6851 lines
No EOL
320 KiB
JSON
6851 lines
No EOL
320 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--0ebe51c2-31f1-4ba4-b7ab-1f5e62531e45",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:45:20.000Z",
|
|
"modified": "2022-12-19T09:45:20.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--0ebe51c2-31f1-4ba4-b7ab-1f5e62531e45",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:45:20.000Z",
|
|
"modified": "2022-12-19T09:45:20.000Z",
|
|
"name": "OSINT - QNAP worm aka Raspberry Robin",
|
|
"published": "2022-12-19T13:52:22Z",
|
|
"object_refs": [
|
|
"indicator--cb31d5aa-fe8e-4489-ae28-4310e5e0fc03",
|
|
"indicator--f9137b71-bfbf-48d8-a668-c0236e087f02",
|
|
"indicator--13024c29-51b2-46dd-a921-7d8e1dc5775e",
|
|
"indicator--758d0298-85ed-4c67-87b1-bfb7a43d75ba",
|
|
"indicator--73c78cac-6af2-49f9-9a6c-420b379bcfdb",
|
|
"indicator--3c8a2966-e151-47a7-a8d1-57b35d135faa",
|
|
"indicator--518c0382-d276-4439-92bd-24c83a4561b7",
|
|
"indicator--b7f6702e-d5d0-489b-a580-b7b78790a380",
|
|
"indicator--aa3dcada-6c13-4564-9f73-a0335b43bafa",
|
|
"indicator--2fea340f-896b-493a-b97f-5fc88ec24785",
|
|
"indicator--1342a252-3cdb-42ad-b296-404fefabda2c",
|
|
"indicator--1800718f-4276-45d9-b227-c82e02191e54",
|
|
"indicator--7c876b16-533b-428e-9288-04e5da832706",
|
|
"indicator--ad5d1222-ce53-4445-ae6b-22751380e8d8",
|
|
"indicator--3a1e9148-4ea5-42bb-aea1-549bfac00ad1",
|
|
"indicator--c8fab75b-f3f8-471d-b4b8-e7da5aec0966",
|
|
"indicator--1b0227bb-221a-4026-9252-dffff31ba131",
|
|
"indicator--335a647e-a90c-4db6-847f-b339333a96a0",
|
|
"indicator--8be37180-6ff3-4977-a542-6f3e73ff0a50",
|
|
"indicator--fa14609a-bcfb-4962-a110-8884a0fa398d",
|
|
"indicator--b52486bc-7502-4017-98a6-f495ce47baab",
|
|
"indicator--1a181051-a965-4677-b6d9-3e0f32346329",
|
|
"indicator--44d91ad2-8127-43e0-bb4a-7d280e2cb5dd",
|
|
"indicator--ac62460a-d312-47b6-a2c4-9c38ab8d622b",
|
|
"indicator--9852e885-6187-4f93-8db6-e266bc84c99e",
|
|
"indicator--082e17c6-0a51-4603-8c0a-49978bb007b7",
|
|
"indicator--c681d300-444a-4d6e-9581-801edc074f19",
|
|
"indicator--df252477-5100-46f0-834d-56b11c879301",
|
|
"indicator--13f2606a-5807-4cc2-bd19-b8a7c7a89323",
|
|
"indicator--3d689955-65aa-46dd-bbb8-8d41618c1922",
|
|
"indicator--ab32e42f-29be-4f6e-8e4f-7cbd91a65ece",
|
|
"indicator--7a661fa4-c125-4d8a-98f1-f766762465c5",
|
|
"indicator--9aa0d49b-348f-4c33-93d8-ecbc22792843",
|
|
"indicator--50fd3b28-7f34-4e54-a6f2-265c29e40523",
|
|
"indicator--06b7404d-a331-40c1-a4eb-f3546e4bcae8",
|
|
"indicator--c5e5aec1-52a2-4ab0-9fc4-c826075e703a",
|
|
"indicator--4139a465-5894-49a3-996e-2bdac0aff36b",
|
|
"indicator--a6353d14-77ee-44cb-b4e4-8f31db33eafe",
|
|
"indicator--3ac29d6e-9f5f-4c2e-b68b-5008d643c722",
|
|
"indicator--3b208b0b-381e-4a4a-b017-3f1d0c79e979",
|
|
"indicator--70d262a3-c8f3-4a62-b8e4-9f701b3a47a0",
|
|
"indicator--b02dcadf-019a-4a1e-bd5c-2257cba4d96f",
|
|
"indicator--5cf61fa2-cf33-4592-92e1-2b01d845292f",
|
|
"indicator--1cdb15c5-7d1c-4c4b-8640-1cea926705a0",
|
|
"indicator--73147215-3645-46b6-988f-caf7759359dc",
|
|
"indicator--6f7041eb-1d19-410f-825d-7e7e0bc2d806",
|
|
"indicator--cfdc5b83-aa9a-45ee-af2d-b300c3649278",
|
|
"indicator--1fe32bf3-70c5-4c67-8120-a87e775c667f",
|
|
"indicator--e2fbe282-1aef-401f-988d-5732ecbc3658",
|
|
"indicator--e39d7a10-e379-45b0-964c-b755b41a7394",
|
|
"indicator--426d0b10-64bc-46e2-8226-92f909ff53d1",
|
|
"indicator--972ea084-a516-41e7-bdd6-ef1b49105d75",
|
|
"indicator--715ce51d-e3fe-4beb-85a9-5728dbcda2ef",
|
|
"indicator--6c0ff296-037b-4b65-8380-31d80767e8d5",
|
|
"indicator--7e7b2978-1410-4d24-9fe4-b890ba5ed5bc",
|
|
"indicator--7326c4a9-727f-4b61-b1be-403bffc49c90",
|
|
"indicator--0da10963-3c11-4c47-a832-682895907df4",
|
|
"indicator--3b771589-417b-4957-b713-95709bb147f5",
|
|
"indicator--dfeb6e55-e066-4ff1-ad3a-097d63ef7d37",
|
|
"indicator--36ede7ea-74ae-41b8-b23a-50d7552eea31",
|
|
"indicator--276c754e-60ff-476b-a11d-d03dca0df8f5",
|
|
"indicator--c5212bd5-aa7c-489c-b899-e97e3f4c271e",
|
|
"indicator--29ac9533-2f77-41ce-a7e2-af96c180abae",
|
|
"indicator--1b674845-cbe1-4908-b0f2-241b5aa6951d",
|
|
"indicator--1b276564-8dc8-4eab-a5e4-06a8ef185dff",
|
|
"indicator--7c9d843b-77c7-4ef6-9a51-3863866f5523",
|
|
"indicator--e5b29a97-7196-47f8-ad21-4a4a9e2adc12",
|
|
"indicator--62634849-6bc2-4fc4-ae22-267762c4e6a8",
|
|
"indicator--f6762a31-3477-44f0-ab06-aed59ed0f562",
|
|
"indicator--b21c5805-1e3d-4919-b8a6-edc8b2667d6e",
|
|
"indicator--eff3ec09-2d72-42b7-aa77-91d49a5c5509",
|
|
"indicator--5035f976-6838-4f20-8e61-36ef99e26771",
|
|
"indicator--154a7e94-8deb-45cf-b294-2539635484f2",
|
|
"indicator--ecd60927-356f-414a-871a-2a1ecd3f567c",
|
|
"indicator--c2228cbd-365a-4762-a6be-d6f3bf7ab4bf",
|
|
"indicator--62023b08-2687-4a2d-a5f1-c405856c6c39",
|
|
"indicator--7140b55e-67d6-47b3-8450-09fa02a7d702",
|
|
"indicator--b5b9b43d-c312-4dab-90ce-3cd36c5fc6f5",
|
|
"indicator--c86cd3a7-5f0b-41b4-a723-a6e2bc965095",
|
|
"indicator--7e91e10a-2a87-4f90-b71b-37adc886ae9c",
|
|
"indicator--68e364b9-0bd7-42fc-8736-e1f69ce28fa9",
|
|
"indicator--e639c93a-6450-41e6-b5a3-8c8fd7277f68",
|
|
"indicator--7f6b0ea3-c3dd-4950-bc47-827b221a1ed7",
|
|
"indicator--ebdfea59-e2dd-47cd-b6ba-2e552a48d815",
|
|
"indicator--7e24d173-1ed5-4edb-ae1f-deb9dac1a6b8",
|
|
"indicator--cbdde65f-8a50-4c49-810d-77c306afd4c6",
|
|
"indicator--275e207a-ecd0-4f6d-b75f-f6643c343695",
|
|
"indicator--fbf8c793-37f4-415e-b835-0dccd365f525",
|
|
"indicator--c8b69cc0-64ce-40d8-b4a1-bcea42b7b73f",
|
|
"indicator--d99fcf05-1782-4a76-97fc-11980400b5f1",
|
|
"indicator--6a7345f8-8950-4874-94b7-a4a2076d053f",
|
|
"indicator--a04003b9-e918-4305-80f3-8a93756bf065",
|
|
"indicator--8b4025a8-3a6b-4397-ba28-7282159ea66f",
|
|
"indicator--bdc6549a-d120-4f2f-b849-0aad16e696cd",
|
|
"indicator--f9c4b5b1-dd7a-48fe-9de2-14c3ead2f3ce",
|
|
"indicator--157501d2-ed48-4319-8408-591d47992e10",
|
|
"indicator--fcc8ca3c-ce57-4a20-b64c-a594eaef51e1",
|
|
"indicator--9bb37e82-5f95-4c38-af73-42f5ef774efb",
|
|
"indicator--3aa2653f-45f0-4fd5-b9b9-481e16df488c",
|
|
"indicator--0cf5b70f-ae08-4fe2-b17c-8a0ed780afea",
|
|
"indicator--afe125d0-cac4-4dbb-86af-f0a8540ec197",
|
|
"indicator--86464d8d-457f-4407-9933-e1d97fce1e0b",
|
|
"indicator--22a2ad94-1122-480d-ad65-1b25795058f0",
|
|
"indicator--41083164-f714-4e7d-a0de-18d24e1a6746",
|
|
"indicator--7013ae3b-6908-417c-872f-9fae33f6a128",
|
|
"indicator--01c2726f-77a0-465b-b0fb-91b572bffec6",
|
|
"indicator--ca8f4268-2950-4ebe-b443-3118b973682a",
|
|
"indicator--5988cb26-a1f4-4a46-be3b-172e9fb1f445",
|
|
"indicator--eab8228e-60ab-44e9-be88-e366a235e7e1",
|
|
"indicator--8eda6b78-cf59-4d4c-b761-668729db4e3f",
|
|
"indicator--a3b96aab-8b3e-428b-9de8-9741f629ab36",
|
|
"indicator--edb25eef-c613-43dd-a4e0-6da3e7c0a6e6",
|
|
"indicator--7b226ee8-65de-444c-8da4-ee6cdf2ac29f",
|
|
"indicator--e4e29065-ca30-4fee-9dad-c9e7c790ef0f",
|
|
"indicator--966fa2fa-44f6-4423-a44a-71853f103e06",
|
|
"indicator--ab6e4045-d470-4216-bd6d-8d0276ebdb09",
|
|
"indicator--dc5914a1-0315-4247-bb5d-758ec0e52737",
|
|
"indicator--13689d8e-3ad0-4116-aad6-748f626b89a2",
|
|
"indicator--c4a7865b-9a11-4076-94fd-e6ae4321f48d",
|
|
"indicator--d9873050-4a42-482c-9661-93a9dc547d6d",
|
|
"indicator--bf561941-5a8c-41fb-b9cd-b719440ef1a9",
|
|
"indicator--d990861c-25b9-417c-95e9-33cfad3fbc52",
|
|
"indicator--41bed45b-24e9-4544-92b3-c6698061fc7f",
|
|
"indicator--71548cbb-0df4-45f8-a2bf-c380a2a23410",
|
|
"indicator--f7bf7cec-d28a-43f9-a122-ab59e1511f79",
|
|
"indicator--4d17873a-e80c-440d-8ec8-b450c4ca6ed1",
|
|
"indicator--ea77ffa1-45f5-4c2f-ba1b-7d5b1e7aba87",
|
|
"indicator--8c987922-5569-4602-a655-e8ff1a6f475c",
|
|
"indicator--74f9449f-6b9b-4ded-97fd-b7fc5e2a01f7",
|
|
"indicator--0ba27902-1562-491f-a07b-16ea65628f24",
|
|
"indicator--9dbe222c-a5ca-4f70-96fa-f1b938968f53",
|
|
"indicator--7b855019-b2bf-46b5-8b05-e3ae92cf4df6",
|
|
"indicator--7002684d-5768-482c-94e0-536e43e36e89",
|
|
"indicator--31513a41-ae4b-49ef-b55b-0417beb19720",
|
|
"indicator--4cb5cb02-3498-4e43-b6dd-39a1e0f12dca",
|
|
"indicator--6f9aefc8-e628-4f3d-8083-91ade72ddb6f",
|
|
"indicator--698d3bd0-be71-4ad4-9346-118b3e7138a0",
|
|
"indicator--d6ac5848-acd5-487f-a991-32d4594ce085",
|
|
"indicator--f312e637-6d37-42e6-89db-33862cfc53f8",
|
|
"indicator--68c1cce9-cb1a-4141-be31-abf1f5092eb4",
|
|
"indicator--88561fb9-f9c3-4c35-a1aa-5622c9699f02",
|
|
"indicator--17cb1c6c-d01b-4541-b03e-b7f1f9ee5ab3",
|
|
"indicator--d2eb1970-c337-4e7b-80df-a40bc0973f6a",
|
|
"indicator--3ad00795-589d-4cac-8ebc-148cfec832ac",
|
|
"indicator--092c2afe-15ce-4976-bfe6-af512860d11c",
|
|
"indicator--d8d986da-886b-4370-97db-dcf740e59b62",
|
|
"indicator--90643393-a341-41e1-92f3-aa735fc848b8",
|
|
"indicator--18b44377-7389-4a74-8a43-1019da17fd7e",
|
|
"indicator--2fbaf3f7-bc52-4b7a-99bc-35aef9177b59",
|
|
"indicator--fec38676-707c-40b5-964d-0af571004fbc",
|
|
"indicator--44f9a258-23c5-4b6f-9610-8447a7c0d716",
|
|
"indicator--e4b2026c-6684-4da5-bccf-dadfc6439386",
|
|
"indicator--3acda878-9a09-4485-97a1-b0d7d7e69627",
|
|
"indicator--eb18dfe4-76a6-4f4b-bf37-f063946fd232",
|
|
"indicator--82585293-3047-4f49-b519-3cef85fc214f",
|
|
"indicator--8e8596ca-dd98-4dd3-9b53-6b59b85e6437",
|
|
"indicator--33288511-ea3b-4d9e-b47e-1f7f0f7917e3",
|
|
"indicator--91020589-5ba7-41db-b3f8-6f3ae570aa39",
|
|
"indicator--6d6cbd04-a68c-41db-b29d-e4e4c64f025c",
|
|
"indicator--347c0396-d7cf-48be-8974-691522d49720",
|
|
"indicator--c019e48a-8811-4121-8107-7b9febb9cd28",
|
|
"indicator--c356bdf7-1d08-4e24-8e34-f75ba2e9333b",
|
|
"indicator--e2165d59-90bd-4d3f-a6c8-34a3938ce8cb",
|
|
"indicator--c161810c-c301-4c0d-a601-4007a153f238",
|
|
"indicator--92fef36c-3a97-44ab-9534-0c5b217316dc",
|
|
"indicator--be59de04-fdb1-49cc-8033-f052d8057c61",
|
|
"indicator--f96671c9-33a6-4e87-8974-e92530f70e83",
|
|
"indicator--8bd24384-5c85-43cb-9a7a-57fdf4e910c4",
|
|
"indicator--2515959a-b108-4a29-a58f-edcb66a71001",
|
|
"indicator--dde463c0-e60b-4013-b0e1-724dafddf38d",
|
|
"indicator--cc983cd9-ccaa-41fe-a65b-d2aee1e28a8a",
|
|
"indicator--84e3be7b-3f0c-41ec-bb68-5e144543bd37",
|
|
"indicator--96d55b85-0caa-401b-9780-e9edfdc04e51",
|
|
"indicator--5cef6e17-187f-43a5-9414-586e346ad226",
|
|
"indicator--d7ad8277-d2fe-4e0b-9fd2-324341934cb0",
|
|
"indicator--808aba47-263b-4721-93ce-c108184afa01",
|
|
"indicator--b5ec6afc-72e6-484b-94cf-4accecf28b56",
|
|
"indicator--510d376b-3a57-4eef-8104-9a7eef131935",
|
|
"indicator--25d02cc3-d18b-430d-8e01-9c795d538cbd",
|
|
"indicator--042ba6de-8e69-4316-9979-3037eeb66d9f",
|
|
"indicator--9e6b4eed-d73a-4bab-89f0-56a256315189",
|
|
"indicator--87c572a8-4e7c-469a-87a9-fa4e8782dbb2",
|
|
"indicator--5fc48a95-d409-45e1-a2d1-38da607694dc",
|
|
"indicator--7517a6f3-05e6-4720-96bf-17582a017634",
|
|
"indicator--2b0a6440-193a-447b-8036-3f14f8d6537b",
|
|
"indicator--8dc59744-8247-4ef6-8a1b-c4d0e319e2f8",
|
|
"indicator--1f16d835-7679-4672-a54b-e4084253cb65",
|
|
"indicator--c05caab4-18bf-4665-b0e4-1117634d7b16",
|
|
"indicator--edb5b0e6-002d-42dd-8658-68f97a2f7105",
|
|
"indicator--86ccd18f-dedd-4276-be87-b093f6e05aab",
|
|
"indicator--a71e0ee5-8416-4672-ad45-bc93d2ad8dc8",
|
|
"indicator--03204596-9a53-4726-93e0-360fdd593825",
|
|
"indicator--fc96f8be-951b-4839-a8b8-25ded7e2fc18",
|
|
"indicator--57c4b12e-c87e-444c-a399-3f610427e4f6",
|
|
"indicator--22e7ee7f-2fe8-471c-bd52-410bcc21a2eb",
|
|
"indicator--c930f2d6-0395-484b-9753-dab954b5c7e6",
|
|
"indicator--34ab9aac-fe9b-45a3-a7ba-252e61fb0cb4",
|
|
"indicator--09b741da-1eee-4e36-8b9b-60d045d5aa49",
|
|
"indicator--68a79251-7658-4ab2-a8c7-e2589744fef5",
|
|
"indicator--7720e7aa-e600-4596-98fa-74de77a4e11a",
|
|
"indicator--9499e299-3f16-4872-9165-04e513d8a4b2",
|
|
"indicator--c0acafa2-3a27-4600-a33f-393adc7c152f",
|
|
"indicator--6f44f21b-22cd-4b61-9801-d842a76635b5",
|
|
"indicator--171aee96-4194-44ea-a89f-b790523d3b8f",
|
|
"indicator--a6a506a9-010d-4f14-8cbe-c49beaf3a2d0",
|
|
"indicator--9d436d9a-7c83-44b2-800b-0cfc6a7889e2",
|
|
"indicator--6dad13b0-bf92-4c59-ab3f-6d0ea79d7afe",
|
|
"indicator--0ad3845b-67eb-4846-b217-8574e814ffdc",
|
|
"indicator--31caf8fa-2ad9-461f-815a-067097fac9b8",
|
|
"indicator--32909740-173d-4581-96d7-635809613bdc",
|
|
"indicator--63a10464-b79d-481f-93c2-d975f515cd7e",
|
|
"indicator--1d2ce439-c305-48f4-bd66-db737e29c2c1",
|
|
"indicator--c6c5d4d8-8dcb-4ab5-b267-fe4dd7d6c1dd",
|
|
"indicator--011d2ca7-c6b9-4b68-a74e-afb6b4292c14",
|
|
"indicator--666605e0-8195-4e35-b822-b724f48fdb82",
|
|
"indicator--ab930a69-5cf3-4b73-a894-c194c3e222ca",
|
|
"indicator--d88ac7d5-7f96-47ff-b0dc-7af6b8305b8c",
|
|
"indicator--85af1a0f-79a4-4005-87c6-a98730cbff56",
|
|
"indicator--2b672d12-ee76-4922-80a4-395d054ba4ce",
|
|
"indicator--f9925fb3-0eb4-4a3b-8e46-50b7eb6c2841",
|
|
"indicator--d25ab28e-76be-49d7-816a-ee061fcd1e4e",
|
|
"indicator--29b9bb04-d050-4bcc-a98f-fd6b02291f89",
|
|
"indicator--2bc52b9c-e726-45f3-b0e3-f1fb80e5b4e3",
|
|
"indicator--a956c9ba-972c-497a-be29-d12caa8d913b",
|
|
"indicator--a941fb2a-8350-440a-bb7d-3aa6a30ae815",
|
|
"indicator--a8c53e6f-226b-4821-a8a1-633d4c105ce2",
|
|
"indicator--b1aefcbe-5027-4e6c-a054-9475eca7563e",
|
|
"indicator--90049ad6-387e-4bba-8e57-341ba2b245e3",
|
|
"indicator--3316bfd2-d0f8-4986-bb2f-352cd7a0d40b",
|
|
"indicator--a02a87b3-5512-467f-a924-8a32444319be",
|
|
"indicator--1db68a30-fd23-41e8-9586-17780a722d7f",
|
|
"indicator--6410d437-dd10-431a-a623-7ad1aa73618a",
|
|
"indicator--4dac994f-9876-4af0-a018-37c55201af23",
|
|
"indicator--f041b0b9-e3db-4bd3-b3c3-4143635ba598",
|
|
"indicator--35675372-9e38-4d54-bced-9ecd8da2edd5",
|
|
"indicator--bcccd3c7-0229-4bbf-80f1-601af2d9cc3e",
|
|
"indicator--61d5b4ab-befd-42d6-9075-c33f0ffd95ed",
|
|
"indicator--5dc8d521-78f7-4d83-97c8-09dfe1643d24",
|
|
"indicator--0514722f-8bbd-4011-95f8-a1037cb35586",
|
|
"indicator--74882ad9-585a-4b42-a321-8bf90ed620cd",
|
|
"indicator--50dec3dd-a589-486d-b6cb-12e786a912e2",
|
|
"indicator--973467b3-ea0b-4d56-9524-0c9b832e0d20",
|
|
"indicator--daf73e02-df2d-4ec3-a748-7d6912876b70",
|
|
"indicator--189a0034-94e7-4191-8b1b-cfb632de62e0",
|
|
"indicator--fc61082b-adbd-4300-a75b-29b91fd44acb",
|
|
"indicator--c9fbdb0e-e0a8-4735-9a29-16868ca92d3d",
|
|
"indicator--8322355d-cb9b-4be6-97bd-6e84b725bb5a",
|
|
"indicator--63a90297-d7a6-46a7-81f2-c5da074ddec1",
|
|
"indicator--19c50e52-6313-4ec6-9806-347086ddcef0",
|
|
"indicator--93e774f3-c40a-484b-b373-b745ab88b71f",
|
|
"indicator--8999fc5f-41a9-425a-a5a0-e6f526982b8d",
|
|
"indicator--e9b84ead-97c5-48fd-92f8-f91ea1c75f93",
|
|
"indicator--e9bf9c36-9553-4e38-876d-c623c7530c6e",
|
|
"indicator--dfc8564c-0c28-4cd7-8421-cdde39edc91f",
|
|
"indicator--70ab60c9-d7bd-4081-9bd9-afb64536d330",
|
|
"indicator--d098a898-40f9-4c8a-80b7-79e9ebfe1bdf",
|
|
"indicator--795c92f0-5474-4bb1-b4fc-4d89b85cf003",
|
|
"indicator--22ad1e21-a348-4ed4-b224-6d866a1ab682",
|
|
"indicator--f5a3c0c3-5763-4119-a016-5e370eda1f1c",
|
|
"indicator--1f85f78c-a812-4756-9843-2a805c45ff18",
|
|
"indicator--960dccfc-5180-46a6-a36f-8089eb9d3825",
|
|
"indicator--aa046f62-44ca-460d-86e7-7b5a16732a80",
|
|
"indicator--a8aa69bd-063c-414d-9edf-b21e3fd68692",
|
|
"indicator--3d69e18b-5341-4c4c-9cb7-73af223c1704",
|
|
"indicator--a68fb465-f713-4c3c-a658-368f30c0ca5c",
|
|
"indicator--bd99e9ed-e0e1-4ffa-a93e-2b3e9d47ac89",
|
|
"indicator--15d682aa-5c0e-41f2-a9a4-f67dc643e183",
|
|
"indicator--21d6b907-0d2a-4167-967f-6c58a42fc304",
|
|
"indicator--996b832c-4b83-4b20-ae83-2ae5a138e058",
|
|
"indicator--0ff9b6e9-a2be-40db-b8a1-266e0df2f33a",
|
|
"x-misp-object--aaf09192-2cff-4665-aae1-05a6e8cae7ba",
|
|
"note--20084cb0-fdb3-4c37-bd8d-692470e66ed7"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:malpedia=\"Raspberry Robin\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cb31d5aa-fe8e-4489-ae28-4310e5e0fc03",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:46.000Z",
|
|
"modified": "2022-12-19T09:22:46.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '03s30.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9137b71-bfbf-48d8-a668-c0236e087f02",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:46.000Z",
|
|
"modified": "2022-12-19T09:22:46.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0dz.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13024c29-51b2-46dd-a921-7d8e1dc5775e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:46.000Z",
|
|
"modified": "2022-12-19T09:22:46.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0e.si']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--758d0298-85ed-4c67-87b1-bfb7a43d75ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:46.000Z",
|
|
"modified": "2022-12-19T09:22:46.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0i.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73c78cac-6af2-49f9-9a6c-420b379bcfdb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0i.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3c8a2966-e151-47a7-a8d1-57b35d135faa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0j.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--518c0382-d276-4439-92bd-24c83a4561b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0j.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b7f6702e-d5d0-489b-a580-b7b78790a380",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0p.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aa3dcada-6c13-4564-9f73-a0335b43bafa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0t.yt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2fea340f-896b-493a-b97f-5fc88ec24785",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0v.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1342a252-3cdb-42ad-b296-404fefabda2c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0w.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1800718f-4276-45d9-b227-c82e02191e54",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '0x9.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7c876b16-533b-428e-9288-04e5da832706",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '13j.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ad5d1222-ce53-4445-ae6b-22751380e8d8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1h3.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3a1e9148-4ea5-42bb-aea1-549bfac00ad1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1i.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8fab75b-f3f8-471d-b4b8-e7da5aec0966",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1j.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1b0227bb-221a-4026-9252-dffff31ba131",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1j4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--335a647e-a90c-4db6-847f-b339333a96a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1k4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8be37180-6ff3-4977-a542-6f3e73ff0a50",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1n4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fa14609a-bcfb-4962-a110-8884a0fa398d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1u.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b52486bc-7502-4017-98a6-f495ce47baab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '1u.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1a181051-a965-4677-b6d9-3e0f32346329",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '21k.website']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--44d91ad2-8127-43e0-bb4a-7d280e2cb5dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '27o.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ac62460a-d312-47b6-a2c4-9c38ab8d622b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2i.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9852e885-6187-4f93-8db6-e266bc84c99e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2i.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--082e17c6-0a51-4603-8c0a-49978bb007b7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2i.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c681d300-444a-4d6e-9581-801edc074f19",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2j4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--df252477-5100-46f0-834d-56b11c879301",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2jks.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13f2606a-5807-4cc2-bd19-b8a7c7a89323",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2kbq.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3d689955-65aa-46dd-bbb8-8d41618c1922",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2t.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ab32e42f-29be-4f6e-8e4f-7cbd91a65ece",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2t.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7a661fa4-c125-4d8a-98f1-f766762465c5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2um.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9aa0d49b-348f-4c33-93d8-ecbc22792843",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '2yd.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--50fd3b28-7f34-4e54-a6f2-265c29e40523",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3e.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--06b7404d-a331-40c1-a4eb-f3546e4bcae8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3h.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c5e5aec1-52a2-4ab0-9fc4-c826075e703a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3h1.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4139a465-5894-49a3-996e-2bdac0aff36b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3lzj.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a6353d14-77ee-44cb-b4e4-8f31db33eafe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3p.ms']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3ac29d6e-9f5f-4c2e-b68b-5008d643c722",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '3z.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3b208b0b-381e-4a4a-b017-3f1d0c79e979",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4aw.ro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--70d262a3-c8f3-4a62-b8e4-9f701b3a47a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4c.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b02dcadf-019a-4a1e-bd5c-2257cba4d96f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4j.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cf61fa2-cf33-4592-92e1-2b01d845292f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4j1.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1cdb15c5-7d1c-4c4b-8640-1cea926705a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4j5.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73147215-3645-46b6-988f-caf7759359dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4k1.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f7041eb-1d19-410f-825d-7e7e0bc2d806",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4kx.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cfdc5b83-aa9a-45ee-af2d-b300c3649278",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4m.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1fe32bf3-70c5-4c67-8120-a87e775c667f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4n.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e2fbe282-1aef-401f-988d-5732ecbc3658",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4q.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e39d7a10-e379-45b0-964c-b755b41a7394",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4s.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--426d0b10-64bc-46e2-8226-92f909ff53d1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4s3.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--972ea084-a516-41e7-bdd6-ef1b49105d75",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4w.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--715ce51d-e3fe-4beb-85a9-5728dbcda2ef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4w.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6c0ff296-037b-4b65-8380-31d80767e8d5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4w.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e7b2978-1410-4d24-9fe4-b890ba5ed5bc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '4xq.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7326c4a9-727f-4b61-b1be-403bffc49c90",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5ap.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0da10963-3c11-4c47-a832-682895907df4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5g7.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3b771589-417b-4957-b713-95709bb147f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5j8.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dfeb6e55-e066-4ff1-ad3a-097d63ef7d37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5jb.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--36ede7ea-74ae-41b8-b23a-50d7552eea31",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5jk.club']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--276c754e-60ff-476b-a11d-d03dca0df8f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5kj.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c5212bd5-aa7c-489c-b899-e97e3f4c271e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5kx.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--29ac9533-2f77-41ce-a7e2-af96c180abae",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5qe8.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1b674845-cbe1-4908-b0f2-241b5aa6951d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5qw.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1b276564-8dc8-4eab-a5e4-06a8ef185dff",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5qy.ro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7c9d843b-77c7-4ef6-9a51-3863866f5523",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5s.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e5b29a97-7196-47f8-ad21-4a4a9e2adc12",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5v0.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--62634849-6bc2-4fc4-ae22-267762c4e6a8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5z.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f6762a31-3477-44f0-ab06-aed59ed0f562",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '5z.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b21c5805-1e3d-4919-b8a6-edc8b2667d6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '60i.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eff3ec09-2d72-42b7-aa77-91d49a5c5509",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '66j.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5035f976-6838-4f20-8e61-36ef99e26771",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6ax.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--154a7e94-8deb-45cf-b294-2539635484f2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6gcr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ecd60927-356f-414a-871a-2a1ecd3f567c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6id.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c2228cbd-365a-4762-a6be-d6f3bf7ab4bf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6j2.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--62023b08-2687-4a2d-a5f1-c405856c6c39",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6qo.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7140b55e-67d6-47b3-8450-09fa02a7d702",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6t.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b5b9b43d-c312-4dab-90ce-3cd36c5fc6f5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6t.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c86cd3a7-5f0b-41b4-a723-a6e2bc965095",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6t4.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e91e10a-2a87-4f90-b71b-37adc886ae9c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6uy.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--68e364b9-0bd7-42fc-8736-e1f69ce28fa9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6w.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e639c93a-6450-41e6-b5a3-8c8fd7277f68",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6wr9.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7f6b0ea3-c3dd-4950-bc47-827b221a1ed7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6xj.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ebdfea59-e2dd-47cd-b6ba-2e552a48d815",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '6y.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7e24d173-1ed5-4edb-ae1f-deb9dac1a6b8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '79r.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cbdde65f-8a50-4c49-810d-77c306afd4c6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '7d.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--275e207a-ecd0-4f6d-b75f-f6643c343695",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '7d.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fbf8c793-37f4-415e-b835-0dccd365f525",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '7yfb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c8b69cc0-64ce-40d8-b4a1-bcea42b7b73f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '8t.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d99fcf05-1782-4a76-97fc-11980400b5f1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '8t.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6a7345f8-8950-4874-94b7-a4a2076d053f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:47.000Z",
|
|
"modified": "2022-12-19T09:22:47.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '9r.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a04003b9-e918-4305-80f3-8a93756bf065",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = '9r.sk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8b4025a8-3a6b-4397-ba28-7282159ea66f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'a0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bdc6549a-d120-4f2f-b849-0aad16e696cd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'aij.hk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9c4b5b1-dd7a-48fe-9de2-14c3ead2f3ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'as3.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--157501d2-ed48-4319-8408-591d47992e10",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'b3vv.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fcc8ca3c-ce57-4a20-b64c-a594eaef51e1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'b8x.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9bb37e82-5f95-4c38-af73-42f5ef774efb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'b9.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3aa2653f-45f0-4fd5-b9b9-481e16df488c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'bcomb.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0cf5b70f-ae08-4fe2-b17c-8a0ed780afea",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'bo2sv.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--afe125d0-cac4-4dbb-86af-f0a8540ec197",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'bpyo.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--86464d8d-457f-4407-9933-e1d97fce1e0b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'c0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--22a2ad94-1122-480d-ad65-1b25795058f0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'c4z.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--41083164-f714-4e7d-a0de-18d24e1a6746",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'c7.lc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7013ae3b-6908-417c-872f-9fae33f6a128",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'cb3u.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--01c2726f-77a0-465b-b0fb-91b572bffec6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'd0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ca8f4268-2950-4ebe-b443-3118b973682a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'd4j.club']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5988cb26-a1f4-4a46-be3b-172e9fb1f445",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'dj2.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eab8228e-60ab-44e9-be88-e366a235e7e1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'doem.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8eda6b78-cf59-4d4c-b761-668729db4e3f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'dsi.mk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a3b96aab-8b3e-428b-9de8-9741f629ab36",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'e0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edb25eef-c613-43dd-a4e0-6da3e7c0a6e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'e9.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7b226ee8-65de-444c-8da4-ee6cdf2ac29f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'egso.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e4e29065-ca30-4fee-9dad-c9e7c790ef0f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ej3.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--966fa2fa-44f6-4423-a44a-71853f103e06",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ejk.bz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ab6e4045-d470-4216-bd6d-8d0276ebdb09",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ejk.li']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dc5914a1-0315-4247-bb5d-758ec0e52737",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'euya.cn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--13689d8e-3ad0-4116-aad6-748f626b89a2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'eznb.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c4a7865b-9a11-4076-94fd-e6ae4321f48d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'f0.tel']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d9873050-4a42-482c-9661-93a9dc547d6d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'fgcz.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bf561941-5a8c-41fb-b9cd-b719440ef1a9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'fnx.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d990861c-25b9-417c-95e9-33cfad3fbc52",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'fxb.tw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--41bed45b-24e9-4544-92b3-c6698061fc7f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'fz.ms']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--71548cbb-0df4-45f8-a2bf-c380a2a23410",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'g0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f7bf7cec-d28a-43f9-a122-ab59e1511f79",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'g3.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4d17873a-e80c-440d-8ec8-b450c4ca6ed1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'g4.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ea77ffa1-45f5-4c2f-ba1b-7d5b1e7aba87",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'g4.tel']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8c987922-5569-4602-a655-e8ff1a6f475c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'g4.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--74f9449f-6b9b-4ded-97fd-b7fc5e2a01f7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'getmyfile.click']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ba27902-1562-491f-a07b-16ea65628f24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'getmyfile.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9dbe222c-a5ca-4f70-96fa-f1b938968f53",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'getmyfile.link']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7b855019-b2bf-46b5-8b05-e3ae92cf4df6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'glnj.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7002684d-5768-482c-94e0-536e43e36e89",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'gloa.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--31513a41-ae4b-49ef-b55b-0417beb19720",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'gz.qa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4cb5cb02-3498-4e43-b6dd-39a1e0f12dca",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'gz3.nl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f9aefc8-e628-4f3d-8083-91ade72ddb6f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'h0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--698d3bd0-be71-4ad4-9346-118b3e7138a0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'h0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d6ac5848-acd5-487f-a991-32d4594ce085",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'h6.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f312e637-6d37-42e6-89db-33862cfc53f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--68c1cce9-cb1a-4141-be31-abf1f5092eb4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i0up.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--88561fb9-f9c3-4c35-a1aa-5622c9699f02",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i1.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--17cb1c6c-d01b-4541-b03e-b7f1f9ee5ab3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i49.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d2eb1970-c337-4e7b-80df-a40bc0973f6a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i4x.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3ad00795-589d-4cac-8ebc-148cfec832ac",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'i6n.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--092c2afe-15ce-4976-bfe6-af512860d11c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'iyw5.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d8d986da-886b-4370-97db-dcf740e59b62",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'iz.gy']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90643393-a341-41e1-92f3-aa735fc848b8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j1n.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--18b44377-7389-4a74-8a43-1019da17fd7e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j2.gy']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2fbaf3f7-bc52-4b7a-99bc-35aef9177b59",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j3n.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fec38676-707c-40b5-964d-0af571004fbc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j4r.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--44f9a258-23c5-4b6f-9610-8447a7c0d716",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j4z.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e4b2026c-6684-4da5-bccf-dadfc6439386",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j4z.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3acda878-9a09-4485-97a1-b0d7d7e69627",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j5m.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--eb18dfe4-76a6-4f4b-bf37-f063946fd232",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j5n.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--82585293-3047-4f49-b519-3cef85fc214f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j68.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8e8596ca-dd98-4dd3-9b53-6b59b85e6437",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'j8.si']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--33288511-ea3b-4d9e-b47e-1f7f0f7917e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'jjl.one']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--91020589-5ba7-41db-b3f8-6f3ae570aa39",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'jrtz.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6d6cbd04-a68c-41db-b29d-e4e4c64f025c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'jrx.fr']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--347c0396-d7cf-48be-8974-691522d49720",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'jrx.tw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c019e48a-8811-4121-8107-7b9febb9cd28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'jzm.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c356bdf7-1d08-4e24-8e34-f75ba2e9333b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e2165d59-90bd-4d3f-a6c8-34a3938ce8cb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k1n.club']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c161810c-c301-4c0d-a601-4007a153f238",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k5j.one']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--92fef36c-3a97-44ab-9534-0c5b217316dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k5m.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--be59de04-fdb1-49cc-8033-f052d8057c61",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k5x.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f96671c9-33a6-4e87-8974-e92530f70e83",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k6c.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8bd24384-5c85-43cb-9a7a-57fdf4e910c4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k6j.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2515959a-b108-4a29-a58f-edcb66a71001",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'k6j.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dde463c0-e60b-4013-b0e1-724dafddf38d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'kglo.link']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--cc983cd9-ccaa-41fe-a65b-d2aee1e28a8a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:48.000Z",
|
|
"modified": "2022-12-19T09:22:48.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'kj1.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--84e3be7b-3f0c-41ec-bb68-5e144543bd37",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'kjaj.top']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--96d55b85-0caa-401b-9780-e9edfdc04e51",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'kr4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cef6e17-187f-43a5-9414-586e346ad226",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'krrz.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d7ad8277-d2fe-4e0b-9fd2-324341934cb0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'l0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--808aba47-263b-4721-93ce-c108184afa01",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'l5k.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b5ec6afc-72e6-484b-94cf-4accecf28b56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'l6nk.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--510d376b-3a57-4eef-8104-9a7eef131935",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'l9b.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--25d02cc3-d18b-430d-8e01-9c795d538cbd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ldnr.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--042ba6de-8e69-4316-9979-3037eeb66d9f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'lgf.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9e6b4eed-d73a-4bab-89f0-56a256315189",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'li1iv.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--87c572a8-4e7c-469a-87a9-fa4e8782dbb2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'lwip.re']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5fc48a95-d409-45e1-a2d1-38da607694dc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'lwxa.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7517a6f3-05e6-4720-96bf-17582a017634",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'm0.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2b0a6440-193a-447b-8036-3f14f8d6537b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'm0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8dc59744-8247-4ef6-8a1b-c4d0e319e2f8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'm0.yt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1f16d835-7679-4672-a54b-e4084253cb65",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'm5n.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c05caab4-18bf-4665-b0e4-1117634d7b16",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mirw.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--edb5b0e6-002d-42dd-8658-68f97a2f7105",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mn1.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--86ccd18f-dedd-4276-be87-b093f6e05aab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mnem.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a71e0ee5-8416-4672-ad45-bc93d2ad8dc8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'msix.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--03204596-9a53-4726-93e0-360fdd593825",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mwgq.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fc96f8be-951b-4839-a8b8-25ded7e2fc18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mz3.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57c4b12e-c87e-444c-a399-3f610427e4f6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'mzjc.is']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--22e7ee7f-2fe8-471c-bd52-410bcc21a2eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n3.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c930f2d6-0395-484b-9753-dab954b5c7e6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n5.ms']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--34ab9aac-fe9b-45a3-a7ba-252e61fb0cb4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n51.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--09b741da-1eee-4e36-8b9b-60d045d5aa49",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n54.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--68a79251-7658-4ab2-a8c7-e2589744fef5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n5k.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--7720e7aa-e600-4596-98fa-74de77a4e11a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'n9fz.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9499e299-3f16-4872-9165-04e513d8a4b2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'nk0.club']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c0acafa2-3a27-4600-a33f-393adc7c152f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'nt3.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6f44f21b-22cd-4b61-9801-d842a76635b5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'nwz.li']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--171aee96-4194-44ea-a89f-b790523d3b8f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'nz4.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a6a506a9-010d-4f14-8cbe-c49beaf3a2d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'nzm.one']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9d436d9a-7c83-44b2-800b-0cfc6a7889e2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'o7car.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6dad13b0-bf92-4c59-ab3f-6d0ea79d7afe",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'oj8.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ad3845b-67eb-4846-b217-8574e814ffdc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'omzk.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--31caf8fa-2ad9-461f-815a-067097fac9b8",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'p0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--32909740-173d-4581-96d7-635809613bdc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'p3.ms']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--63a10464-b79d-481f-93c2-d975f515cd7e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'p9.tel']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1d2ce439-c305-48f4-bd66-db737e29c2c1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'pjz.one']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c6c5d4d8-8dcb-4ab5-b267-fe4dd7d6c1dd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'q0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--011d2ca7-c6b9-4b68-a74e-afb6b4292c14",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'q0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--666605e0-8195-4e35-b822-b724f48fdb82",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'q2.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--ab930a69-5cf3-4b73-a894-c194c3e222ca",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'qji6.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d88ac7d5-7f96-47ff-b0dc-7af6b8305b8c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'qmpo.art']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--85af1a0f-79a4-4005-87c6-a98730cbff56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'r0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2b672d12-ee76-4922-80a4-395d054ba4ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'r0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f9925fb3-0eb4-4a3b-8e46-50b7eb6c2841",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'r4e.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d25ab28e-76be-49d7-816a-ee061fcd1e4e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'r6.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--29b9bb04-d050-4bcc-a98f-fd6b02291f89",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ri7.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2bc52b9c-e726-45f3-b0e3-f1fb80e5b4e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'rn9v.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a956c9ba-972c-497a-be29-d12caa8d913b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'rx3.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a941fb2a-8350-440a-bb7d-3aa6a30ae815",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 's0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a8c53e6f-226b-4821-a8a1-633d4c105ce2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 's8.cx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b1aefcbe-5027-4e6c-a054-9475eca7563e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'skqv.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--90049ad6-387e-4bba-8e57-341ba2b245e3",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 't0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3316bfd2-d0f8-4986-bb2f-352cd7a0d40b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 't7.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a02a87b3-5512-467f-a924-8a32444319be",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'tiua.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1db68a30-fd23-41e8-9586-17780a722d7f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'trzx.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6410d437-dd10-431a-a623-7ad1aa73618a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'tz6.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4dac994f-9876-4af0-a018-37c55201af23",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'u0.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f041b0b9-e3db-4bd3-b3c3-4143635ba598",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'u0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--35675372-9e38-4d54-bced-9ecd8da2edd5",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'u0.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bcccd3c7-0229-4bbf-80f1-601af2d9cc3e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'u7u.ro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--61d5b4ab-befd-42d6-9075-c33f0ffd95ed",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'u8wp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5dc8d521-78f7-4d83-97c8-09dfe1643d24",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ubv5.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0514722f-8bbd-4011-95f8-a1037cb35586",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ue2.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--74882ad9-585a-4b42-a321-8bf90ed620cd",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'uoej.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--50dec3dd-a589-486d-b6cb-12e786a912e2",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'uqw.futbol']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--973467b3-ea0b-4d56-9524-0c9b832e0d20",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'uz3.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--daf73e02-df2d-4ec3-a748-7d6912876b70",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'v0.cx']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--189a0034-94e7-4191-8b1b-cfb632de62e0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'vn6.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--fc61082b-adbd-4300-a75b-29b91fd44acb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'vqdn.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c9fbdb0e-e0a8-4735-9a29-16868ca92d3d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'vs.gy']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8322355d-cb9b-4be6-97bd-6e84b725bb5a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--63a90297-d7a6-46a7-81f2-c5da074ddec1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w0iq.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--19c50e52-6313-4ec6-9806-347086ddcef0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w4.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--93e774f3-c40a-484b-b373-b745ab88b71f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w4.rs']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8999fc5f-41a9-425a-a5a0-e6f526982b8d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w4.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e9b84ead-97c5-48fd-92f8-f91ea1c75f93",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:49.000Z",
|
|
"modified": "2022-12-19T09:22:49.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'w6.nz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--e9bf9c36-9553-4e38-876d-c623c7530c6e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'wak.rocks']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dfc8564c-0c28-4cd7-8421-cdde39edc91f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'xjam.hk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--70ab60c9-d7bd-4081-9bd9-afb64536d330",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'xtabr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d098a898-40f9-4c8a-80b7-79e9ebfe1bdf",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'xz4.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--795c92f0-5474-4bb1-b4fc-4d89b85cf003",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'y0.pm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--22ad1e21-a348-4ed4-b224-6d866a1ab682",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'y0.wf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f5a3c0c3-5763-4119-a016-5e370eda1f1c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'y3x.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--1f85f78c-a812-4756-9843-2a805c45ff18",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'ynns.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--960dccfc-5180-46a6-a36f-8089eb9d3825",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'yuiw.xyz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--aa046f62-44ca-460d-86e7-7b5a16732a80",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'z7s.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a8aa69bd-063c-414d-9edf-b21e3fd68692",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zbs.is']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3d69e18b-5341-4c4c-9cb7-73af223c1704",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zi9f.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a68fb465-f713-4c3c-a658-368f30c0ca5c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zie5.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--bd99e9ed-e0e1-4ffa-a93e-2b3e9d47ac89",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zjc.bz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--15d682aa-5c0e-41f2-a9a4-f67dc643e183",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zk.qa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--21d6b907-0d2a-4167-967f-6c58a42fc304",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zk4.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--996b832c-4b83-4b20-ae83-2ae5a138e058",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zk5.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0ff9b6e9-a2be-40db-b8a1-266e0df2f33a",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:22:50.000Z",
|
|
"modified": "2022-12-19T09:22:50.000Z",
|
|
"description": "From https://raw.githubusercontent.com/SEKOIA-IO/Community/main/IOCs/qnapworm/20220704_QNAP_Worm_Infrastructure",
|
|
"pattern": "[domain-name:value = 'zxn.fyi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2022-12-19T09:22:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--aaf09192-2cff-4665-aae1-05a6e8cae7ba",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:28:03.000Z",
|
|
"modified": "2022-12-19T09:28:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "link",
|
|
"value": "https://redcanary.com/blog/raspberry-robin/",
|
|
"category": "External analysis",
|
|
"uuid": "39dc2fbe-f68c-414e-94ec-5867c8bd095c"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "summary",
|
|
"value": "Raspberry Robin gets the worm early\r\n\r\nRed Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.",
|
|
"category": "Other",
|
|
"uuid": "e2350615-9e5d-4e34-8dbb-0cda7b2d70f3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Blog",
|
|
"category": "Other",
|
|
"uuid": "bc877e77-decb-4913-aecf-8f62a917a257"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "report"
|
|
},
|
|
{
|
|
"type": "note",
|
|
"spec_version": "2.1",
|
|
"id": "note--20084cb0-fdb3-4c37-bd8d-692470e66ed7",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2022-12-19T09:31:02.000Z",
|
|
"modified": "2022-12-19T09:31:02.000Z",
|
|
"abstract": "Raspberry Robin gets the worm early",
|
|
"content": "@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") gets the worm early\r\n===================================\r\n\r\nRed Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious @[tag](dll).\r\n\r\n###### [Lauren Podber](https://redcanary.com/authors/lauren-podber)- [Stef Rand](https://redcanary.com/authors/stef-rand)\r\n\r\n*Originally published May 5, 2022. Last modified September 16, 2022.*\r\n\r\n*Over the past several months, Red Canary @[tag](misp-galaxy:sector=\"Intelligence\") has been tracking a cluster of malicious activity we call @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"). Read on for details on what @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") is, high-fidelity opportunities to detect known behaviors, and background on how we decided to cluster this activity.*\r\n\r\n*Check out this [video update](https://www.youtube.com/watch?v=xLteZDHiA1Y) for the latest developments and guidance on how to test your detection capabilities\u00a0with [@[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omic Red Team](https://atomicredteam.io/).*\r\n\r\n\"@[tag](misp-galaxy:malpedia=\"Raspberry Robin\")\" is Red Canary's name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive. This activity cluster relies on `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` to call out to its infrastructure, often compromised QNAP devices, using HTTP requests that contain a victim's user and device names. We also observed @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") use TOR exit nodes as additional command and control (@[tag](c2)) infrastructure.\r\n\r\nLike most activity clusters we track, @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") began as a handful of detections with similar characteristics that we saw in multiple customers' environments, first noticed by [Jason Killam](https://redcanary.com/authors/jason-killam/) from Red Canary's Detection Engineering team. We saw @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") activity as far back as September 2021, though most related activity occurred during or after January 2022. As we observed additional activity, we couldn't find public reporting to corroborate our analysis, aside from [some findings on VirusTotal](https://www.virustotal.com/gui/collection/cea528052dc6137b9ec1f2b03342921894fd0bb3b21209320bfdcb4ff7d27fb8) that we suspected were related based on overlap in @[tag](c2) domains.\r\n\r\nTo date, we've observed @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") in organizations with ties to technology and manufacturing, though it's not yet clear if there are other links among victims. We have several intelligence gaps around this cluster, including the operators' objectives. While we don't yet have the full picture, we want to share what we know about this activity cluster so far to enrich collective understanding of this threat and empower defenders to identify this activity. We use the cluster name \"@[tag](misp-galaxy:malpedia=\"Raspberry Robin\")\" to refer to the entire chain of activity described below, including the initial access method, the worm itself, and the follow-on execution and @[tag](c2) activity.\r\n\r\nBelow we've provided a comprehensive analysis of known @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") behavior with corresponding detection opportunities along the way.\r\n\r\n)\r\n\r\n*Figure 1: @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") event outline*\r\n\r\nInitial access\r\n--------------\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") is typically introduced via infected removable drives, often USB devices. The @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") worm often appears as a shortcut `.lnk` file masquerading as a legitimate folder on the infected USB device.\r\n\r\nSoon after the @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") infected drive is connected to the system, the UserAssist registry entry is updated and records execution of a ROT13-ciphered value referencing a `.lnk` file when deciphered. In the example below, `q:\\erpbirel.yax` deciphers to `d:\\recovery.lnk`.\r\n\r\n@[attribute](09c5f151-1880-4d05-980a-a804fc0ccd4a))\r\n\r\n*Figure 2: Registry modification with ROT13 `.lnk` file*\r\n\r\nExecution\r\n---------\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") first uses `@[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350)` to read and execute a file stored on the infected external drive. The command is consistent across @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") detections we have seen so far, making it reliable early evidence of potential @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") activity. Typically the command line includes `cmd /R <` to read and execute a file. The use of `cmd /R <` is not unique to @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"), but the filename pattern is unique. The filename is made up of five to seven random alphanumeric characters and a variety of file extensions. Some of the file extensions we've seen include `.usb`, `ico`, `.lnk`, `.bin`, .`sv`, and `.lo`. Additionally, the command has sometimes included type, which is a built-in command to display the contents of a file.\r\n\r\nHere's an example of what the whole command might look like:\r\n\r\n@[attribute](4576484c-a673-42a3-af99-1f40dd358f63))\r\n\r\n*Figure 3: @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") `@[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350)` command*\r\n\r\nNext, `@[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350)` typically launches `explorer.exe` and `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)`. With @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"), `explorer.exe`'s command line can be a mixed-case reference to an external device; a person's name, like `LAUREN V`; or the name of the `.lnk` file, like the figure below. The name here has been modified from the `.lnk` file name to `LNkFILe`. While we aren't sure of this command's exact purpose, we've consistently observed it in @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") detections.\r\n\r\n@[attribute](9181b862-89f3-461a-8699-ae8808f0200b))\r\n\r\n*Figure 4: Mixed-case command referring to device or name*\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") extensively uses mixed-case letters in its commands. Adversaries sometimes use mixed-case syntax in an attempt to evade detection. Case-sensitive, string-based detections written to detect `evil` may not fire on `eViL`, but `@[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350)` is case-insensitive and has the flexibility to read and process both commands the same way.\r\n\r\nCommand and control (@[tag](c2))\r\n------------------------\r\n\r\nLet's look at @[tag](misp-galaxy:malpedia=\"Raspberry Robin\")'s `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` command in detail, since that informs our first behavior-based detection opportunity.\r\n\r\nWhile `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") uses `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` to attempt external network communication to a malicious domain for @[tag](c2) purposes. The command line has several key features we have seen across multiple detections:\r\n\r\n- Use of mixed-case syntax (this is yet another example of mixed case use by @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"))\r\n- Use of short, recently-registered domains only containing a few characters, for example `@[attribute](5f491ca2-c442-477f-90c0-4ce9c24e4415)`\r\n- The domains in our detections hosted QNAP NAS device login pages around the time of the @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") activity. We hypothesize @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") may use compromised QNAP devices for @[tag](c2) infrastructure. The use of (ostensibly) compromised QNAP devices for @[tag](c2) infrastructure is not unique to this activity cluster, but we observed operators using these across several @[tag](misp-galaxy:malpedia=\"Raspberry Robin\")-associated detections.\r\n- Inclusion of port `8080`, a non-standard HTTP web service port, in the URL\r\n- Inclusion of a string of random alphanumeric characters as the URL subdirectory, frequently followed by the victim's hostname and username\r\n\r\nHere is a modified example of a full malicious @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` command line matching all of the above criteria. The random string has been modified, and the victim's host name replaced with `HOSTNAME`, though the domain name remains the original one observed.\r\n\r\n@[attribute](c0414832-c1f2-4916-95f9-9b0c7b8bc68f))\r\n\r\n*Figure 5: Malicious @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` command*\r\n\r\nTo detect @[tag](suspicious) use of `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` by @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") or other threats, it's essential to take a look at the command line and the URL. Detecting `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` making outbound network connections to download and install packages in the command line interface will give you the opportunity to examine the activity and determine if it's malicious or not.\r\n\r\n* * * * *\r\n\r\n### Detection opportunity: **`@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` downloading and executing packages**\r\n\r\nIdentify the use of Windows Installer @[tag](misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\") `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` to download and @[attribute](fb37533c-7565-4a53-a143-dd9c2d601132)\r\npackages in the CLI.\r\n\r\nprocess == @[attribute](cc53c160-20f9-4025-996a-943559ffc34a)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nprocess_command_line_includes == `('http:', '@[attribute](47b88fa1-f5a1-44af-b835-3cb6f743d776)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nprocess_command_line_includes == `('/q', '-q')`\r\n\r\n* * * * *\r\n\r\nPersistence\r\n-----------\r\n\r\nIn several @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") detections, we have seen `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` go on to install a malicious @[tag](dll) file. @[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\") this time we are not certain what the @[tag](dll) does.. We suspect it may establish persistence on the victim's system. In the detections we saw, the malicious files were created as `C:\\Windows\\Installer\\@[tag](msi)****.tmp` files. In one case, a file with the same hash was also created as `C:\\Users\\username\\AppData\\Local\\Temp\\bznwi.ku`.\r\n\r\nExamples:\r\n\r\n- `C:\\Windows\\Installer\\@[tag](msi)5C01.tmp`\\\r\n `C:\\Users\\username\\AppData\\Local\\Temp\\bznwi.ku`\r\n - Shared MD5 hash: @[attribute](47817f4f-417b-4ee2-beae-85e5ae229c08)\r\n - [VirusTotal example](https://www.virustotal.com/gui/file/1a5fcb209b5af4c620453a70653263109716f277150f0d389810df85ec0beac1/)\r\n- `C:\\Windows\\Installer\\@[tag](msi)E160.tmp`\r\n - MD5 hash: @[attribute](5d88a4cb-b84a-48df-9249-fafc353320bc)\r\n - [VirusTotal example](https://www.virustotal.com/gui/file/c0a13af59e578b77e82fe0bc87301f93fc2ccf0adce450087121cb32f218092c/)\r\n\r\nExecution (again)\r\n-----------------\r\n\r\nNext, `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` launches a legitimate Windows utility, `fodhelper.exe`, which in turn spawns `rundll32.exe` to execute a malicious command. Processes launched by `fodhelper.exe` run with elevated administrative privileges without requiring a User Account Control prompt. It is unusual for `fodhelper.exe` to spawn any processes as the parent, making this another useful detection opportunity.\r\n\r\n* * * * *\r\n\r\n### Detection opportunity: `fodhelper.exe` as a parent process\r\n\r\nIdentify Windows Features On Demand helper `fodhelper.exe` creating processes as the parent.\r\n\r\nparent_process == `('fodhelper')`\r\n\r\n* * * * *\r\n\r\nThe `rundll32.exe` command starts another legitimate Windows utility, in this case `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)`, and passes in additional commands to execute and configure the recently-installed malicious @[tag](dll) `bznwi.ku` (Hash: `@[attribute](47817f4f-417b-4ee2-beae-85e5ae229c08)`). Here is what that command looks like. (We modified the random string values in the command, as well as replaced the victim's username with `username`.)\r\n\r\n@[attribute](849568fc-cc7e-433a-a306-7758028225da))\r\n\r\n*Figure 6: Malicious `rundll32.exe` command*\r\n\r\nThe `-A` flag in `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` specifies an action. `configdriver` loads the driver setup @[tag](dll), in this case `VKIPDSE`. `SETFILEDSNDIR` creates the registry location @[attribute](268a7686-67e8-4e86-b6a5-f02de7ee6209) File @[attribute](0512470f-6f14-48cd-8f91-7ab0ffe13d54), if it does not already exist, and specifies the default location used by the ODBC Data @[tag](misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Source\") Administrator when creating a file-based data source. `INSTALLDRIVER` adds additional information about the driver.\r\n\r\nIn this detection, we saw `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` successfully execute the malicious command. Since `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` has a built-in `regsvr` flag similar to `regsvr32.exe`, it can be used by adversaries to execute @[tag](dll)s and bypass application control defenses that aren't monitoring for `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` misuse.\r\n\r\n* * * * *\r\n\r\n### Detection opportunity: **`@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` loading .@[tag](dll)s**\r\n\r\nDetect the Windows Open Database Connectivity utility loading a @[attribute](6d4adc80-d015-40b1-8d5d-b32f73c67e0a)\r\nfile or @[tag](dll). The /A flag specifies an action, `/F` uses a response file, and `/S` runs in silent @[attribute](ee779db7-f8fd-4d60-ac06-502d4a6369be)\r\n`Odbcconf.exe` running rgsvr actions in silent mode could indicate misuse.\r\n\r\nprocess == @[attribute](5deea668-eee5-4192-8a17-62233d29c665)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nprocess_command_line_includes == @[attribute](2c12bcf3-8508-44af-a44b-5f926ac216eb)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nprocess_command_line_includes == `('/f', '@[attribute](484486c5-6b10-4f9f-901f-687e21853c0c)\r\n@[suggestion](|@[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf))\r\nprocess_command_line_includes == `('/a', '@[attribute](fe465f07-1729-4e7d-86db-3167a40ab721)\r\n@[suggestion](|@[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf))\r\nprocess_command_line_includes == `('/s', '-s')`\r\n\r\n* * * * *\r\n\r\n@[tag](c2), part deux\r\n-------------\r\n\r\nWe observed outbound @[tag](c2) activity involving the processes `regsvr32.exe`, `rundll32.exe`, and `dllhost.exe` executing without any command-line parameters and making external network connections to IP addresses associated with TOR nodes. Additionally, some of the IP addresses in the connections host domains consisting of random alphanumeric characters. For example, `hxxps[:]//www[.]ivuoq6si2a[.]com/`.\r\n\r\nThis activity presents us with a final detection opportunity. It is atypical for `regsvr32.exe`, `rundll32.exe` and `dllhost.exe` to execute with no command-line parameters and establish external network connections. This behavior is not inherently malicious, but is good to monitor.\r\n\r\n* * * * *\r\n\r\n### Detection opportunity: **network connections from the command line with** **no parameters**\r\n\r\nDetect `regsvr32.exe`, `rundll32.exe`, and `dllhost.exe` making external @[attribute](a0e7c5ba-abda-4bc7-a30f-8e9a55a99bf4)\r\nconnections with an empty command line.\r\n\r\nprocess == @[attribute](bb387cbd-bcb9-4ef7-816b-e641f191ae49)\r\n@[suggestion](|@[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf))\r\nprocess == @[attribute](5beb0b40-5158-4095-b300-de0b77a70e4e)\r\n@[suggestion](|@[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf))\r\nprocess == @[attribute](1e6484b7-b7a2-408f-a217-bf1a6a8d7d04)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nprocess_command_line_contains == @[attribute](b238f8d0-b440-4ae4-9554-28fd9a0221ba)\r\n@[attribute](d1ed6267-8eda-4187-b222-bf1e9cd85bb5)\r\nhas_netconnection\r\n\r\n**Note: Double Quotes (\"\") within the command line means null.*\r\n\r\n* * * * *\r\n\r\nTesting\r\n-------\r\n\r\n*Editor's note: We added the testing section to this article on May 11, 2022 and updated it on @[tag](misp-galaxy:tool=\"August\") 2, 2022.*\r\n\r\nThe detection opportunities listed in this article should offer good coverage against some @[tag](misp-galaxy:malpedia=\"Raspberry Robin\")-related techniques. However, it's hard to know if a detection analytic is configured or implemented correctly without testing it. Luckily, we've got a few different @[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omic Red Team tests that should effectively emulate the pseudo-detection analytics listed above. *Note: [@[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omic Red Team](https://atomicredteam.io/) is an open source library of tests that security professionals can use to validate their security controls.*\r\n\r\n### Emulating Command Prompt reading and executing the contents of a CMD file\r\n\r\nThis atomic was developed specifically to emulate @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"). It uses the \"standard-in\" command prompt feature (`cmd /R <`) to read and execute a file via @[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350). Run the following in the Command Prompt:\r\n\r\n```\r\ncmd /r cmd<C:\\@[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omicRedTeam\\atomics\\T1059.003\\src\\t1059.003_cmd.cmd\r\n```\r\n\r\nYou can find the test file in the atomics library [here](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md#atomic-test-5---command-prompt-read-contents-from-cmd-file-and-execute).\r\n\r\n### Emulating `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` downloading and executing packages\r\n\r\nThis following atomic retrieves an arbitrary @[tag](msi) file from a remote IP address and executes it. Note that the process is `@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc)` and that the command line includes `/q` and `https:`---all of the variables mentioned in the above detection opportunity. Run the following in the Command Prompt:\r\n\r\n```\r\n@[attribute](85c32a4e-7ebf-43a2-9f2c-92e076c767cc) /q /i \"@[attribute](11515eaf-09fe-4aac-912f-6459acfad623)\"\r\n```\r\n\r\nYou can find the test file in the atomics library [here](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md#atomic-test-11---msiexecexe---execute-remote-msi-file).\r\n\r\n### Emulating `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` loading @[tag](dll)s\r\n\r\nThe following atomic uses `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` to load and execute a locally stored @[tag](dll). Note that the process will be `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` and that the command line includes the `/a` and `/s` parameters that the pseudo detection analytic looks for.\r\n\r\n```\r\n@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a) /S /A {REGSVR \"C\\@[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omicRedTeam\\atomics\\T1218.008\\src\\Win32\\T1218-2.dll\"}\r\n```\r\n\r\nNote that this test includes a prerequisite. You can find detailed instructions in the [T1218.008 atomics @[attribute](71238972-2405-410d-b22e-0e8997cfbd94)).\r\n\r\n### Emulating network connections from the command line with no parameters\r\n\r\nThe following isn't a perfect atomic for emulating this detection opportunity, but it'll emulate the `rundll32.exe` process start and the network connection (albeit with a corresponding command line). Run the following in the Command Prompt.\r\n\r\n```\r\nrundll32.exe @[attribute](9c6078b3-d0b4-4a29-b530-5987487de076),RunHTMLApplication \";@[attribute](7a84592a-f64e-4084-8efd-570004d94a9a)();@[attribute](56fa56dc-296e-4c55-9332-70580ec0d951)();\r\n```\r\n\r\nYou can find the test file in the atomics library [here](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md#atomic-test-1---rundll32-execute-javascript-remote-payload-with-getobject).\r\n\r\n@[tag](misp-galaxy:sector=\"Intelligence\") gaps\r\n-----------------\r\n\r\nSeveral unanswered questions about this cluster remain. @[tag](misp-galaxy:ransomware=\"First\") and foremost, we don't know how or where @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") infects external drives to perpetuate its activity, though it's likely this occurs offline or otherwise outside of our visibility. We also don't know why @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") installs a malicious @[tag](dll). @[tag](misp-galaxy:ransomware=\"One\") hypothesis is that it may be an attempt to establish persistence on an infected system, though additional information is required to build confidence in that hypothesis.\r\n\r\nPerhaps our biggest question concerns the operators' objectives. Absent additional information on later-stage activity, it's difficult to make inferences on the goal or goals of these campaigns. Despite this, we hope this information is useful for informing broader efforts to track and better detect @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") activity. We hope to start a conversation that will help the whole community learn more about this threat. If you've been tracking similar activity, we'd love to hear from you and collaborate. Contact <@[attribute](6227f374-370a-4a15-bf33-7fa86f327dc1)> with any observations or questions.\r\n\r\n*Thank you to all our contributing researchers who helped make this research possible, especially [Jeff Felling](https://redcanary.com/authors/jeff-felling/) from Red Canary @[tag](misp-galaxy:sector=\"Intelligence\") and [Jason Killam](https://redcanary.com/authors/jason-killam/) from Red Canary Detection Engineering.*\r\n\r\nAppendix\r\n--------\r\n\r\nAs we define parameters for an activity cluster, we map behaviors to [MITRE ATT&CK](https://redcanary.com/mitre-attack/) where applicable and note observables of interest. In some cases, often with infrastructure and certain adversary decisions, observables associated with an activity cluster may not neatly map to an ATT&CK technique, and that's okay.\r\n\r\n| Tactic | Technique | Description | Observable |\r\n| --- | --- | --- | --- |\r\n|\r\n\r\n**Initial Access**\r\n\r\n |\r\n\r\nT1091 Replication Through Removable Media\r\n\r\n |\r\n\r\nIn some cases, @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") was introduced via infected removable drives. In these instances, the worm appeared as a shortcut (LNK file) masquerading as a legitimate folder on a USB device\r\n\r\n |\r\n\r\ne:\\removable @[attribute](86e9c491-0daa-4a24-8416-ab305dc32217)\r\n\r\n |\r\n|\r\n\r\n**Initial Access**\r\n\r\n @[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf)\r\n |\r\n\r\n`explorer.exe` with a command line containing a reference to a device or a name\r\n\r\n |\r\n\r\nExpLoRER \"USB Drive\" or EXPLorEr \"LAUREN V\" @[attribute](6675efaa-e012-4e6f-b3fe-c823a311b366)\r\neXPLOReR LNkFILe\r\n\r\n |\r\n|\r\n\r\n**Execution**\r\n\r\n |\r\n\r\nT1059.003 @[tag](misp-galaxy:cmtmf-attack-pattern=\"Command and Scripting Interpreter\") (Windows Command Shell)\r\n\r\n |\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") uses the \"standard-in\" command prompt feature `cmd/R <` to read and execute a file with a name composed of several seemingly random alphanumeric characters\r\n\r\n |\r\n\r\n@[suggestion](C:\\Windows\\system32\\@[attribute](bd4ada09-e9f3-452a-a694-b60d0e13a350))\" /R CMD<@[attribute](788d9f8a-ee65-4413-ba53-aa821295155c)\r\n\r\n |\r\n|\r\n\r\n**Defense Evasion**\r\n\r\n @[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf)\r\n |\r\n\r\nThe use of mixed-case letters, which is tradecraft sometimes used by adversaries to evade defenses (not unique to @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"))\r\n\r\n |\r\n\r\nmSIeXEc, ExpLoRER, or HTtp in a command line\r\n\r\n |\r\n|\r\n\r\n**Defense Evasion**\r\n\r\n |\r\n\r\nT1218.008 @[tag](Signed) Binary @[tag](Proxy) Execution: @[attribute](fa3d03a5-c0a5-45bd-a2a9-1cf5cdf4b0ba)\r\nT1218.008 @[tag](Signed) Binary @[tag](Proxy) Execution: Odbcconf\r\n\r\n |\r\n\r\n@[tag](misp-galaxy:malpedia=\"Raspberry Robin\") uses legitimate Windows utilities like `fodhelper.exe` and `@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a)` to proxy @[tag](dll) file execution with `rundll32.exe`\r\n\r\n |\r\n\r\n\"RUN@[tag](dll)32.exe\" shell32,ShellExec_Run@[tag](dll)A \"@[suggestion](C:\\WINDOWS\\syswow64\\@[attribute](3b599e72-fa09-4be4-94bf-67198ec82d2a))\" -A {regsvr \"@[attribute](f8fbc847-b0ef-4afe-b32e-ba4bc975183f).\"} -E -A {configdriver VKIPDSE} -A {SETFILEDSNDIR fnpawxs PXQAND ofeslkscqqczuaj} -a {INSTALLDRIVER fqcmypo OGEYSCKXFTBNXAF}\r\n\r\n |\r\n|\r\n\r\n**@[tag](c2)**\r\n\r\n |\r\n\r\nT1218.007 @[tag](Signed) Binary @[tag](Proxy) Execution: @[attribute](f4836f13-62dd-43e2-b74e-825a09959a6a)\r\nT1071.001 Application Layer Protocol: Web Protocols\r\n\r\n |\r\n\r\n`Msiexec.exe` making external network connections to URLs that include the victim's hostname and username\r\n\r\n |\r\n\r\nmsiEXEC /Q -I @[attribute](763b6c2d-f047-4454-8dbb-0a6f55c088f3)\r\n\r\n |\r\n|\r\n\r\n**@[tag](c2)**\r\n\r\n @[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf)\r\n |\r\n\r\nRecently registered top-level domains with few characters, likely used as @[tag](c2) infrastructure\r\n\r\n |\r\n\r\n@[attribute](117d8e6c-a095-4c44-82a2-fcae60ee5595) or @[attribute](5f491ca2-c442-477f-90c0-4ce9c24e4415)\r\n\r\n |\r\n|\r\n\r\n**@[tag](c2)**\r\n\r\n @[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf)\r\n |\r\n\r\nUse of infrastructure tied to compromised QNAP NAS devices (not unique to @[tag](misp-galaxy:malpedia=\"Raspberry Robin\"))\r\n\r\n @[attribute](359c5991-d3b2-471b-abc9-9faa57dc25cf)\r\n |\r\n|\r\n\r\n**@[tag](c2)**\r\n\r\n |\r\n\r\nT1218.008 @[tag](Signed) Binary @[tag](Proxy) Execution: @[attribute](fa3d03a5-c0a5-45bd-a2a9-1cf5cdf4b0ba)\r\nT1218.008 @[tag](Signed) Binary @[tag](Proxy) Execution: Regsvr32\r\n\r\n |\r\n\r\n`rundll32.exe` and `regsvr32.exe` used for @[tag](c2) communication\r\n\r\n |\r\n\r\nLook for `rundll32.exe` and/or `regsvr32.exe` making external network connections with no command-line arguments\r\n\r\n |\r\n\r\n###### MORE ON RASPBERRY ROBIN\r\n\r\n[\r\n\r\nWatch our security experts break down new developments in @[tag](misp-galaxy:malpedia=\"Raspberry Robin\") TTPs, along with the most helpful @[tag](misp-galaxy:mitre-attack-pattern=\"At - T1053.002\")omic Red Team tests for validating your detection coverage.\r\n\r\n](https://www.youtube.com/watch?v=xLteZDHiA1Y)\r\n\r\n[](https://www.youtube.com/watch?v=xLteZDHiA1Y)\r\n\r\n[](https://www.youtube.com/watch?v=xLteZDHiA1Y)",
|
|
"object_refs": [
|
|
"report--0ebe51c2-31f1-4ba4-b7ab-1f5e62531e45"
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |