaxy:rat=\"AsyncRAT\"",
                "misp-galaxy:stealer=\"Vidar\"",
                "misp-galaxy:stealer=\"DarkCloud Stealer\"",
                "misp-galaxy:tool=\"FormBook\"",
                "misp-galaxy:tool=\"Agent Tesla\"",
                "misp-galaxy:malpedia=\"BitRAT\"",
                "misp-galaxy:mitre-malware=\"WannaCry - S0366\"",
                "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"",
                "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
                "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
                "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
                "misp-galaxy:mitre-attack-pattern=\"Dynamic API Resolution - T1027.007\"",
                "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"",
                "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"",
                "tlp:clear"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--73079733-94cc-4977-9ae8-21170b01f192",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:23:31.000Z",
            "modified": "2023-07-14T13:23:31.000Z",
            "description": "C2 server associated with CustomLoader",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.42.94.169']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:23:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7729ec3a-f59b-4f10-aa08-610417e76615",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:23:31.000Z",
            "modified": "2023-07-14T13:23:31.000Z",
            "description": "C2 server associated with CustomLoader",
            "pattern": "[domain-name:value = 'kyliansuperm92139124.sbs']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:23:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e1f2b17b-b81a-4480-9b59-ee02f3d62655",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:38.000Z",
            "modified": "2023-07-14T14:11:38.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'get-vbs.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:38Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c3e1d9f5-4166-4cc1-a255-ede76f3d8093",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:39.000Z",
            "modified": "2023-07-14T14:11:39.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'cmd2.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--04100f47-87f9-4256-b76d-dc1d4018f2e9",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:39.000Z",
            "modified": "2023-07-14T14:11:39.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'mymine.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bef1438a-58ba-4b7a-b99d-79c18bf3dbf1",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:39.000Z",
            "modified": "2023-07-14T14:11:39.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'vbs1.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7a183367-2ccd-4487-8f10-c749658a7a84",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:39.000Z",
            "modified": "2023-07-14T14:11:39.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'vbs22.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4a4ec3fd-5047-4fb5-b075-4147499752a1",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:11:39.000Z",
            "modified": "2023-07-14T14:11:39.000Z",
            "description": "Domains receiving requets from ccrypter downloaded by CustomerLoader",
            "pattern": "[domain-name:value = 'vbs3.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:11:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "External analysis"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"External analysis\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a144d890-79c7-48f9-a832-abc885382a89",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:04.000Z",
            "modified": "2023-07-14T14:13:04.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'macros-pro.net']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2da87919-117a-4f9e-b8ca-436be650c645",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:05.000Z",
            "modified": "2023-07-14T14:13:05.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'plugin4free.net']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fee765d6-e638-43f5-95f5-4e5b4d296752",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:05.000Z",
            "modified": "2023-07-14T14:13:05.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'self-games.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f70f49e0-2c28-4fb4-ac8a-6c4423f581a4",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:05.000Z",
            "modified": "2023-07-14T14:13:05.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'slackmessenger.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ae8c6189-1237-4bfa-8669-e36124152dad",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:06.000Z",
            "modified": "2023-07-14T14:13:06.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'soft-got.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7245836c-7dfa-48fc-8330-85a879ee6343",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:06.000Z",
            "modified": "2023-07-14T14:13:06.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'vpnsget.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0179392a-bbcb-4fd6-af43-b7910a5f3435",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:06.000Z",
            "modified": "2023-07-14T14:13:06.000Z",
            "description": "Distribution site (landing page)",
            "pattern": "[domain-name:value = 'vstget.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fe6e9ac9-bb0a-49f5-a952-5b1f290adb8d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:35.000Z",
            "modified": "2023-07-14T14:13:35.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'seif-games.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3a3c6854-09e2-4c48-b2e7-73d6b1b36d2a",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'self-games.host']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7fceb8da-6dfb-4023-9bd6-aa1a96c99624",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'self-games.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f683883b-5951-4d80-b4d7-b4e6c1c01da5",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'self-games.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--326c6f69-798e-41d5-b88b-6028079609ea",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'self-games.space']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--117628a6-31c5-4d1c-9fc9-5f5b27a4a73b",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'soft-got.co']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0ffdaa41-2aaa-42ff-b7bd-aa195e2beb06",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'soft-got.net']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--68dc1111-5ada-4ebb-9d77-4b0c7098cbf8",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'soft-got.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e23b803d-efa5-41a6-8d37-2cbee9fcdcd7",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'vst-dw.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--97479af0-ef0e-481c-bec1-82c36ad93e81",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:13:36.000Z",
            "modified": "2023-07-14T14:13:36.000Z",
            "description": "Redirection to distribution website",
            "pattern": "[domain-name:value = 'vstdw.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:13:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--00f1c68a-f030-4809-b4f3-f8bb170e100f",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:07.000Z",
            "modified": "2023-07-14T14:14:07.000Z",
            "description": "File hosting domain",
            "pattern": "[domain-name:value = 'hardcoverradio.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7bc33ced-2de0-4bcd-9430-6456f3e05497",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:07.000Z",
            "modified": "2023-07-14T14:14:07.000Z",
            "description": "File hosting domain",
            "pattern": "[domain-name:value = 'macrospro.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4ac3880e-1a60-4512-9d97-18d9fd01bf01",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:07.000Z",
            "modified": "2023-07-14T14:14:07.000Z",
            "description": "File hosting domain",
            "pattern": "[domain-name:value = 'plugin4free.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ebd96dc1-33b0-4d51-b62b-4a712ae8652d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:08.000Z",
            "modified": "2023-07-14T14:14:08.000Z",
            "description": "File hosting domain",
            "pattern": "[domain-name:value = 'slackmessenger.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ccd1a007-e24b-4f4c-84b1-e975b69f5c1a",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:08.000Z",
            "modified": "2023-07-14T14:14:08.000Z",
            "description": "File hosting domain",
            "pattern": "[domain-name:value = 'vpnsget.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fbd5612e-97aa-443c-8db9-a2ba8d486828",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:48.000Z",
            "modified": "2023-07-14T14:14:48.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'adanagram.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2198b70c-fdc8-4522-8efc-f5df47ac071c",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'bin-a.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a73ebe37-62c8-4325-a594-f19988acc65f",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'bin-b.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d287ec58-197e-4268-bf5e-16dc6468ba1c",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'bin-c.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--743a5c1b-fef1-44f1-93af-f8643931ebc8",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'bin-d.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--73e3f627-cd30-4740-8003-9876133aa266",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'cmd1.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--eccd9c73-ef8f-46b8-aa46-5652a8db3233",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'cmd2.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--41c1d377-d8af-47ea-91c0-774a36f8e6f2",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'cmd22.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b4e818c4-5efa-4312-8eb2-a3a3a0ee967f",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-a.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--51e4ac8e-95c3-464d-8eb2-da4fb3743c50",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-b.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--49dd8434-0ce8-4635-b256-9a291711fb1d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-c.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--725faf44-1d4e-4605-874a-c11d7c8037d4",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-d.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dd1dd5c8-71e4-4431-bd12-872d3863de51",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-i.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--09904864-5c88-4074-aeef-dd3070a2d953",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-vbs.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--9e4d0181-601e-4f7b-a85e-d77fdb13df46",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'get-y.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1e3eaf7d-2868-46c3-bd6a-293f34681e27",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'hautegaleria.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4cb564c8-0f92-434c-a1b8-64e2d0162493",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'jacksmanual.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--9933c87b-63e9-4545-9b63-f344b3928605",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:49.000Z",
            "modified": "2023-07-14T14:14:49.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'vbs1.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b6daf1a9-ae53-4046-965c-058ce949d60d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:50.000Z",
            "modified": "2023-07-14T14:14:50.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'vbs2.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a20cc7c3-aa95-4c45-976e-0819d218a5f2",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:50.000Z",
            "modified": "2023-07-14T14:14:50.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'vbs22.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1f9512f6-4df4-4c31-85d2-8cb3bee3bbc0",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:14:50.000Z",
            "modified": "2023-07-14T14:14:50.000Z",
            "description": "Redirection to file hosting domain",
            "pattern": "[domain-name:value = 'vbs3.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:14:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--91d40c8e-8cf5-4a56-ae84-1b906fc04e03",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:15:23.000Z",
            "modified": "2023-07-14T14:15:23.000Z",
            "description": "Miner\u2019s C2 domain",
            "pattern": "[domain-name:value = 'minemy.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:15:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--268abd35-5515-495d-8671-536c285a1ef8",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:15:23.000Z",
            "modified": "2023-07-14T14:15:23.000Z",
            "description": "Miner\u2019s C2 domain",
            "pattern": "[domain-name:value = 'mymine.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:15:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ad5e7288-4d3f-419e-84a5-86a7dbb96da6",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:16:02.000Z",
            "modified": "2023-07-14T14:16:02.000Z",
            "description": "Encrypted file hosting domain",
            "pattern": "[domain-name:value = 'crypt1.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:16:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f46ff266-6855-4207-bfc6-60290cf58094",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:16:02.000Z",
            "modified": "2023-07-14T14:16:02.000Z",
            "pattern": "[domain-name:value = 'gethere.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:16:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d8fb9a0c-c57d-4ea2-8b56-bb00094111b8",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:16:02.000Z",
            "modified": "2023-07-14T14:16:02.000Z",
            "description": "Server hosting macro-pro.]net",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.91.124.25']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:16:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1dbca102-9c8c-49ce-8a11-17640306433d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:16:02.000Z",
            "modified": "2023-07-14T14:16:02.000Z",
            "description": "On port 80 - Redline C2 server",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.193.255.48' AND network-traffic:dst_port = '80']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:16:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst|port\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--c8573245-d288-478e-946f-a1062740dab5",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-17T12:44:03.000Z",
            "modified": "2023-07-17T12:44:03.000Z",
            "first_observed": "2023-07-17T12:44:03Z",
            "last_observed": "2023-07-17T12:44:03Z",
            "number_observed": 1,
            "object_refs": [
                "network-traffic--c8573245-d288-478e-946f-a1062740dab5",
                "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5"
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "network-traffic",
            "spec_version": "2.1",
            "id": "network-traffic--c8573245-d288-478e-946f-a1062740dab5",
            "dst_ref": "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
            "protocols": [
                "tcp"
            ]
        },
        {
            "type": "ipv4-addr",
            "spec_version": "2.1",
            "id": "ipv4-addr--c8573245-d288-478e-946f-a1062740dab5",
            "value": "179.43.170.241"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:12:39.000Z",
            "modified": "2023-07-14T13:12:39.000Z",
            "pattern": "[url:value = 'http://smartmaster.com.my/48E003A01/48E003A01.7z']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:12:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:15:35.000Z",
            "modified": "2023-07-14T13:15:35.000Z",
            "pattern": "[file:hashes.SHA256 = 'd40af29bbc4ff1ea1827871711e5bfa3470d59723dd8ea29d2b19f5239e509e9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:15:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:20:52.000Z",
            "modified": "2023-07-14T13:20:52.000Z",
            "pattern": "[file:hashes.SHA256 = '3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:20:52Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:20:17.000Z",
            "modified": "2023-07-14T13:20:17.000Z",
            "pattern": "[url:value = 'http://5.42.94.169/customer/735']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:20:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:24:59.000Z",
            "modified": "2023-07-14T13:24:59.000Z",
            "pattern": "[url:value = 'https://telegra.ph/Full-Version-06-03-2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:24:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:29:20.000Z",
            "modified": "2023-07-14T13:29:20.000Z",
            "pattern": "[url:value = 'https://www.mediafire.com/file/nnamjnckj7h80xz/v2.4_2023.rar/file']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:29:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:30:20.000Z",
            "modified": "2023-07-14T13:30:20.000Z",
            "pattern": "[url:value = 'https://www.mediafire.com/file/lgoql94feiic0x7/v2.5_2023.rar/file']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:30:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:48:01.000Z",
            "modified": "2023-07-14T13:48:01.000Z",
            "pattern": "[file:hashes.SHA256 = 'c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6' AND file:name = 'Setup.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:48:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:52:33.000Z",
            "modified": "2023-07-14T13:52:33.000Z",
            "description": "First-stage C2 server used in an infection starting with compromised Youtube channels. An encrypted payload can be downloaded from this address.",
            "pattern": "[url:value = 'http://5.42.94.169/customer/770']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:52:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:49:53.000Z",
            "modified": "2023-07-14T13:49:53.000Z",
            "description": "C2 server communicating with Raccoon Stealer",
            "pattern": "[domain-name:resolves_to_refs[*].value = '45.9.74.99']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:49:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"domain-ip\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a208990a-f956-4cdb-bc5f-09004f922aac",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:50:20.000Z",
            "modified": "2023-07-14T13:50:20.000Z",
            "description": "C2 server communicating with Raccoon Stealer",
            "pattern": "[domain-name:resolves_to_refs[*].value = '5.42.65.69']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:50:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"domain-ip\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:01:13.000Z",
            "modified": "2023-07-14T14:01:13.000Z",
            "description": "A webpage impersonating the website of the video conferencing software Slack distributed CustomerLoader as a fake installer. The technique used to spread this fake web site remains unknown at the time of writing, it could be SEO-poisoning, phishing emails or redirections from legitimate forums.",
            "pattern": "[url:value = 'https://slackmessenger.site/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:01:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:03:43.000Z",
            "modified": "2023-07-14T14:03:43.000Z",
            "description": "The ZIP file contains the executable SlackSetup.exe, which turns out to be a CustomerLoader sample",
            "pattern": "[file:hashes.SHA256 = 'b8f5519f7d66e7940e92f49c9f5f0cac0ae12cc9c9072c5308475bd5d093cdca' AND file:name = 'SlackSetup.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:03:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f544867c-5acf-4970-a96a-7468d570c56b",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T13:57:44.000Z",
            "modified": "2023-07-14T13:57:44.000Z",
            "pattern": "[url:value = 'https://slackmessenger.pw/slack.zip']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T13:57:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:02:58.000Z",
            "modified": "2023-07-14T14:02:58.000Z",
            "pattern": "[url:value = 'http://5.42.94.169/customer/798']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:02:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--40be5e44-04aa-41c4-8a97-0e642cb84940",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:07:33.000Z",
            "modified": "2023-07-14T14:07:33.000Z",
            "description": "C2 domain for Redline Stealer. Communications over port 80.",
            "pattern": "[domain-name:value = 'missunno.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:07:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"domain-ip\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6fdb80a4-e001-4173-8b30-3ef96ba05954",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T14:08:40.000Z",
            "modified": "2023-07-14T14:08:40.000Z",
            "description": "C2 domain communicating with a cryptominer",
            "pattern": "[url:value = 'http://179.43.170.241/BEBRIK.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2023-07-14T14:08:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "network"
                }
            ],
            "labels": [
                "misp:name=\"url\"",
                "misp:meta-category=\"network\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--739097b3-9ba6-442c-872f-528f42278bad",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T12:53:33.000Z",
            "modified": "2023-07-14T12:53:33.000Z",
            "labels": [
                "misp:name=\"annotation\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "creation-date",
                    "value": "2023-07-12T00:00:00+00:00",
                    "category": "Other",
                    "uuid": "1e5ba5dd-4d09-4d56-8bb8-79d888160c8e"
                },
                {
                    "type": "link",
                    "object_relation": "ref",
                    "value": "https://blog.sekoia.io/customerloader-a-new-malware-distributing-a-wide-variety-of-payloads/",
                    "category": "External analysis",
                    "uuid": "9f328dc4-ec48-434f-9d26-ff17fa542c35"
                },
                {
                    "type": "text",
                    "object_relation": "text",
                    "value": "Report from Sekoia.io",
                    "category": "Other",
                    "uuid": "64add251-c842-49e9-81b7-de2b5514aa0e"
                },
                {
                    "type": "text",
                    "object_relation": "type",
                    "value": "Executive Summary",
                    "category": "Other",
                    "uuid": "b1cd70e0-fb01-4158-9b09-dacc1b0d2a50"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "annotation"
        },
        {
            "type": "note",
            "spec_version": "2.1",
            "id": "note--4173dc9c-2c55-4e0e-8ef7-341ee4ea63c7",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2023-07-14T12:54:09.000Z",
            "modified": "2023-07-14T12:54:09.000Z",
            "abstract": "CustomerLoader: a new malware distributing a wide variety of payloads",
            "content": "During our daily threat hunting routine, we identified an undocumented .NET loader aimed at downloading, decrypting and executing next-stage payloads. In early June 2023, this new loader was actively distributed by multiple threat actors using malicious phishing emails, YouTube videos, and web pages impersonating legitimate websites. \r\n\r\nWe named this new malware \u201cCustomerLoader\u201d because of the presence of the string \u201ccustomer\u201d in its Command and Control (C2) communications and loading capabilities.\r\n\r\nThe malwrhunterteam and g0njxa researchers also observed campaigns distributing CustomerLoader in early June 2023.\r\n\r\nSekoia.io analysts\u2019 investigation led us to discover that all payloads downloaded by CustomerLoader are dotRunpeX samples that deliver a variety of malware families, including infostealers, Remote Access Trojans (RAT) and commodity ransomware. dotRunpeX is an .NET injector implementing several anti-analysis techniques, first publicly documented by Checkpoint in March 2023.\r\n\r\nWe assess that CustomerLoader is almost certainly associated with a Loader-as-a-Service, which remains unknown at the time of writing. It is possible that CustomerLoader is a new stage added before the execution of the dotRunpeX injector by its developer.\r\n\r\nThis blog post aims at presenting a technical analysis of CustomerLoader focusing on the decryption of the next-stage payloads, an overview of more than 30 known and distributed malware families, and details on three infection chains observed distributing the loader.",
            "object_refs": [
                "report--98eb923a-6da8-4c63-87a0-a97a2eef3c98"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9dbed85e-832a-43af-a1bf-381611fbea71",
            "created": "2023-07-14T13:15:35.000Z",
            "modified": "2023-07-14T13:15:35.000Z",
            "relationship_type": "downloaded-from",
            "source_ref": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d",
            "target_ref": "indicator--88bb0d65-2753-42a8-b143-6a7939ed5e97"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--c39fb0f2-c8cf-4b27-8873-7e68ed86deca",
            "created": "2023-07-14T13:17:46.000Z",
            "modified": "2023-07-14T13:17:46.000Z",
            "relationship_type": "contained-within",
            "source_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
            "target_ref": "indicator--d6b9d4ae-b825-4299-8458-8c32a546922d"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--b0f3e44f-0b01-4dfd-b9fa-d08004f39e4a",
            "created": "2023-07-14T13:20:52.000Z",
            "modified": "2023-07-14T13:20:52.000Z",
            "relationship_type": "redirects-to",
            "source_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a",
            "target_ref": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--7f20e98b-d2f2-471d-9cb4-b785f5e32f8f",
            "created": "2023-07-14T13:19:32.000Z",
            "modified": "2023-07-14T13:19:32.000Z",
            "relationship_type": "redirects-to",
            "source_ref": "indicator--ae4e6c5b-1cd1-4aa4-bbbc-dde8c74130c8",
            "target_ref": "indicator--b9e4ca36-e6bf-4f5c-97b4-2a28045cc17a"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3b944da6-c4a6-45e9-a3a0-80cc34ebfdb1",
            "created": "2023-07-14T13:29:20.000Z",
            "modified": "2023-07-14T13:29:20.000Z",
            "relationship_type": "downloaded-from",
            "source_ref": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819",
            "target_ref": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--d8181100-954c-4bd4-a0a5-a9200ca4dbc5",
            "created": "2023-07-14T13:30:20.000Z",
            "modified": "2023-07-14T13:30:20.000Z",
            "relationship_type": "downloaded-from",
            "source_ref": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9",
            "target_ref": "indicator--3a6e54b7-bd2f-4c75-83cb-a755016b0aaa"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--8f123e13-36f4-40c8-9b35-812aaf86861b",
            "created": "2023-07-14T13:32:45.000Z",
            "modified": "2023-07-14T13:32:45.000Z",
            "relationship_type": "delivered-by",
            "source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
            "target_ref": "indicator--12e1ea86-9f1f-47e0-8d88-72a35d8d6819"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--73cf4580-5d2f-4748-8a04-c93820fc8a20",
            "created": "2023-07-14T13:33:12.000Z",
            "modified": "2023-07-14T13:33:12.000Z",
            "relationship_type": "delivered-by",
            "source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
            "target_ref": "indicator--d0a4f476-384d-46c3-b1dc-86207159f3f9"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5b0bba51-c09e-4bc1-9859-3f63429f2eb1",
            "created": "2023-07-14T13:48:00.000Z",
            "modified": "2023-07-14T13:48:00.000Z",
            "relationship_type": "communicates-with",
            "source_ref": "indicator--a1731fc0-487f-4d3a-872e-f8f8826bedfe",
            "target_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--3c1de961-96f1-4885-8287-8f280e782502",
            "created": "2023-07-14T13:52:04.000Z",
            "modified": "2023-07-14T13:52:04.000Z",
            "relationship_type": "communicates-with",
            "source_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
            "target_ref": "indicator--690ead91-a1de-4a85-b227-64f58a2f79dd"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--1f552d48-989c-48b1-a832-e7cfbcbc7a74",
            "created": "2023-07-14T13:52:33.000Z",
            "modified": "2023-07-14T13:52:33.000Z",
            "relationship_type": "communicates-with",
            "source_ref": "indicator--6c15035d-e156-41d7-aeda-fc89eaa19818",
            "target_ref": "indicator--a208990a-f956-4cdb-bc5f-09004f922aac"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--53663f9b-1763-4663-aa1b-440a89a80f12",
            "created": "2023-07-14T14:01:12.000Z",
            "modified": "2023-07-14T14:01:12.000Z",
            "relationship_type": "downloads",
            "source_ref": "indicator--4d29bad2-32fa-42a6-9369-4771a05a07ad",
            "target_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a71ade8f-0a28-4f85-b0cd-58c43a7cdd38",
            "created": "2023-07-14T14:03:43.000Z",
            "modified": "2023-07-14T14:03:43.000Z",
            "relationship_type": "communicates-with",
            "source_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c",
            "target_ref": "indicator--2dfde444-2afe-4ca3-9214-c790837a08c5"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--6d23f8f0-dd2a-4192-a27c-5417ab103d51",
            "created": "2023-07-14T13:57:44.000Z",
            "modified": "2023-07-14T13:57:44.000Z",
            "relationship_type": "executes",
            "source_ref": "indicator--f544867c-5acf-4970-a96a-7468d570c56b",
            "target_ref": "indicator--0724045e-fd3c-4698-98e4-6d493c35ac0c"
        }
    ]
}