From 6a2b7e483e9a0f3c17f0aa25fff11d6716753fde Mon Sep 17 00:00:00 2001 From: tek Date: Fri, 23 Aug 2024 15:44:51 +0200 Subject: [PATCH 1/2] Improves STIX2 support and testing --- mvt/android/modules/adb/chrome_history.py | 3 +- mvt/android/modules/adb/sms.py | 3 +- mvt/android/modules/adb/whatsapp.py | 3 +- mvt/android/modules/backup/sms.py | 3 +- mvt/common/indicators.py | 149 +- mvt/ios/modules/backup/manifest.py | 2 +- mvt/ios/modules/fs/analytics.py | 8 +- mvt/ios/modules/fs/cache_files.py | 2 +- mvt/ios/modules/fs/safari_favicon.py | 4 +- mvt/ios/modules/fs/webkit_base.py | 2 +- mvt/ios/modules/mixed/chrome_favicon.py | 6 +- mvt/ios/modules/mixed/chrome_history.py | 2 +- mvt/ios/modules/mixed/firefox_favicon.py | 4 +- mvt/ios/modules/mixed/firefox_history.py | 2 +- mvt/ios/modules/mixed/safari_browserstate.py | 4 +- mvt/ios/modules/mixed/safari_history.py | 2 +- mvt/ios/modules/mixed/shortcuts.py | 2 +- mvt/ios/modules/mixed/sms.py | 2 +- .../mixed/webkit_resource_load_statistics.py | 2 +- .../mixed/webkit_session_resource_log.py | 2 +- mvt/ios/modules/mixed/whatsapp.py | 2 +- tests/artifacts/generate_stix.py | 30 + .../stix2/638cd3ee5e5f019f84f9e0ea.json | 1147 +++ tests/artifacts/stix2/cytrox.stix2 | 8248 +++++++++++++++++ tests/common/test_indicators.py | 74 +- 25 files changed, 9640 insertions(+), 68 deletions(-) create mode 100644 tests/artifacts/stix2/638cd3ee5e5f019f84f9e0ea.json create mode 100644 tests/artifacts/stix2/cytrox.stix2 diff --git a/mvt/android/modules/adb/chrome_history.py b/mvt/android/modules/adb/chrome_history.py index bdf240cff..54be2a0ec 100644 --- a/mvt/android/modules/adb/chrome_history.py +++ b/mvt/android/modules/adb/chrome_history.py @@ -51,8 +51,9 @@ def check_indicators(self) -> None: return for result in self.results: - if self.indicators.check_domain(result["url"]): + if self.indicators.check_url(result["url"]): self.detected.append(result) + continue def _parse_db(self, db_path: str) -> None: """Parse a Chrome History database file. diff --git a/mvt/android/modules/adb/sms.py b/mvt/android/modules/adb/sms.py index f9bd1e355..f8aeba35a 100644 --- a/mvt/android/modules/adb/sms.py +++ b/mvt/android/modules/adb/sms.py @@ -85,8 +85,9 @@ def check_indicators(self) -> None: if message_links == []: message_links = check_for_links(message["body"]) - if self.indicators.check_domains(message_links): + if self.indicators.check_urls(message_links): self.detected.append(message) + continue def _parse_db(self, db_path: str) -> None: """Parse an Android bugle_db SMS database file. diff --git a/mvt/android/modules/adb/whatsapp.py b/mvt/android/modules/adb/whatsapp.py index 1c10cc8cf..28ee1702c 100644 --- a/mvt/android/modules/adb/whatsapp.py +++ b/mvt/android/modules/adb/whatsapp.py @@ -55,8 +55,9 @@ def check_indicators(self) -> None: continue message_links = check_for_links(message["data"]) - if self.indicators.check_domains(message_links): + if self.indicators.check_urls(message_links): self.detected.append(message) + continue def _parse_db(self, db_path: str) -> None: """Parse an Android msgstore.db WhatsApp database file. diff --git a/mvt/android/modules/backup/sms.py b/mvt/android/modules/backup/sms.py index 8db9ad6e2..a75be261d 100644 --- a/mvt/android/modules/backup/sms.py +++ b/mvt/android/modules/backup/sms.py @@ -43,8 +43,9 @@ def check_indicators(self) -> None: if message_links == []: message_links = check_for_links(message.get("text", "")) - if self.indicators.check_domains(message_links): + if self.indicators.check_urls(message_links): self.detected.append(message) + continue def run(self) -> None: sms_path = "apps/com.android.providers.telephony/d_f/*_sms_backup" diff --git a/mvt/common/indicators.py b/mvt/common/indicators.py index 19dc6a219..9e6b2dbf5 100644 --- a/mvt/common/indicators.py +++ b/mvt/common/indicators.py @@ -73,15 +73,18 @@ def _new_collection( "emails": [], "file_names": [], "file_paths": [], + "files_md5": [], + "files_sha1": [], "files_sha256": [], "app_ids": [], "ios_profile_ids": [], "android_property_names": [], + "urls": [], "count": 0, } def _add_indicator(self, ioc: str, ioc_coll: dict, ioc_coll_list: list) -> None: - ioc = ioc.strip("'") + ioc = ioc.replace("'", "").strip() if ioc not in ioc_coll_list: ioc_coll_list.append(ioc) ioc_coll["count"] += 1 @@ -89,6 +92,7 @@ def _add_indicator(self, ioc: str, ioc_coll: dict, ioc_coll_list: list) -> None: def _process_indicator(self, indicator: dict, collection: dict) -> None: key, value = indicator.get("pattern", "").strip("[]").split("=") + key = key.strip() if key == "domain-name:value": # We force domain names to lower case. @@ -116,6 +120,14 @@ def _process_indicator(self, indicator: dict, collection: dict) -> None: self._add_indicator( ioc=value, ioc_coll=collection, ioc_coll_list=collection["file_paths"] ) + elif key == "file:hashes.md5": + self._add_indicator( + ioc=value, ioc_coll=collection, ioc_coll_list=collection["files_md5"] + ) + elif key == "file:hashes.sha1": + self._add_indicator( + ioc=value, ioc_coll=collection, ioc_coll_list=collection["files_sha1"] + ) elif key == "file:hashes.sha256": self._add_indicator( ioc=value, ioc_coll=collection, ioc_coll_list=collection["files_sha256"] @@ -137,6 +149,14 @@ def _process_indicator(self, indicator: dict, collection: dict) -> None: ioc_coll=collection, ioc_coll_list=collection["android_property_names"], ) + elif key == "url:value": + self._add_indicator( + ioc=value, + ioc_coll=collection, + ioc_coll_list=collection["urls"], + ) + else: + self.log.debug("Can't add indicator %s, type %s not supported", value, key) def parse_stix2(self, file_path: str) -> None: """Extract indicators from a STIX2 file. @@ -160,13 +180,17 @@ def parse_stix2(self, file_path: str) -> None: malware = {} indicators = [] relationships = [] + reports = [] for entry in data.get("objects", []): entry_type = entry.get("type", "") + # Consider both malware and reports as collections if entry_type == "malware": malware[entry["id"]] = { "name": entry["name"], "description": entry.get("description", ""), } + elif entry_type == "report": + reports.append(entry) elif entry_type == "indicator": indicators.append(entry) elif entry_type == "relationship": @@ -183,27 +207,58 @@ def parse_stix2(self, file_path: str) -> None: ) collections.append(collection) + for report in reports: + collection = self._new_collection( + report["id"], + report.get("name", ""), + report.get("description", ""), + os.path.basename(file_path), + file_path, + ) + collections.append(collection) + + # Adds a default collection + default_collection = self._new_collection( + "0", + "Default collection", + "Collection with IOCs unrelated to malware or reports", + os.path.basename(file_path), + file_path, + ) + # We loop through all indicators. for indicator in indicators: malware_id = None - # We loop through all relationships and find the one pertinent to - # the current indicator. - for relationship in relationships: - if relationship["source_ref"] != indicator["id"]: - continue - - # Look for a malware definition with the correct identifier. - if relationship["target_ref"] in malware.keys(): - malware_id = relationship["target_ref"] - break - - # Now we look for the correct collection matching the malware ID we - # got from the relationship. - for collection in collections: - if collection["id"] == malware_id: - self._process_indicator(indicator, collection) - break + # We loop through reports first to see if the indicator is in the refs + for report in reports: + for ref in report.get("object_refs", []): + if ref == indicator["id"]: + malware_id = report["id"] + break + + if malware_id is None: + # We loop through all relationships and find the one pertinent to + # the current indicator. + for relationship in relationships: + if relationship["source_ref"] != indicator["id"]: + continue + + # Look for a malware definition with the correct identifier. + if relationship["target_ref"] in malware.keys(): + malware_id = relationship["target_ref"] + break + + if malware_id is not None: + # Now we look for the correct collection matching the malware ID we + # got from the relationship. + for collection in collections: + if collection["id"] == malware_id: + self._process_indicator(indicator, collection) + break + else: + # Adds to the default collection + self._process_indicator(indicator, default_collection) for coll in collections: self.log.debug( @@ -213,6 +268,9 @@ def parse_stix2(self, file_path: str) -> None: ) self.ioc_collections.extend(collections) + if default_collection["count"] > 0: + # Adds the default collection only if therare some IOCs in it + self.ioc_collections.append(default_collection) def load_indicators_files( self, files: list, load_default: Optional[bool] = True @@ -251,7 +309,7 @@ def get_ioc_matcher( Build an Aho-Corasick automaton from a list of iocs (i.e indicators) Returns an Aho-Corasick automaton - This data-structue and algorithim allows for fast matching of a large number + This data-structue and algorithm allows for fast matching of a large number of match strings (i.e IOCs) against a large body of text. This will also match strings containing the IOC, so it is important to confirm the match is a valid IOC before using it. @@ -261,7 +319,7 @@ def get_ioc_matcher( print(ioc) We use an LRU cache to avoid rebuilding the automaton every time we call a - function such as check_domain(). + function such as check_url(). """ automaton = ahocorasick.Automaton() if ioc_type: @@ -269,7 +327,7 @@ def get_ioc_matcher( elif ioc_list: iocs = ioc_list else: - raise ValueError("Must provide either ioc_tyxpe or ioc_list") + raise ValueError("Must provide either ioc_type or ioc_list") for ioc in iocs: automaton.add_word(ioc["value"], ioc) @@ -277,7 +335,7 @@ def get_ioc_matcher( return automaton @lru_cache() - def check_domain(self, url: str) -> Union[dict, None]: + def check_url(self, url: str) -> Union[dict, None]: """Check if a given URL matches any of the provided domain indicators. :param url: URL to match against domain indicators @@ -290,9 +348,21 @@ def check_domain(self, url: str) -> Union[dict, None]: if not isinstance(url, str): return None - # Create an Aho-Corasick automaton from the list of domains - domain_matcher = self.get_ioc_matcher("domains") + # Check the URL first + for ioc in self.get_iocs("urls"): + if ioc["value"] == url: + self.log.warning( + "Found a known suspicious URL %s " + 'matching indicator "%s" from "%s"', + url, + ioc["value"], + ioc["name"], + ) + return ioc + # Then check the domain + # Create an Aho-Corasick automaton from the list of urls + domain_matcher = self.get_ioc_matcher("domains") try: # First we use the provided URL. orig_url = URL(url) @@ -316,7 +386,7 @@ def check_domain(self, url: str) -> Union[dict, None]: orig_url.url, dest_url.url, ) - return self.check_domain(dest_url.url) + return self.check_url(dest_url.url) final_url = dest_url else: @@ -389,7 +459,7 @@ def check_domain(self, url: str) -> Union[dict, None]: return None - def check_domains(self, urls: list) -> Union[dict, None]: + def check_urls(self, urls: list) -> Union[dict, None]: """Check a list of URLs against the provided list of domain indicators. :param urls: List of URLs to check against domain indicators @@ -401,7 +471,7 @@ def check_domains(self, urls: list) -> Union[dict, None]: return None for url in urls: - check = self.check_domain(url) + check = self.check_url(url) if check: return check @@ -591,9 +661,9 @@ def check_profile(self, profile_uuid: str) -> Union[dict, None]: return None def check_file_hash(self, file_hash: str) -> Union[dict, None]: - """Check the provided SHA256 file hash against the list of indicators. + """Check the provided file hash against the list of indicators. - :param file_hash: SHA256 hash to check + :param file_hash: hash to check :type file_hash: str :returns: Indicator details if matched, otherwise None @@ -601,7 +671,14 @@ def check_file_hash(self, file_hash: str) -> Union[dict, None]: if not file_hash: return None - for ioc in self.get_iocs("files_sha256"): + if len(file_hash) == 32: + hash_type = "md5" + elif len(file_hash) == 40: + hash_type = "sha1" + else: + hash_type = "sha256" + + for ioc in self.get_iocs("files_" + hash_type): if file_hash.lower() == ioc["value"].lower(): self.log.warning( 'Found a known suspicious file with hash "%s" ' @@ -659,3 +736,15 @@ def check_android_property_name(self, property_name: str) -> Optional[dict]: return ioc return None + + def check_domain(self, url: str) -> Union[dict, None]: + """ + Renamed check_url now, kept for compatibility + """ + return self.check_url(url) + + def check_domains(self, urls: list) -> Union[dict, None]: + """ + Renamed check_domains, kept for compatibility + """ + return self.check_urls(urls) diff --git a/mvt/ios/modules/backup/manifest.py b/mvt/ios/modules/backup/manifest.py index 6dac3741c..b1da12855 100644 --- a/mvt/ios/modules/backup/manifest.py +++ b/mvt/ios/modules/backup/manifest.py @@ -105,7 +105,7 @@ def check_indicators(self) -> None: except Exception: continue - ioc = self.indicators.check_domain(part) + ioc = self.indicators.check_url(part) if ioc: self.log.warning( 'Found mention of domain "%s" in a backup file with ' diff --git a/mvt/ios/modules/fs/analytics.py b/mvt/ios/modules/fs/analytics.py index 5165f666d..d84ce0f6a 100644 --- a/mvt/ios/modules/fs/analytics.py +++ b/mvt/ios/modules/fs/analytics.py @@ -70,14 +70,8 @@ def check_indicators(self) -> None: self.detected.append(new_result) continue - ioc = self.indicators.check_domain(value) + ioc = self.indicators.check_url(value) if ioc: - self.log.warning( - 'Found mention of a malicious domain "%s" in %s file at %s', - value, - result["artifact"], - result["isodate"], - ) new_result = copy.copy(result) new_result["matched_indicator"] = ioc self.detected.append(new_result) diff --git a/mvt/ios/modules/fs/cache_files.py b/mvt/ios/modules/fs/cache_files.py index 5a91efcac..120ed1d04 100644 --- a/mvt/ios/modules/fs/cache_files.py +++ b/mvt/ios/modules/fs/cache_files.py @@ -51,7 +51,7 @@ def check_indicators(self) -> None: self.detected = {} for key, values in self.results.items(): for value in values: - ioc = self.indicators.check_domain(value["url"]) + ioc = self.indicators.check_url(value["url"]) if ioc: value["matched_indicator"] = ioc if key not in self.detected: diff --git a/mvt/ios/modules/fs/safari_favicon.py b/mvt/ios/modules/fs/safari_favicon.py index aadd19131..72bcc9bd8 100644 --- a/mvt/ios/modules/fs/safari_favicon.py +++ b/mvt/ios/modules/fs/safari_favicon.py @@ -51,9 +51,9 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if not ioc: - ioc = self.indicators.check_domain(result["icon_url"]) + ioc = self.indicators.check_url(result["icon_url"]) if ioc: result["matched_indicator"] = ioc diff --git a/mvt/ios/modules/fs/webkit_base.py b/mvt/ios/modules/fs/webkit_base.py index a8edb4eba..7e4b2451c 100644 --- a/mvt/ios/modules/fs/webkit_base.py +++ b/mvt/ios/modules/fs/webkit_base.py @@ -18,7 +18,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/chrome_favicon.py b/mvt/ios/modules/mixed/chrome_favicon.py index addfe328e..f50ee2929 100644 --- a/mvt/ios/modules/mixed/chrome_favicon.py +++ b/mvt/ios/modules/mixed/chrome_favicon.py @@ -51,13 +51,13 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if not ioc: - ioc = self.indicators.check_domain(result["icon_url"]) - + ioc = self.indicators.check_url(result["icon_url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) + continue def run(self) -> None: self._find_ios_database( diff --git a/mvt/ios/modules/mixed/chrome_history.py b/mvt/ios/modules/mixed/chrome_history.py index e934a6c3d..e59ea9fc6 100644 --- a/mvt/ios/modules/mixed/chrome_history.py +++ b/mvt/ios/modules/mixed/chrome_history.py @@ -55,7 +55,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/firefox_favicon.py b/mvt/ios/modules/mixed/firefox_favicon.py index 173e2e7da..8c88e4a3f 100644 --- a/mvt/ios/modules/mixed/firefox_favicon.py +++ b/mvt/ios/modules/mixed/firefox_favicon.py @@ -53,9 +53,9 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result.get("url", "")) + ioc = self.indicators.check_url(result.get("url", "")) if not ioc: - ioc = self.indicators.check_domain(result.get("history_url", "")) + ioc = self.indicators.check_url(result.get("history_url", "")) if ioc: result["matched_indicator"] = ioc diff --git a/mvt/ios/modules/mixed/firefox_history.py b/mvt/ios/modules/mixed/firefox_history.py index 851096715..69bc03480 100644 --- a/mvt/ios/modules/mixed/firefox_history.py +++ b/mvt/ios/modules/mixed/firefox_history.py @@ -56,7 +56,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/safari_browserstate.py b/mvt/ios/modules/mixed/safari_browserstate.py index e0242ab8f..616ea2004 100644 --- a/mvt/ios/modules/mixed/safari_browserstate.py +++ b/mvt/ios/modules/mixed/safari_browserstate.py @@ -58,7 +58,7 @@ def check_indicators(self) -> None: for result in self.results: if "tab_url" in result: - ioc = self.indicators.check_domain(result["tab_url"]) + ioc = self.indicators.check_url(result["tab_url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) @@ -69,7 +69,7 @@ def check_indicators(self) -> None: for session_entry in result["session_data"]: if "entry_url" in session_entry: - ioc = self.indicators.check_domain(session_entry["entry_url"]) + ioc = self.indicators.check_url(session_entry["entry_url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/safari_history.py b/mvt/ios/modules/mixed/safari_history.py index cfa7361e6..56bc9d03e 100644 --- a/mvt/ios/modules/mixed/safari_history.py +++ b/mvt/ios/modules/mixed/safari_history.py @@ -107,7 +107,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domain(result["url"]) + ioc = self.indicators.check_url(result["url"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/shortcuts.py b/mvt/ios/modules/mixed/shortcuts.py index 47f9386d3..91a0e8952 100644 --- a/mvt/ios/modules/mixed/shortcuts.py +++ b/mvt/ios/modules/mixed/shortcuts.py @@ -72,7 +72,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domains(result["action_urls"]) + ioc = self.indicators.check_urls(result["action_urls"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/sms.py b/mvt/ios/modules/mixed/sms.py index e5b744be8..12eef0c76 100644 --- a/mvt/ios/modules/mixed/sms.py +++ b/mvt/ios/modules/mixed/sms.py @@ -84,7 +84,7 @@ def check_indicators(self) -> None: # Making sure not link was ignored if message_links == []: message_links = check_for_links(result.get("text", "")) - ioc = self.indicators.check_domains(message_links) + ioc = self.indicators.check_urls(message_links) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/webkit_resource_load_statistics.py b/mvt/ios/modules/mixed/webkit_resource_load_statistics.py index f5beec6a6..333517c13 100644 --- a/mvt/ios/modules/mixed/webkit_resource_load_statistics.py +++ b/mvt/ios/modules/mixed/webkit_resource_load_statistics.py @@ -60,7 +60,7 @@ def check_indicators(self) -> None: self.detected = [] for result in self.results: - ioc = self.indicators.check_domain(result["registrable_domain"]) + ioc = self.indicators.check_url(result["registrable_domain"]) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/mvt/ios/modules/mixed/webkit_session_resource_log.py b/mvt/ios/modules/mixed/webkit_session_resource_log.py index 17af3fee3..19ba8a280 100644 --- a/mvt/ios/modules/mixed/webkit_session_resource_log.py +++ b/mvt/ios/modules/mixed/webkit_session_resource_log.py @@ -86,7 +86,7 @@ def check_indicators(self) -> None: [entry["origin"]] + source_domains + destination_domains ) - ioc = self.indicators.check_domains(all_origins) + ioc = self.indicators.check_urls(all_origins) if ioc: entry["matched_indicator"] = ioc self.detected.append(entry) diff --git a/mvt/ios/modules/mixed/whatsapp.py b/mvt/ios/modules/mixed/whatsapp.py index 7bf99002b..4e5d8db6b 100644 --- a/mvt/ios/modules/mixed/whatsapp.py +++ b/mvt/ios/modules/mixed/whatsapp.py @@ -57,7 +57,7 @@ def check_indicators(self) -> None: return for result in self.results: - ioc = self.indicators.check_domains(result.get("links", [])) + ioc = self.indicators.check_urls(result.get("links", [])) if ioc: result["matched_indicator"] = ioc self.detected.append(result) diff --git a/tests/artifacts/generate_stix.py b/tests/artifacts/generate_stix.py index 5801025b5..dbbfc647b 100644 --- a/tests/artifacts/generate_stix.py +++ b/tests/artifacts/generate_stix.py @@ -17,6 +17,9 @@ def generate_test_stix_file(file_path): emails = ["foobar@example.org"] filenames = ["/var/foobar/txt"] android_property = ["sys.foobar"] + sha256 = ["570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6"] + sha1 = ["da0611a300a9ce9aa7a09d1212f203fca5856794"] + urls = ["http://example.com/thisisbad"] res = [] malware = Malware(name="TestMalware", is_family=False, description="") @@ -66,6 +69,33 @@ def generate_test_stix_file(file_path): res.append(i) res.append(Relationship(i, "indicates", malware)) + for h in sha256: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[file:hashes.sha256='{}']".format(h), + pattern_type="stix", + ) + res.append(i) + res.append(Relationship(i, "indicates", malware)) + + for h in sha1: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[file:hashes.sha1='{}']".format(h), + pattern_type="stix", + ) + res.append(i) + res.append(Relationship(i, "indicates", malware)) + + for u in urls: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[url:value='{}']".format(u), + pattern_type="stix", + ) + res.append(i) + res.append(Relationship(i, "indicates", malware)) + bundle = Bundle(objects=res) with open(file_path, "w+", encoding="utf-8") as f: f.write(bundle.serialize(pretty=True)) diff --git a/tests/artifacts/stix2/638cd3ee5e5f019f84f9e0ea.json b/tests/artifacts/stix2/638cd3ee5e5f019f84f9e0ea.json new file mode 100644 index 000000000..80a73238b --- /dev/null +++ b/tests/artifacts/stix2/638cd3ee5e5f019f84f9e0ea.json @@ -0,0 +1,1147 @@ +{ + "id": "bundle--eaad6132-6cae-4287-b414-a052969f312b", + "objects": [ + { + "created": "2022-12-04T17:07:58.525Z", + "created_by_ref": "identity--ab072f15-9b87-4ee1-898f-b584d41f29b0", + "description": "This page is full of links to the research and development of Amnesty International\u2019s \u201cPegasus Project, which was launched in July 2021, and will be published in the autumn.", + "id": "report--eaad6132-6cae-4287-b414-a052969f312b", + "labels": [ + "threat-report" + ], + "modified": "2022-12-04T17:07:58.525Z", + "name": "Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "object_refs": [ + "identity--ab072f15-9b87-4ee1-898f-b584d41f29b0", + "indicator--0caf4b08-58ee-429b-9dc0-90f959dccf24", + "indicator--047fb7ee-c918-495b-9aaf-9bce190e55d0", + "indicator--c7c3a0bc-87c8-4d91-a0d2-6465349180e6", + "indicator--dedca6c0-3292-42f2-b03f-2fc716ad9f5f", + "indicator--849e20d0-6b0c-4a9d-bd4f-8779cbbeb2ef", + "indicator--c3ac278c-c5f9-4d43-b775-88feec0e2e4e", + "indicator--e716359f-82ce-4840-9e47-c1addd8ad01e", + "indicator--74ed348b-2c96-4cc7-a1c5-f25e96991225", + "indicator--287b5078-4ce7-4146-a20a-ef9c167a002a", + "indicator--b7dc50bb-40fb-4123-960e-a7b0ad987891", + "indicator--b5c04be9-f0e2-432f-a764-e7f665e061d9", + "indicator--7bcea38a-66bf-4dee-8499-1a506d1504e7", + "indicator--e8953b8d-8d31-461b-a10d-1036798679a7", + "indicator--ae8cea3b-f29f-4df3-8ecc-66999e0ae364", + "indicator--5a213c55-3a49-4b5d-ba62-e39354057bfd", + "indicator--baa7af47-e86d-4e3a-88cb-af45a82f4b76", + "indicator--7bc85530-43b3-4555-b25c-893c13ccbb89", + "indicator--77edf72b-a2e2-4913-ade6-f47c3f02b900", + "indicator--6adb2bb6-680a-46bc-a640-39bf15a9200a", + "indicator--731e27a5-a81f-472b-88ac-8d4fff12af0d", + "indicator--85aeb7ee-66b4-4b97-8413-db8c0411fded", + "indicator--8c4282aa-cbe1-4a07-acdb-942bb2d83654", + "indicator--d8bb5866-fb12-4ed9-bfc6-3a2581b1c3c0", + "indicator--94e5243a-0ba2-4d73-b9c7-f96b395ae6b1", + "indicator--b091b5a2-1eee-4f0c-8a37-f83729d74dbf", + "indicator--2d7c8240-bc7d-458f-9357-93ef26085a1c", + "indicator--559ac653-bdf5-4037-bad7-6fe032ffd62e", + "indicator--f2828b3c-6c19-4735-8a84-7ce510982dfa", + "indicator--dfb8e9c2-29a9-417c-a92a-6fa0d36e07b9", + "indicator--e4a9c04c-4075-416b-8d6c-9878ddf016a2", + "indicator--8f0657cc-6baa-4883-a90e-b9695c34c855", + "indicator--6e71ec80-0360-4cfb-a33f-5ff1f7063c82", + "indicator--d7b783eb-5041-4312-bd21-7f31b132257c", + "indicator--8aec0475-06f6-44c8-acd4-5ab6c18e6381", + "indicator--c2ee959c-f3de-4296-b612-f2ad874680b8", + "indicator--74742448-3349-4dd0-96f9-056ee70b6341", + "indicator--4f64a55b-f895-4f03-8adf-061f58c7a331", + "indicator--53e64ab8-0453-4f92-9ee0-a40b308dfc3f", + "indicator--c0464357-7d81-4d1b-9920-9871036bf475", + "indicator--4dcfe318-a100-435c-bce8-c13591f95824", + "indicator--3500a609-6b74-4d48-894b-0cd5741f69d3", + "indicator--e08bec06-d476-42f5-94e0-ab9aa197f719", + "indicator--91618402-7ad8-4488-a29b-b9ed298fc1a1", + "indicator--e3def455-41f1-4f8a-9118-b018f6c3c79a", + "indicator--d23a6c83-e427-4780-a3d2-32819c93fc77", + "indicator--d10bdfcc-b944-4226-8254-0cc40e91b9fc", + "indicator--3455d30f-caf2-4b39-b140-ebc85d706ef0", + "indicator--f181185c-4fff-4b4e-8ec5-252b39388cc5", + "indicator--2c21ef03-a26f-4a2e-91cf-28f0a86f0f04", + "indicator--23e288e9-f5c4-4eff-a2b4-d190890d1e77", + "indicator--40cb1b4a-62ae-4840-a725-cda86a86787a", + "indicator--f2085dcc-2067-47cb-8429-09358b260642", + "indicator--b1f4be3e-6120-4785-9fe9-eb9eb7dc15ba", + "indicator--b91f46dd-14e3-460f-95d4-f673c1de6f34", + "indicator--cc5e245b-2985-4780-8cc0-2e58d709ffac", + "indicator--dbf5fdf9-10d9-4088-8a2d-fa93df95d11f", + "indicator--04c821bb-3b0e-450e-b632-f853a3e3453e", + "indicator--b9b24400-7e41-46a6-bf5c-f204c6a3830c", + "indicator--1233faa5-5145-4c84-9b6a-55f40f46c856", + "indicator--b317269e-5c00-4cc8-8b5d-6954326ea738", + "indicator--cedab02b-1522-4921-9e31-9e465e2ad1db", + "indicator--547029b9-70be-488a-b31f-81b44cd29dc0", + "indicator--35863923-dea8-482a-9e2e-a73c10fa0612", + "indicator--8501f1a5-0d29-464c-bf06-dce919453a14", + "indicator--62b28f7e-2692-4710-b25b-29a1384e8d1f", + "indicator--9fac1fa0-0629-4662-9256-16eba7465f2b", + "indicator--eab04089-a7d5-41e6-9242-bc1ccb79c419", + "indicator--1bfa33c1-4315-49fc-812c-6ecf3f9b91b2", + "indicator--0585f538-3438-4a90-81db-d9065239d403", + "threat-actor--665bebf1-3859-48dc-ad39-8a379e22f8bb" + ], + "published": "2022-12-04T17:07:58.525Z", + "spec_version": "2.1", + "type": "report" + }, + { + "contact_information": "https://otx.alienvault.com/", + "created": "2022-12-04T17:07:58.525Z", + "id": "identity--ab072f15-9b87-4ee1-898f-b584d41f29b0", + "identity_class": "organization", + "modified": "2022-12-04T17:07:58.525Z", + "name": "Open Threat Exchange", + "spec_version": "2.1", + "type": "identity" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--0caf4b08-58ee-429b-9dc0-90f959dccf24", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'http://statsads.co/2dL8ARH']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--047fb7ee-c918-495b-9aaf-9bce190e55d0", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://accountsecurities.org/16tPqQC']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--c7c3a0bc-87c8-4d91-a0d2-6465349180e6", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://accountsecurities.org/1GtwF5e']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--dedca6c0-3292-42f2-b03f-2fc716ad9f5f", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://awizo.info/7AvsrqNYR']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--849e20d0-6b0c-4a9d-bd4f-8779cbbeb2ef", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://event-reg.info/GtwVmKKL']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--c3ac278c-c5f9-4d43-b775-88feec0e2e4e", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://holiday-sun.net/eXppP19S']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--e716359f-82ce-4840-9e47-c1addd8ad01e", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://loginverify.net/6Egzh2F']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--74ed348b-2c96-4cc7-a1c5-f25e96991225", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://loginverify.net/EWSRfbj']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--287b5078-4ce7-4146-a20a-ef9c167a002a", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://loginverify.net/sj5zsue']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b7dc50bb-40fb-4123-960e-a7b0ad987891", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/KvFw9qa']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b5c04be9-f0e2-432f-a764-e7f665e061d9", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/OQ7vwelrL']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--7bcea38a-66bf-4dee-8499-1a506d1504e7", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/ORzJIfp']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--e8953b8d-8d31-461b-a10d-1036798679a7", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/TPy8paiO']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--ae8cea3b-f29f-4df3-8ecc-66999e0ae364", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/WU7HJGVQ']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--5a213c55-3a49-4b5d-ba62-e39354057bfd", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/aMtsfCb']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--baa7af47-e86d-4e3a-88cb-af45a82f4b76", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/awBn8Tl']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--7bc85530-43b3-4555-b25c-893c13ccbb89", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/e2sM1ryy']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--77edf72b-a2e2-4913-ade6-f47c3f02b900", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/fx9zM94']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--6adb2bb6-680a-46bc-a640-39bf15a9200a", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/gTLGJUVG']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--731e27a5-a81f-472b-88ac-8d4fff12af0d", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/ljdyQkie']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--85aeb7ee-66b4-4b97-8413-db8c0411fded", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://myfreecharge.online/muWMKiV']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--8c4282aa-cbe1-4a07-acdb-942bb2d83654", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://news-alert.org/PSlwgEF']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--d8bb5866-fb12-4ed9-bfc6-3a2581b1c3c0", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://news-alert.org/Tdcs3jLF']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--94e5243a-0ba2-4d73-b9c7-f96b395ae6b1", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://news-alert.org/l0xz0K9G']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b091b5a2-1eee-4f0c-8a37-f83729d74dbf", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://news-alert.org/sJHra27pL']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--2d7c8240-bc7d-458f-9357-93ef26085a1c", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://news-alert.org/u6GjGDqZ']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--559ac653-bdf5-4037-bad7-6fe032ffd62e", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://newsportal24.online/8ZedQvG']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--f2828b3c-6c19-4735-8a84-7ce510982dfa", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://newsportal24.online/kcUU9pshh']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--dfb8e9c2-29a9-417c-a92a-6fa0d36e07b9", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://newsportal24.online/mtM8dy6cz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--e4a9c04c-4075-416b-8d6c-9878ddf016a2", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://nnews.co/2661562s/']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--8f0657cc-6baa-4883-a90e-b9695c34c855", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://oneadjump.com/SQY8jBX']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--6e71ec80-0360-4cfb-a33f-5ff1f7063c82", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://redirstats.com/6XWDCRXg']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--d7b783eb-5041-4312-bd21-7f31b132257c", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://redirstats.com/eT1sfwL']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--8aec0475-06f6-44c8-acd4-5ab6c18e6381", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://sale-2019.com/2CaJGuQ']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--c2ee959c-f3de-4296-b612-f2ad874680b8", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://sale-2019.com/8QCAqcU8']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--74742448-3349-4dd0-96f9-056ee70b6341", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/2B56JyXwZ']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--4f64a55b-f895-4f03-8adf-061f58c7a331", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/7WyJA54']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--53e64ab8-0453-4f92-9ee0-a40b308dfc3f", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/8cyi5wZdC']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--c0464357-7d81-4d1b-9920-9871036bf475", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/91EiQzIaP']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--4dcfe318-a100-435c-bce8-c13591f95824", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/JcnbIk9']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--3500a609-6b74-4d48-894b-0cd5741f69d3", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/SomI5j9B']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--e08bec06-d476-42f5-94e0-ab9aa197f719", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/VydNfLH']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--91618402-7ad8-4488-a29b-b9ed298fc1a1", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/amJpgd1']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--e3def455-41f1-4f8a-9118-b018f6c3c79a", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/bSY9nvxKd']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--d23a6c83-e427-4780-a3d2-32819c93fc77", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/hQazyCLf']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--d10bdfcc-b944-4226-8254-0cc40e91b9fc", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/uWgGyEy']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--3455d30f-caf2-4b39-b140-ebc85d706ef0", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/uZv28X3']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--f181185c-4fff-4b4e-8ec5-252b39388cc5", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsads.co/vbngDiFW']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--2c21ef03-a26f-4a2e-91cf-28f0a86f0f04", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsupplier.com/QCbLhAG']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--23e288e9-f5c4-4eff-a2b4-d190890d1e77", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsupplier.com/R5sG1GzZ']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--40cb1b4a-62ae-4840-a725-cda86a86787a", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsupplier.com/TVrGgkX']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--f2085dcc-2067-47cb-8429-09358b260642", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://statsupplier.com/d3GyDeQSt']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b1f4be3e-6120-4785-9fe9-eb9eb7dc15ba", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://verify-app.online/qdcFaTr']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b91f46dd-14e3-460f-95d4-f673c1de6f34", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[url:value = 'https://verify-app.online/sv3o8mIW']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--cc5e245b-2985-4780-8cc0-2e58d709ffac", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'accountsecurities.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--dbf5fdf9-10d9-4088-8a2d-fa93df95d11f", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'awizo.info']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--04c821bb-3b0e-450e-b632-f853a3e3453e", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'event-reg.info']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b9b24400-7e41-46a6-bf5c-f204c6a3830c", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'holiday-sun.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--1233faa5-5145-4c84-9b6a-55f40f46c856", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'loginverify.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--b317269e-5c00-4cc8-8b5d-6954326ea738", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'myfreecharge.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--cedab02b-1522-4921-9e31-9e465e2ad1db", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'news-alert.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--547029b9-70be-488a-b31f-81b44cd29dc0", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'newsportal24.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--35863923-dea8-482a-9e2e-a73c10fa0612", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'nnews.co']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--8501f1a5-0d29-464c-bf06-dce919453a14", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'oneadjump.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--62b28f7e-2692-4710-b25b-29a1384e8d1f", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'redirstats.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--9fac1fa0-0629-4662-9256-16eba7465f2b", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'sale-2019.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--eab04089-a7d5-41e6-9242-bc1ccb79c419", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'statsads.co']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--1bfa33c1-4315-49fc-812c-6ecf3f9b91b2", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'statsupplier.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "created": "2022-12-04T17:07:59.000Z", + "description": "", + "id": "indicator--0585f538-3438-4a90-81db-d9065239d403", + "labels": [], + "modified": "2022-12-04T17:07:59.000Z", + "name": "OTX pulse_name=Pegasus Forensic Traces per Target Identified in the Aftermath of the Pegasus Project Revelations - Amnesty International", + "pattern": "[domain-name:value = 'verify-app.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "spec_version": "2.1", + "type": "indicator", + "valid_from": "2022-12-04T17:07:59.000Z" + }, + { + "aliases": [ + "Comment Panda", + "PLA Unit 61398", + "APT 1", + "APT1", + "Advanced Persistent Threat 1", + "Byzantine Candor", + "Group 3", + "TG-8223", + "Comment Group", + "Brown Fox", + "GIF89a", + "ShadyRAT", + "Shanghai Group" + ], + "created": "2022-12-04T17:07:58.525Z", + "description": [ + "PLA Unit 61398 (Chinese: 61398\u90e8\u961f, Pinyin: 61398 b\u00f9du\u00ec) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks" + ], + "external_references": [ + [ + { + "source_name": "MISP Threat Actor list", + "url": "https://en.wikipedia.org/wiki/PLA_Unit_61398" + }, + { + "source_name": "MISP Threat Actor list", + "url": "http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://www.cfr.org/interactive/cyber-operations/pla-unit-61398" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f1265df5-6e5e-4fcc-9828-d4ddbbafd3d7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://attack.mitre.org/groups/G0006/" + }, + { + "source_name": "MISP Threat Actor list", + "url": "https://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html" + } + ] + ], + "id": "threat-actor--665bebf1-3859-48dc-ad39-8a379e22f8bb", + "labels": [ + "activist" + ], + "modified": "2022-12-04T17:07:58.525Z", + "name": "NSO", + "spec_version": "2.1", + "type": "threat-actor" + } + ], + "spec_version": "2.1", + "type": "bundle" +} \ No newline at end of file diff --git a/tests/artifacts/stix2/cytrox.stix2 b/tests/artifacts/stix2/cytrox.stix2 new file mode 100644 index 000000000..c92b60aed --- /dev/null +++ b/tests/artifacts/stix2/cytrox.stix2 @@ -0,0 +1,8248 @@ +{ + "type": "bundle", + "id": "bundle--55fd9639-3cd6-47e1-bed0-1aa726d6b2d3", + "objects": [ + { + "type": "malware", + "spec_version": "2.1", + "id": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b", + "created": "2023-07-28T12:14:36.1948Z", + "modified": "2023-07-28T12:14:36.1948Z", + "name": "Predator", + "description": "IOCs for Cytrox Predator", + "is_family": false + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--34655650-3d18-47b5-bb6c-b9bdb7b26203", + "created": "2023-07-28T12:14:36.194951Z", + "modified": "2023-07-28T12:14:36.194951Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shortenurls.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.194951Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ff6b7f13-ba1f-4b0a-b969-a72c6a28c452", + "created": "2023-07-28T12:14:36.198028Z", + "modified": "2023-07-28T12:14:36.198028Z", + "relationship_type": "indicates", + "source_ref": "indicator--34655650-3d18-47b5-bb6c-b9bdb7b26203", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--238be8c9-bbd0-4ab5-ba82-16a7dab3d864", + "created": "2023-07-28T12:14:36.198329Z", + "modified": "2023-07-28T12:14:36.198329Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mobnetlink1.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.198329Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--de5c0a1a-b44f-4b76-b9ce-c5bd192a300d", + "created": "2023-07-28T12:14:36.198764Z", + "modified": "2023-07-28T12:14:36.198764Z", + "relationship_type": "indicates", + "source_ref": "indicator--238be8c9-bbd0-4ab5-ba82-16a7dab3d864", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8c4733c8-c530-4ff6-a246-949d40a2844f", + "created": "2023-07-28T12:14:36.19885Z", + "modified": "2023-07-28T12:14:36.19885Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='updete.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.19885Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5c51d3f2-1f62-4a07-8b98-4bbf46880b46", + "created": "2023-07-28T12:14:36.199247Z", + "modified": "2023-07-28T12:14:36.199247Z", + "relationship_type": "indicates", + "source_ref": "indicator--8c4733c8-c530-4ff6-a246-949d40a2844f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6be9cb0f-ab7b-4f7e-8b99-1f88ac87509e", + "created": "2023-07-28T12:14:36.199329Z", + "modified": "2023-07-28T12:14:36.199329Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='heiiasjournai.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.199329Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ce9f277c-9ba6-4f1a-921c-b51b88f1187c", + "created": "2023-07-28T12:14:36.199659Z", + "modified": "2023-07-28T12:14:36.199659Z", + "relationship_type": "indicates", + "source_ref": "indicator--6be9cb0f-ab7b-4f7e-8b99-1f88ac87509e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1fa78ae3-5fd8-46a8-8c99-9767f9c6d715", + "created": "2023-07-28T12:14:36.199746Z", + "modified": "2023-07-28T12:14:36.199746Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='zougla.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.199746Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9cce3e9e-35e3-4be8-954b-e25cfa5180cb", + "created": "2023-07-28T12:14:36.200095Z", + "modified": "2023-07-28T12:14:36.200095Z", + "relationship_type": "indicates", + "source_ref": "indicator--1fa78ae3-5fd8-46a8-8c99-9767f9c6d715", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e97e6f70-3e1a-4a39-bfa9-b6632d664b2e", + "created": "2023-07-28T12:14:36.200195Z", + "modified": "2023-07-28T12:14:36.200195Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='teslal.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.200195Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--367c768d-32bf-4b4c-900c-a9ea714415f4", + "created": "2023-07-28T12:14:36.200465Z", + "modified": "2023-07-28T12:14:36.200465Z", + "relationship_type": "indicates", + "source_ref": "indicator--e97e6f70-3e1a-4a39-bfa9-b6632d664b2e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--56c2232b-3add-4342-a425-490cb1e54dbb", + "created": "2023-07-28T12:14:36.200546Z", + "modified": "2023-07-28T12:14:36.200546Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vouliwatch.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.200546Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a31d659e-7305-450c-9bc8-68ae71fa4bd7", + "created": "2023-07-28T12:14:36.200817Z", + "modified": "2023-07-28T12:14:36.200817Z", + "relationship_type": "indicates", + "source_ref": "indicator--56c2232b-3add-4342-a425-490cb1e54dbb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a35702f2-8e76-4b68-86b5-eefc1a6236dc", + "created": "2023-07-28T12:14:36.200899Z", + "modified": "2023-07-28T12:14:36.200899Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pastepast.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.200899Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a6ab783a-15a4-4209-8007-930d251dfd68", + "created": "2023-07-28T12:14:36.201207Z", + "modified": "2023-07-28T12:14:36.201207Z", + "relationship_type": "indicates", + "source_ref": "indicator--a35702f2-8e76-4b68-86b5-eefc1a6236dc", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8590177a-10b6-4d52-a32e-91718d9b5224", + "created": "2023-07-28T12:14:36.201288Z", + "modified": "2023-07-28T12:14:36.201288Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mozillaupdate.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.201288Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--76b9c02d-ea43-4772-b222-b89758dcc1f9", + "created": "2023-07-28T12:14:36.201523Z", + "modified": "2023-07-28T12:14:36.201523Z", + "relationship_type": "indicates", + "source_ref": "indicator--8590177a-10b6-4d52-a32e-91718d9b5224", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d2c56e78-89dc-422b-9004-449b8b705e10", + "created": "2023-07-28T12:14:36.201599Z", + "modified": "2023-07-28T12:14:36.201599Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='burgerprince.us']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.201599Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--149cc2d7-f2ef-4cd0-8921-f5e875105ac0", + "created": "2023-07-28T12:14:36.201862Z", + "modified": "2023-07-28T12:14:36.201862Z", + "relationship_type": "indicates", + "source_ref": "indicator--d2c56e78-89dc-422b-9004-449b8b705e10", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d2b90d65-c66c-42cb-9c3c-2594596793d2", + "created": "2023-07-28T12:14:36.201936Z", + "modified": "2023-07-28T12:14:36.201936Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='infosms-a.site']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.201936Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ade990e9-435a-4b38-adce-7ae4c45e21af", + "created": "2023-07-28T12:14:36.202234Z", + "modified": "2023-07-28T12:14:36.202234Z", + "relationship_type": "indicates", + "source_ref": "indicator--d2b90d65-c66c-42cb-9c3c-2594596793d2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--83961302-fd0c-4dcd-afe1-109feeef7454", + "created": "2023-07-28T12:14:36.202314Z", + "modified": "2023-07-28T12:14:36.202314Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='speedymax.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.202314Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--72263e22-1e21-484f-8bfa-d3690a1f4640", + "created": "2023-07-28T12:14:36.20255Z", + "modified": "2023-07-28T12:14:36.20255Z", + "relationship_type": "indicates", + "source_ref": "indicator--83961302-fd0c-4dcd-afe1-109feeef7454", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6cd1bb78-323b-48cb-85c0-c3e18d62c71f", + "created": "2023-07-28T12:14:36.202625Z", + "modified": "2023-07-28T12:14:36.202625Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lylink.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.202625Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bac17765-bd6c-485e-9c59-4529727fa776", + "created": "2023-07-28T12:14:36.202892Z", + "modified": "2023-07-28T12:14:36.202892Z", + "relationship_type": "indicates", + "source_ref": "indicator--6cd1bb78-323b-48cb-85c0-c3e18d62c71f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--10ab1574-0549-4a7f-a9ec-1dd683fddac2", + "created": "2023-07-28T12:14:36.202969Z", + "modified": "2023-07-28T12:14:36.202969Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hellasjournal.website']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.202969Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cbf15659-6900-4a77-b72b-b484bc1f11d5", + "created": "2023-07-28T12:14:36.203272Z", + "modified": "2023-07-28T12:14:36.203272Z", + "relationship_type": "indicates", + "source_ref": "indicator--10ab1574-0549-4a7f-a9ec-1dd683fddac2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--287ea4f7-77b1-49bb-91aa-1ef3c08450b0", + "created": "2023-07-28T12:14:36.203346Z", + "modified": "2023-07-28T12:14:36.203346Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='link-protection.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.203346Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--db487b30-66ce-445a-a8a9-75b323949c0c", + "created": "2023-07-28T12:14:36.203576Z", + "modified": "2023-07-28T12:14:36.203576Z", + "relationship_type": "indicates", + "source_ref": "indicator--287ea4f7-77b1-49bb-91aa-1ef3c08450b0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d43399b7-89f3-44f5-b587-b6e3feadf357", + "created": "2023-07-28T12:14:36.203651Z", + "modified": "2023-07-28T12:14:36.203651Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bitlyrs.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.203651Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a5359276-d752-4f5c-a4a5-aaeae54a425f", + "created": "2023-07-28T12:14:36.203889Z", + "modified": "2023-07-28T12:14:36.203889Z", + "relationship_type": "indicates", + "source_ref": "indicator--d43399b7-89f3-44f5-b587-b6e3feadf357", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b70aeb61-6c24-4c7b-acc9-ceb57b17851d", + "created": "2023-07-28T12:14:36.203969Z", + "modified": "2023-07-28T12:14:36.203969Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='guardnew.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.203969Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1ea50cbd-7e7c-4877-8344-9bcaff7103f5", + "created": "2023-07-28T12:14:36.204258Z", + "modified": "2023-07-28T12:14:36.204258Z", + "relationship_type": "indicates", + "source_ref": "indicator--b70aeb61-6c24-4c7b-acc9-ceb57b17851d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--153b5fbc-88e7-45da-8278-dd80e8561dbf", + "created": "2023-07-28T12:14:36.204332Z", + "modified": "2023-07-28T12:14:36.204332Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hellasjournal.company']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.204332Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b67a7e11-eb10-4394-93cd-442f66ba0d33", + "created": "2023-07-28T12:14:36.204561Z", + "modified": "2023-07-28T12:14:36.204561Z", + "relationship_type": "indicates", + "source_ref": "indicator--153b5fbc-88e7-45da-8278-dd80e8561dbf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9ec9af55-3e85-49ad-86d3-94a029a74790", + "created": "2023-07-28T12:14:36.204634Z", + "modified": "2023-07-28T12:14:36.204634Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bi.tly.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.204634Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0fd6b84e-6dc6-49c4-b3f5-2a4016098e4b", + "created": "2023-07-28T12:14:36.204868Z", + "modified": "2023-07-28T12:14:36.204868Z", + "relationship_type": "indicates", + "source_ref": "indicator--9ec9af55-3e85-49ad-86d3-94a029a74790", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a0250ecb-f5f7-4e42-9664-f4bbf45e37a6", + "created": "2023-07-28T12:14:36.204944Z", + "modified": "2023-07-28T12:14:36.204944Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='myfcbk.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.204944Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2c425cfc-d7c5-48ff-b935-ca901a4d0675", + "created": "2023-07-28T12:14:36.205175Z", + "modified": "2023-07-28T12:14:36.205175Z", + "relationship_type": "indicates", + "source_ref": "indicator--a0250ecb-f5f7-4e42-9664-f4bbf45e37a6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--411ceceb-5a79-43c2-8db4-9d18f31be217", + "created": "2023-07-28T12:14:36.205249Z", + "modified": "2023-07-28T12:14:36.205249Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bit-ly.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.205249Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a119cefe-6a4c-43c7-9e7d-edcfe5608c9a", + "created": "2023-07-28T12:14:36.20547Z", + "modified": "2023-07-28T12:14:36.20547Z", + "relationship_type": "indicates", + "source_ref": "indicator--411ceceb-5a79-43c2-8db4-9d18f31be217", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e716d31e-a4c0-4aa5-82d4-a02ad526a862", + "created": "2023-07-28T12:14:36.205543Z", + "modified": "2023-07-28T12:14:36.205543Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='connectivitycheck.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.205543Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--47f08dc5-4288-4e52-bafa-49e8be12d4a2", + "created": "2023-07-28T12:14:36.205803Z", + "modified": "2023-07-28T12:14:36.205803Z", + "relationship_type": "indicates", + "source_ref": "indicator--e716d31e-a4c0-4aa5-82d4-a02ad526a862", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1c28ee50-8efc-45cc-9d75-7182472a830d", + "created": "2023-07-28T12:14:36.205878Z", + "modified": "2023-07-28T12:14:36.205878Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='synctimestamp.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.205878Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e15075fa-26f5-473e-8f14-9382228e3bc5", + "created": "2023-07-28T12:14:36.206172Z", + "modified": "2023-07-28T12:14:36.206172Z", + "relationship_type": "indicates", + "source_ref": "indicator--1c28ee50-8efc-45cc-9d75-7182472a830d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2f0d827a-7eb6-46a0-a472-6f3032eb44c2", + "created": "2023-07-28T12:14:36.206244Z", + "modified": "2023-07-28T12:14:36.206244Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='adservices.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.206244Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c30f684d-ef7c-4e00-8b4c-4e21f19d274a", + "created": "2023-07-28T12:14:36.206498Z", + "modified": "2023-07-28T12:14:36.206498Z", + "relationship_type": "indicates", + "source_ref": "indicator--2f0d827a-7eb6-46a0-a472-6f3032eb44c2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--56de369b-e06e-4574-a406-b12976012912", + "created": "2023-07-28T12:14:36.20657Z", + "modified": "2023-07-28T12:14:36.20657Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mytrips.quest']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.20657Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--76067596-0ec5-4a26-8dfa-20789cf484ee", + "created": "2023-07-28T12:14:36.206826Z", + "modified": "2023-07-28T12:14:36.206826Z", + "relationship_type": "indicates", + "source_ref": "indicator--56de369b-e06e-4574-a406-b12976012912", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b02911a5-49c5-4aac-83fd-2432f8925fcd", + "created": "2023-07-28T12:14:36.2069Z", + "modified": "2023-07-28T12:14:36.2069Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='uservicescheck.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.2069Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d80854fd-d750-4ed2-9eae-d45f4021c198", + "created": "2023-07-28T12:14:36.207131Z", + "modified": "2023-07-28T12:14:36.207131Z", + "relationship_type": "indicates", + "source_ref": "indicator--b02911a5-49c5-4aac-83fd-2432f8925fcd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9c9720db-faa7-4094-bd40-a41ea8c2d30f", + "created": "2023-07-28T12:14:36.207202Z", + "modified": "2023-07-28T12:14:36.207202Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youarefired.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.207202Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c07ccbf6-a051-4452-bc35-2514f4e399f8", + "created": "2023-07-28T12:14:36.207452Z", + "modified": "2023-07-28T12:14:36.207452Z", + "relationship_type": "indicates", + "source_ref": "indicator--9c9720db-faa7-4094-bd40-a41ea8c2d30f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--047ec091-3d27-4f4d-8b62-8382d33c03f5", + "created": "2023-07-28T12:14:36.207525Z", + "modified": "2023-07-28T12:14:36.207525Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='goldescent.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.207525Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6b7311d0-a8ca-4e86-a347-6b75b0ae9049", + "created": "2023-07-28T12:14:36.207763Z", + "modified": "2023-07-28T12:14:36.207763Z", + "relationship_type": "indicates", + "source_ref": "indicator--047ec091-3d27-4f4d-8b62-8382d33c03f5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a9b22af9-a838-438a-8b37-590b1771d101", + "created": "2023-07-28T12:14:36.20784Z", + "modified": "2023-07-28T12:14:36.20784Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xf.actor']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.20784Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--028abfa0-2434-40ef-aeff-efdd47252834", + "created": "2023-07-28T12:14:36.208096Z", + "modified": "2023-07-28T12:14:36.208096Z", + "relationship_type": "indicates", + "source_ref": "indicator--a9b22af9-a838-438a-8b37-590b1771d101", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7f5470cc-7f72-47a0-9a73-0be7ae0f2fa7", + "created": "2023-07-28T12:14:36.20817Z", + "modified": "2023-07-28T12:14:36.20817Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bitlly.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.20817Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e1dca670-38d5-4863-9177-a4f4c42402e5", + "created": "2023-07-28T12:14:36.208396Z", + "modified": "2023-07-28T12:14:36.208396Z", + "relationship_type": "indicates", + "source_ref": "indicator--7f5470cc-7f72-47a0-9a73-0be7ae0f2fa7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1bd52725-7af0-4e35-a998-40bf880ccc8a", + "created": "2023-07-28T12:14:36.208468Z", + "modified": "2023-07-28T12:14:36.208468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='itcgr.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.208468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5df6f194-b481-4157-a5b3-77de2743715f", + "created": "2023-07-28T12:14:36.208688Z", + "modified": "2023-07-28T12:14:36.208688Z", + "relationship_type": "indicates", + "source_ref": "indicator--1bd52725-7af0-4e35-a998-40bf880ccc8a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0a732cfc-b345-4a9b-8c44-4869feb3b32d", + "created": "2023-07-28T12:14:36.208762Z", + "modified": "2023-07-28T12:14:36.208762Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='trkc.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.208762Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--be840d60-5ae6-4bbb-9f4e-eea98e25f04b", + "created": "2023-07-28T12:14:36.208984Z", + "modified": "2023-07-28T12:14:36.208984Z", + "relationship_type": "indicates", + "source_ref": "indicator--0a732cfc-b345-4a9b-8c44-4869feb3b32d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d27f69d6-33dc-4141-9b9f-d2b082f764d8", + "created": "2023-07-28T12:14:36.209057Z", + "modified": "2023-07-28T12:14:36.209057Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='linkit.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.209057Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--18de8026-bda2-4a9c-8616-552c7a7973ce", + "created": "2023-07-28T12:14:36.209347Z", + "modified": "2023-07-28T12:14:36.209347Z", + "relationship_type": "indicates", + "source_ref": "indicator--d27f69d6-33dc-4141-9b9f-d2b082f764d8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6e828fbe-f6d3-48bc-b001-241ae34ffa60", + "created": "2023-07-28T12:14:36.209419Z", + "modified": "2023-07-28T12:14:36.209419Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='blacktrail.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.209419Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5517842f-1cd7-4e52-8312-d6c81056afe5", + "created": "2023-07-28T12:14:36.20964Z", + "modified": "2023-07-28T12:14:36.20964Z", + "relationship_type": "indicates", + "source_ref": "indicator--6e828fbe-f6d3-48bc-b001-241ae34ffa60", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--43454efe-e7ff-4b8b-858d-fc643f9131d7", + "created": "2023-07-28T12:14:36.209711Z", + "modified": "2023-07-28T12:14:36.209711Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='makeitshort.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.209711Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--be3c6ace-4134-497d-a022-41b111632370", + "created": "2023-07-28T12:14:36.209929Z", + "modified": "2023-07-28T12:14:36.209929Z", + "relationship_type": "indicates", + "source_ref": "indicator--43454efe-e7ff-4b8b-858d-fc643f9131d7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e064d466-1123-4353-8530-6189910db18e", + "created": "2023-07-28T12:14:36.210001Z", + "modified": "2023-07-28T12:14:36.210001Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xnxx-hub.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.210001Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f45ec36b-73ab-48b6-b75d-6fc599587a8f", + "created": "2023-07-28T12:14:36.210224Z", + "modified": "2023-07-28T12:14:36.210224Z", + "relationship_type": "indicates", + "source_ref": "indicator--e064d466-1123-4353-8530-6189910db18e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--60427140-0c5a-4acb-8ff8-3de108169e04", + "created": "2023-07-28T12:14:36.210295Z", + "modified": "2023-07-28T12:14:36.210295Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='addons.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.210295Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e2febc39-c531-4ab4-a41d-03f82485944b", + "created": "2023-07-28T12:14:36.210516Z", + "modified": "2023-07-28T12:14:36.210516Z", + "relationship_type": "indicates", + "source_ref": "indicator--60427140-0c5a-4acb-8ff8-3de108169e04", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--42a517dc-1140-4293-88a6-55518eb4b664", + "created": "2023-07-28T12:14:36.210587Z", + "modified": "2023-07-28T12:14:36.210587Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='applepps.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.210587Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a34e9451-9898-4d89-b80d-c2ec63207d08", + "created": "2023-07-28T12:14:36.210812Z", + "modified": "2023-07-28T12:14:36.210812Z", + "relationship_type": "indicates", + "source_ref": "indicator--42a517dc-1140-4293-88a6-55518eb4b664", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d50e4957-703a-4424-90fd-5516413493df", + "created": "2023-07-28T12:14:36.210883Z", + "modified": "2023-07-28T12:14:36.210883Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wtc3333.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.210883Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d2961aa7-a4e3-4bb8-a950-618ea964198f", + "created": "2023-07-28T12:14:36.211148Z", + "modified": "2023-07-28T12:14:36.211148Z", + "relationship_type": "indicates", + "source_ref": "indicator--d50e4957-703a-4424-90fd-5516413493df", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3445e43b-c92d-47d1-9613-5e79c8675ad5", + "created": "2023-07-28T12:14:36.211219Z", + "modified": "2023-07-28T12:14:36.211219Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='alraeeenews.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.211219Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ca957e01-a7c8-4c0d-8499-19877541fd98", + "created": "2023-07-28T12:14:36.211441Z", + "modified": "2023-07-28T12:14:36.211441Z", + "relationship_type": "indicates", + "source_ref": "indicator--3445e43b-c92d-47d1-9613-5e79c8675ad5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--39a03690-3222-4180-a9eb-55fbc0c15aac", + "created": "2023-07-28T12:14:36.211513Z", + "modified": "2023-07-28T12:14:36.211513Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtu-be.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.211513Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ec5e2649-7a47-464d-a2f0-fe496b49fc2b", + "created": "2023-07-28T12:14:36.211736Z", + "modified": "2023-07-28T12:14:36.211736Z", + "relationship_type": "indicates", + "source_ref": "indicator--39a03690-3222-4180-a9eb-55fbc0c15aac", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b87b7be3-f945-4a02-8ab5-7232441b54af", + "created": "2023-07-28T12:14:36.211808Z", + "modified": "2023-07-28T12:14:36.211808Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='almasryelyuom.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.211808Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--80b17303-67e3-4ea9-ae4c-42d8f0fa0edf", + "created": "2023-07-28T12:14:36.212102Z", + "modified": "2023-07-28T12:14:36.212102Z", + "relationship_type": "indicates", + "source_ref": "indicator--b87b7be3-f945-4a02-8ab5-7232441b54af", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9e894eb6-d412-4656-8708-15b6d54cf260", + "created": "2023-07-28T12:14:36.212174Z", + "modified": "2023-07-28T12:14:36.212174Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='android-apps.tech']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.212174Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--978e072e-1c1d-4c43-b00d-2dda0356f86d", + "created": "2023-07-28T12:14:36.212401Z", + "modified": "2023-07-28T12:14:36.212401Z", + "relationship_type": "indicates", + "source_ref": "indicator--9e894eb6-d412-4656-8708-15b6d54cf260", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cb6b259c-bf67-4bc9-bbfd-15bf357d93bf", + "created": "2023-07-28T12:14:36.212473Z", + "modified": "2023-07-28T12:14:36.212473Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fisherman.engine.ninja']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.212473Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e54ffaf3-f628-4a80-8cdd-5b683a66aa50", + "created": "2023-07-28T12:14:36.212732Z", + "modified": "2023-07-28T12:14:36.212732Z", + "relationship_type": "indicates", + "source_ref": "indicator--cb6b259c-bf67-4bc9-bbfd-15bf357d93bf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5fb1faf1-84dc-4266-9ef7-21a63baa68c5", + "created": "2023-07-28T12:14:36.212804Z", + "modified": "2023-07-28T12:14:36.212804Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sitepref.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.212804Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--490950f7-1485-4b32-96b9-14339dff22d0", + "created": "2023-07-28T12:14:36.213034Z", + "modified": "2023-07-28T12:14:36.213034Z", + "relationship_type": "indicates", + "source_ref": "indicator--5fb1faf1-84dc-4266-9ef7-21a63baa68c5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--551bc015-b4be-42cb-a1d9-6c8863efce1e", + "created": "2023-07-28T12:14:36.21311Z", + "modified": "2023-07-28T12:14:36.21311Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bookjob.club']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.21311Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ec7bb184-950a-486a-b5cd-94dc907585a7", + "created": "2023-07-28T12:14:36.213331Z", + "modified": "2023-07-28T12:14:36.213331Z", + "relationship_type": "indicates", + "source_ref": "indicator--551bc015-b4be-42cb-a1d9-6c8863efce1e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0476597a-d621-4114-b551-6ae2a951cef7", + "created": "2023-07-28T12:14:36.213402Z", + "modified": "2023-07-28T12:14:36.213402Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fastuploads.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.213402Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7faed289-45c4-489a-ab93-e4e61476f7dc", + "created": "2023-07-28T12:14:36.213622Z", + "modified": "2023-07-28T12:14:36.213622Z", + "relationship_type": "indicates", + "source_ref": "indicator--0476597a-d621-4114-b551-6ae2a951cef7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f4289324-47d5-4246-84db-49b890f691f2", + "created": "2023-07-28T12:14:36.213694Z", + "modified": "2023-07-28T12:14:36.213694Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tokoulouri.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.213694Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2d515fe1-1eca-4bda-bbea-ee7282a3872d", + "created": "2023-07-28T12:14:36.213917Z", + "modified": "2023-07-28T12:14:36.213917Z", + "relationship_type": "indicates", + "source_ref": "indicator--f4289324-47d5-4246-84db-49b890f691f2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2c0e8b3b-3f63-44b2-8376-3a897f1cc14f", + "created": "2023-07-28T12:14:36.213988Z", + "modified": "2023-07-28T12:14:36.213988Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='servers-mobile.info']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.213988Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6fa961e9-afc2-43e2-ab11-0b8e1d8d263a", + "created": "2023-07-28T12:14:36.214213Z", + "modified": "2023-07-28T12:14:36.214213Z", + "relationship_type": "indicates", + "source_ref": "indicator--2c0e8b3b-3f63-44b2-8376-3a897f1cc14f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ed7b7dc9-a580-4f8c-b5b3-77c4db73bc46", + "created": "2023-07-28T12:14:36.214284Z", + "modified": "2023-07-28T12:14:36.214284Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='smsuns.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.214284Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6c7bfdc2-2e3f-4922-b4ee-8ee5afa99c81", + "created": "2023-07-28T12:14:36.214506Z", + "modified": "2023-07-28T12:14:36.214506Z", + "relationship_type": "indicates", + "source_ref": "indicator--ed7b7dc9-a580-4f8c-b5b3-77c4db73bc46", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e9338fed-5c6b-49ba-b231-f09a73e87d04", + "created": "2023-07-28T12:14:36.214578Z", + "modified": "2023-07-28T12:14:36.214578Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tgrthgsrgwrthwrtgwr.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.214578Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--06dc4b36-9da7-4b23-81d2-97183eaf8a8c", + "created": "2023-07-28T12:14:36.214808Z", + "modified": "2023-07-28T12:14:36.214808Z", + "relationship_type": "indicates", + "source_ref": "indicator--e9338fed-5c6b-49ba-b231-f09a73e87d04", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fb982ff2-05ca-4987-9201-20c6d411abc3", + "created": "2023-07-28T12:14:36.214879Z", + "modified": "2023-07-28T12:14:36.214879Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xyvok.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.214879Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8e92ba66-a722-4afb-a88c-1f3d69ae86c3", + "created": "2023-07-28T12:14:36.215157Z", + "modified": "2023-07-28T12:14:36.215157Z", + "relationship_type": "indicates", + "source_ref": "indicator--fb982ff2-05ca-4987-9201-20c6d411abc3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d0efc995-3cfb-4556-9733-42db88b104d3", + "created": "2023-07-28T12:14:36.215228Z", + "modified": "2023-07-28T12:14:36.215228Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kormoran.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.215228Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--897c8d7d-b8e5-4dd2-8f7b-d731b1fc918a", + "created": "2023-07-28T12:14:36.215474Z", + "modified": "2023-07-28T12:14:36.215474Z", + "relationship_type": "indicates", + "source_ref": "indicator--d0efc995-3cfb-4556-9733-42db88b104d3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cf1f7f02-976d-4dc3-961c-a385101debc9", + "created": "2023-07-28T12:14:36.215546Z", + "modified": "2023-07-28T12:14:36.215546Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bit-li.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.215546Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b629243c-4af7-47f8-bc9c-0a956e884976", + "created": "2023-07-28T12:14:36.215769Z", + "modified": "2023-07-28T12:14:36.215769Z", + "relationship_type": "indicates", + "source_ref": "indicator--cf1f7f02-976d-4dc3-961c-a385101debc9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--93224e95-6af4-4854-b9fc-489872ef6bd2", + "created": "2023-07-28T12:14:36.215842Z", + "modified": "2023-07-28T12:14:36.215842Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tesla-s.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.215842Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4c0a5a85-224d-42c0-904c-6460a3b19e10", + "created": "2023-07-28T12:14:36.216062Z", + "modified": "2023-07-28T12:14:36.216062Z", + "relationship_type": "indicates", + "source_ref": "indicator--93224e95-6af4-4854-b9fc-489872ef6bd2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1b2daf01-7c0d-4fe3-a073-4c8394065643", + "created": "2023-07-28T12:14:36.216139Z", + "modified": "2023-07-28T12:14:36.216139Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ebill.cosmote.center']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.216139Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--85880fca-9829-471a-b7cb-50c10668252b", + "created": "2023-07-28T12:14:36.216393Z", + "modified": "2023-07-28T12:14:36.216393Z", + "relationship_type": "indicates", + "source_ref": "indicator--1b2daf01-7c0d-4fe3-a073-4c8394065643", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--decd86c0-8e05-44c3-9c6e-d8bbcf127703", + "created": "2023-07-28T12:14:36.216465Z", + "modified": "2023-07-28T12:14:36.216465Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lubentv.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.216465Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d5af7c62-7b25-4bf7-afe0-1ec90a796930", + "created": "2023-07-28T12:14:36.216691Z", + "modified": "2023-07-28T12:14:36.216691Z", + "relationship_type": "indicates", + "source_ref": "indicator--decd86c0-8e05-44c3-9c6e-d8bbcf127703", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c4f550e1-74cf-47a1-9669-7a452b86ce44", + "created": "2023-07-28T12:14:36.216766Z", + "modified": "2023-07-28T12:14:36.216766Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nassosblog.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.216766Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f60ea644-6a7f-4d25-a468-7c6b64e1e1e0", + "created": "2023-07-28T12:14:36.217021Z", + "modified": "2023-07-28T12:14:36.217021Z", + "relationship_type": "indicates", + "source_ref": "indicator--c4f550e1-74cf-47a1-9669-7a452b86ce44", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8232a6c9-bac1-43d3-9b62-3f667d1c78de", + "created": "2023-07-28T12:14:36.217094Z", + "modified": "2023-07-28T12:14:36.217094Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='eg-gov.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.217094Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ccf82730-9c3b-443d-b5fc-9dc329bd05b1", + "created": "2023-07-28T12:14:36.217314Z", + "modified": "2023-07-28T12:14:36.217314Z", + "relationship_type": "indicates", + "source_ref": "indicator--8232a6c9-bac1-43d3-9b62-3f667d1c78de", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--18a77173-efc7-4c92-920d-5c2b724ac5ce", + "created": "2023-07-28T12:14:36.217384Z", + "modified": "2023-07-28T12:14:36.217384Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='serviceupdaterequest.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.217384Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--27c42845-ec1e-423e-aa4c-8a17a7a76878", + "created": "2023-07-28T12:14:36.217613Z", + "modified": "2023-07-28T12:14:36.217613Z", + "relationship_type": "indicates", + "source_ref": "indicator--18a77173-efc7-4c92-920d-5c2b724ac5ce", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a5fecf25-3ed6-424a-8674-61999ce51014", + "created": "2023-07-28T12:14:36.217684Z", + "modified": "2023-07-28T12:14:36.217684Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='efsyn.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.217684Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--609007de-698d-4e8c-a871-af03b519ff37", + "created": "2023-07-28T12:14:36.218242Z", + "modified": "2023-07-28T12:14:36.218242Z", + "relationship_type": "indicates", + "source_ref": "indicator--a5fecf25-3ed6-424a-8674-61999ce51014", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9ac0d56c-66be-4d19-80c6-cbb5ebff506c", + "created": "2023-07-28T12:14:36.218321Z", + "modified": "2023-07-28T12:14:36.218321Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='engine.ninja']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.218321Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da01e6ff-9c84-45c9-955e-664a6ba9f287", + "created": "2023-07-28T12:14:36.218557Z", + "modified": "2023-07-28T12:14:36.218557Z", + "relationship_type": "indicates", + "source_ref": "indicator--9ac0d56c-66be-4d19-80c6-cbb5ebff506c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--251a7029-d4f6-4ed0-9ba0-054dbb316188", + "created": "2023-07-28T12:14:36.218634Z", + "modified": "2023-07-28T12:14:36.218634Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bumabara.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.218634Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c35bba97-4ea1-4304-8f65-00b1aa202cdf", + "created": "2023-07-28T12:14:36.218856Z", + "modified": "2023-07-28T12:14:36.218856Z", + "relationship_type": "indicates", + "source_ref": "indicator--251a7029-d4f6-4ed0-9ba0-054dbb316188", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--23254e38-6687-4450-b1f7-121e3411a3cb", + "created": "2023-07-28T12:14:36.218928Z", + "modified": "2023-07-28T12:14:36.218928Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='connectivitycheck.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.218928Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9cfeb6fd-6628-461e-bfac-60fe55bf1692", + "created": "2023-07-28T12:14:36.219157Z", + "modified": "2023-07-28T12:14:36.219157Z", + "relationship_type": "indicates", + "source_ref": "indicator--23254e38-6687-4450-b1f7-121e3411a3cb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c4ad57a4-8c28-456e-ada7-93d4a5256764", + "created": "2023-07-28T12:14:36.219231Z", + "modified": "2023-07-28T12:14:36.219231Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='guardnews.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.219231Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2c12fb20-75c0-4bce-a72e-e2a9bd4f496a", + "created": "2023-07-28T12:14:36.219456Z", + "modified": "2023-07-28T12:14:36.219456Z", + "relationship_type": "indicates", + "source_ref": "indicator--c4ad57a4-8c28-456e-ada7-93d4a5256764", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--17213445-6e4a-487c-9390-059ee53bab15", + "created": "2023-07-28T12:14:36.219528Z", + "modified": "2023-07-28T12:14:36.219528Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='enigmase.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.219528Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0ad8d5dd-f912-47dd-8008-86bdce0fb86e", + "created": "2023-07-28T12:14:36.219749Z", + "modified": "2023-07-28T12:14:36.219749Z", + "relationship_type": "indicates", + "source_ref": "indicator--17213445-6e4a-487c-9390-059ee53bab15", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6a8a14f1-8689-4764-b98d-89bc236a8c6f", + "created": "2023-07-28T12:14:36.219821Z", + "modified": "2023-07-28T12:14:36.219821Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='carrefourmisr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.219821Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f6b3bb3c-f7e4-405e-9567-5bc64179e221", + "created": "2023-07-28T12:14:36.220044Z", + "modified": "2023-07-28T12:14:36.220044Z", + "relationship_type": "indicates", + "source_ref": "indicator--6a8a14f1-8689-4764-b98d-89bc236a8c6f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9cf06ac4-7c2a-4146-a7d9-be5feaf386a6", + "created": "2023-07-28T12:14:36.220116Z", + "modified": "2023-07-28T12:14:36.220116Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yuom7.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.220116Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dd18f0f8-f468-4c2a-bbbc-b0d177ee5da7", + "created": "2023-07-28T12:14:36.22037Z", + "modified": "2023-07-28T12:14:36.22037Z", + "relationship_type": "indicates", + "source_ref": "indicator--9cf06ac4-7c2a-4146-a7d9-be5feaf386a6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c828d88a-8c93-41ff-95e7-c2accd810e75", + "created": "2023-07-28T12:14:36.220448Z", + "modified": "2023-07-28T12:14:36.220448Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mobnetlink3.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.220448Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--92c471f6-4895-49cc-ac41-435330b32c97", + "created": "2023-07-28T12:14:36.220671Z", + "modified": "2023-07-28T12:14:36.220671Z", + "relationship_type": "indicates", + "source_ref": "indicator--c828d88a-8c93-41ff-95e7-c2accd810e75", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--37cc8152-1485-4850-9dc5-ed246d2ba9cb", + "created": "2023-07-28T12:14:36.220744Z", + "modified": "2023-07-28T12:14:36.220744Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='url-tiny.app']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.220744Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ab3d9c5f-fffd-46c0-86d6-e09957672a8f", + "created": "2023-07-28T12:14:36.220968Z", + "modified": "2023-07-28T12:14:36.220968Z", + "relationship_type": "indicates", + "source_ref": "indicator--37cc8152-1485-4850-9dc5-ed246d2ba9cb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--82bd0ac4-5e25-4b7c-93c6-3e3db2870b85", + "created": "2023-07-28T12:14:36.22104Z", + "modified": "2023-07-28T12:14:36.22104Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yout.ube.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.22104Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2c3d6975-2e92-4bef-a240-8b312a1157c5", + "created": "2023-07-28T12:14:36.221327Z", + "modified": "2023-07-28T12:14:36.221327Z", + "relationship_type": "indicates", + "source_ref": "indicator--82bd0ac4-5e25-4b7c-93c6-3e3db2870b85", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ce9c87af-ffad-43af-bc0b-ce0e035c8bd6", + "created": "2023-07-28T12:14:36.221399Z", + "modified": "2023-07-28T12:14:36.221399Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='newslive2.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.221399Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5de517e3-0b15-4b04-a865-f218b70831c5", + "created": "2023-07-28T12:14:36.221646Z", + "modified": "2023-07-28T12:14:36.221646Z", + "relationship_type": "indicates", + "source_ref": "indicator--ce9c87af-ffad-43af-bc0b-ce0e035c8bd6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6aa369f7-8d7b-407b-b47b-a5b7907d78e7", + "created": "2023-07-28T12:14:36.22172Z", + "modified": "2023-07-28T12:14:36.22172Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='telecomegy-ads.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.22172Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--27502113-513d-48d7-a876-7e3966a9aa6f", + "created": "2023-07-28T12:14:36.221951Z", + "modified": "2023-07-28T12:14:36.221951Z", + "relationship_type": "indicates", + "source_ref": "indicator--6aa369f7-8d7b-407b-b47b-a5b7907d78e7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--53d70600-1828-4e6f-873c-42ce27598989", + "created": "2023-07-28T12:14:36.222024Z", + "modified": "2023-07-28T12:14:36.222024Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='getsignalapps.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.222024Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ddf88e8b-3361-4f12-9b75-0e1d7060f27c", + "created": "2023-07-28T12:14:36.222248Z", + "modified": "2023-07-28T12:14:36.222248Z", + "relationship_type": "indicates", + "source_ref": "indicator--53d70600-1828-4e6f-873c-42ce27598989", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--da38c5c9-34d0-4b0f-b1fb-3046d8516dfd", + "created": "2023-07-28T12:14:36.222321Z", + "modified": "2023-07-28T12:14:36.222321Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ffoxnewz.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.222321Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--81bdb7d6-7759-4814-ac3d-2bcce959742a", + "created": "2023-07-28T12:14:36.222543Z", + "modified": "2023-07-28T12:14:36.222543Z", + "relationship_type": "indicates", + "source_ref": "indicator--da38c5c9-34d0-4b0f-b1fb-3046d8516dfd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0d08051c-bd4b-4ec8-98c7-836c09ed5109", + "created": "2023-07-28T12:14:36.222614Z", + "modified": "2023-07-28T12:14:36.222614Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='orchomenos.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.222614Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--10729181-c452-4e10-b230-2a0cc3e0b60e", + "created": "2023-07-28T12:14:36.222861Z", + "modified": "2023-07-28T12:14:36.222861Z", + "relationship_type": "indicates", + "source_ref": "indicator--0d08051c-bd4b-4ec8-98c7-836c09ed5109", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9e3be30b-65e8-4ed7-8786-201461c4b018", + "created": "2023-07-28T12:14:36.222932Z", + "modified": "2023-07-28T12:14:36.222932Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mlinks.ws']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.222932Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--89a37959-e328-49ac-b576-8fa774c04c1e", + "created": "2023-07-28T12:14:36.223149Z", + "modified": "2023-07-28T12:14:36.223149Z", + "relationship_type": "indicates", + "source_ref": "indicator--9e3be30b-65e8-4ed7-8786-201461c4b018", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cb0f0cb5-0232-43e5-8875-e6f15c340ad6", + "created": "2023-07-28T12:14:36.223221Z", + "modified": "2023-07-28T12:14:36.223221Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='covid19masks.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.223221Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5a8345f5-7466-499c-b12b-06f9c865cbc3", + "created": "2023-07-28T12:14:36.22348Z", + "modified": "2023-07-28T12:14:36.22348Z", + "relationship_type": "indicates", + "source_ref": "indicator--cb0f0cb5-0232-43e5-8875-e6f15c340ad6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--14e00a06-3a94-4811-9154-0127ca1efe19", + "created": "2023-07-28T12:14:36.223561Z", + "modified": "2023-07-28T12:14:36.223561Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mitube1.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.223561Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f6173dae-e1ae-4c5f-9b6e-33bbd6a7bb20", + "created": "2023-07-28T12:14:36.223793Z", + "modified": "2023-07-28T12:14:36.223793Z", + "relationship_type": "indicates", + "source_ref": "indicator--14e00a06-3a94-4811-9154-0127ca1efe19", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f64d7720-a97e-4082-938e-af0589fa1c38", + "created": "2023-07-28T12:14:36.223869Z", + "modified": "2023-07-28T12:14:36.223869Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tw.itter.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.223869Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6c8c6660-c142-4846-a683-ed74f13acd03", + "created": "2023-07-28T12:14:36.224152Z", + "modified": "2023-07-28T12:14:36.224152Z", + "relationship_type": "indicates", + "source_ref": "indicator--f64d7720-a97e-4082-938e-af0589fa1c38", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ed09003a-6584-4f97-97df-a6e35f57a979", + "created": "2023-07-28T12:14:36.224225Z", + "modified": "2023-07-28T12:14:36.224225Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='msas.ws']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.224225Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bb8d6286-8147-4ceb-9bd2-c8ec0898dd9b", + "created": "2023-07-28T12:14:36.224451Z", + "modified": "2023-07-28T12:14:36.224451Z", + "relationship_type": "indicates", + "source_ref": "indicator--ed09003a-6584-4f97-97df-a6e35f57a979", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--294a818d-8f75-4b58-8323-041290d928b7", + "created": "2023-07-28T12:14:36.22453Z", + "modified": "2023-07-28T12:14:36.22453Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='supportset.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.22453Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8db7048e-fe6a-44f5-82ea-5f7d63204583", + "created": "2023-07-28T12:14:36.22475Z", + "modified": "2023-07-28T12:14:36.22475Z", + "relationship_type": "indicates", + "source_ref": "indicator--294a818d-8f75-4b58-8323-041290d928b7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c10e0bfe-d6d6-45bc-9824-bbbe9711611e", + "created": "2023-07-28T12:14:36.224822Z", + "modified": "2023-07-28T12:14:36.224822Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shortmee.one']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.224822Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c0a651f2-cc86-4c73-922a-c224764a2153", + "created": "2023-07-28T12:14:36.225044Z", + "modified": "2023-07-28T12:14:36.225044Z", + "relationship_type": "indicates", + "source_ref": "indicator--c10e0bfe-d6d6-45bc-9824-bbbe9711611e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fc039c21-7489-449e-8e77-f7d35b29c32c", + "created": "2023-07-28T12:14:36.225115Z", + "modified": "2023-07-28T12:14:36.225115Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='insurance.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.225115Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ea42c56f-3e11-4bd9-ba6c-86bace881b85", + "created": "2023-07-28T12:14:36.225337Z", + "modified": "2023-07-28T12:14:36.225337Z", + "relationship_type": "indicates", + "source_ref": "indicator--fc039c21-7489-449e-8e77-f7d35b29c32c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2a16680a-88a6-46e4-96cc-693b6f5cacc8", + "created": "2023-07-28T12:14:36.225409Z", + "modified": "2023-07-28T12:14:36.225409Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='invoker.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.225409Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4dcd1963-4c3e-4fd8-8a20-bac11b67c67c", + "created": "2023-07-28T12:14:36.22564Z", + "modified": "2023-07-28T12:14:36.22564Z", + "relationship_type": "indicates", + "source_ref": "indicator--2a16680a-88a6-46e4-96cc-693b6f5cacc8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d5398a57-a3be-4204-8067-621cd7848068", + "created": "2023-07-28T12:14:36.225711Z", + "modified": "2023-07-28T12:14:36.225711Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bitlinkin.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.225711Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--87511ba3-4f27-45cf-8c61-c3af3afb8969", + "created": "2023-07-28T12:14:36.225954Z", + "modified": "2023-07-28T12:14:36.225954Z", + "relationship_type": "indicates", + "source_ref": "indicator--d5398a57-a3be-4204-8067-621cd7848068", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e2d19389-984d-4035-bc9c-633d4ba9559d", + "created": "2023-07-28T12:14:36.226026Z", + "modified": "2023-07-28T12:14:36.226026Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='localegem.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.226026Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8539b2cc-48f0-4d03-9d29-12077b26e7ea", + "created": "2023-07-28T12:14:36.226248Z", + "modified": "2023-07-28T12:14:36.226248Z", + "relationship_type": "indicates", + "source_ref": "indicator--e2d19389-984d-4035-bc9c-633d4ba9559d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d6e0bf2b-714e-4f1a-b91b-90d358258b54", + "created": "2023-07-28T12:14:36.226322Z", + "modified": "2023-07-28T12:14:36.226322Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='gosokm.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.226322Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e9c08598-4e22-40e5-aecf-219b818ef35a", + "created": "2023-07-28T12:14:36.22654Z", + "modified": "2023-07-28T12:14:36.22654Z", + "relationship_type": "indicates", + "source_ref": "indicator--d6e0bf2b-714e-4f1a-b91b-90d358258b54", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1d3b183e-5f96-4d8d-8abb-78741e59370a", + "created": "2023-07-28T12:14:36.226612Z", + "modified": "2023-07-28T12:14:36.226612Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='instagam.click']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.226612Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5f22c655-1ab1-4c97-b544-18d05a32d14c", + "created": "2023-07-28T12:14:36.226837Z", + "modified": "2023-07-28T12:14:36.226837Z", + "relationship_type": "indicates", + "source_ref": "indicator--1d3b183e-5f96-4d8d-8abb-78741e59370a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fcf22527-6e2c-4ee6-ba9c-7865130832ce", + "created": "2023-07-28T12:14:36.226909Z", + "modified": "2023-07-28T12:14:36.226909Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yallakora-egy.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.226909Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--23e0c094-ac02-41cf-93b2-9be5e6810665", + "created": "2023-07-28T12:14:36.227193Z", + "modified": "2023-07-28T12:14:36.227193Z", + "relationship_type": "indicates", + "source_ref": "indicator--fcf22527-6e2c-4ee6-ba9c-7865130832ce", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9dd4cc8e-c050-4031-9b0e-779c74c71b4d", + "created": "2023-07-28T12:14:36.227265Z", + "modified": "2023-07-28T12:14:36.227265Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='uberegypt.cn.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.227265Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--627cc945-57dd-46ff-9186-4cae3b5afd16", + "created": "2023-07-28T12:14:36.227489Z", + "modified": "2023-07-28T12:14:36.227489Z", + "relationship_type": "indicates", + "source_ref": "indicator--9dd4cc8e-c050-4031-9b0e-779c74c71b4d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bdb2c1df-51a1-4a9a-b132-e1246a90b805", + "created": "2023-07-28T12:14:36.227559Z", + "modified": "2023-07-28T12:14:36.227559Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='instagam.photos']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.227559Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1166bd36-d71c-4c9e-acbb-03ff6522ea7f", + "created": "2023-07-28T12:14:36.227779Z", + "modified": "2023-07-28T12:14:36.227779Z", + "relationship_type": "indicates", + "source_ref": "indicator--bdb2c1df-51a1-4a9a-b132-e1246a90b805", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--594e08d8-a32c-45d0-92d3-bdb4e3761f62", + "created": "2023-07-28T12:14:36.22785Z", + "modified": "2023-07-28T12:14:36.22785Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='in-politics.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.22785Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cf69a774-97cd-42d9-925a-b2b7fd785bcb", + "created": "2023-07-28T12:14:36.22807Z", + "modified": "2023-07-28T12:14:36.22807Z", + "relationship_type": "indicates", + "source_ref": "indicator--594e08d8-a32c-45d0-92d3-bdb4e3761f62", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0a7ffaa2-8520-4e80-b599-713a0fd06a5c", + "created": "2023-07-28T12:14:36.228141Z", + "modified": "2023-07-28T12:14:36.228141Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='goldenscint.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.228141Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a2d6acd8-3966-48dc-96b5-ec2f49b4eed3", + "created": "2023-07-28T12:14:36.228367Z", + "modified": "2023-07-28T12:14:36.228367Z", + "relationship_type": "indicates", + "source_ref": "indicator--0a7ffaa2-8520-4e80-b599-713a0fd06a5c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2a6cbe82-64fc-4fb1-9b01-864f0d4da6c9", + "created": "2023-07-28T12:14:36.228439Z", + "modified": "2023-07-28T12:14:36.228439Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='aramexegypt.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.228439Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0cd08cbb-88e9-4301-97a1-28ee6aea16e3", + "created": "2023-07-28T12:14:36.228663Z", + "modified": "2023-07-28T12:14:36.228663Z", + "relationship_type": "indicates", + "source_ref": "indicator--2a6cbe82-64fc-4fb1-9b01-864f0d4da6c9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--94e68935-bd26-4193-a2b9-bec2ba9d9ea2", + "created": "2023-07-28T12:14:36.228739Z", + "modified": "2023-07-28T12:14:36.228739Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtub.app']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.228739Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--473af87a-77e4-4e0a-8723-5c23c8a15dc2", + "created": "2023-07-28T12:14:36.228967Z", + "modified": "2023-07-28T12:14:36.228967Z", + "relationship_type": "indicates", + "source_ref": "indicator--94e68935-bd26-4193-a2b9-bec2ba9d9ea2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2f0e17e8-c649-4f7b-b103-4a9c4a6428a8", + "created": "2023-07-28T12:14:36.229043Z", + "modified": "2023-07-28T12:14:36.229043Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='conlnk.one']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.229043Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--75ef9e92-df48-4c29-82bc-f972e7ded235", + "created": "2023-07-28T12:14:36.229266Z", + "modified": "2023-07-28T12:14:36.229266Z", + "relationship_type": "indicates", + "source_ref": "indicator--2f0e17e8-c649-4f7b-b103-4a9c4a6428a8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ac6a0131-a525-4589-b66d-1f299fd486a0", + "created": "2023-07-28T12:14:36.229337Z", + "modified": "2023-07-28T12:14:36.229337Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='egyqaz.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.229337Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f56bf684-7e04-485c-a53d-f2b1ad137440", + "created": "2023-07-28T12:14:36.229556Z", + "modified": "2023-07-28T12:14:36.229556Z", + "relationship_type": "indicates", + "source_ref": "indicator--ac6a0131-a525-4589-b66d-1f299fd486a0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ee9100a0-3dce-46a1-8fe4-25dd35406afc", + "created": "2023-07-28T12:14:36.229627Z", + "modified": "2023-07-28T12:14:36.229627Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tsrt.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.229627Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7b39b4f7-036a-4156-b236-2d946ee336b2", + "created": "2023-07-28T12:14:36.229908Z", + "modified": "2023-07-28T12:14:36.229908Z", + "relationship_type": "indicates", + "source_ref": "indicator--ee9100a0-3dce-46a1-8fe4-25dd35406afc", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7d2d1970-a2cc-486c-abb5-48a58920790e", + "created": "2023-07-28T12:14:36.22998Z", + "modified": "2023-07-28T12:14:36.22998Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='flexipagez.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.22998Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5e976a3d-f5b4-47f3-9332-b0b1753da99c", + "created": "2023-07-28T12:14:36.230206Z", + "modified": "2023-07-28T12:14:36.230206Z", + "relationship_type": "indicates", + "source_ref": "indicator--7d2d1970-a2cc-486c-abb5-48a58920790e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--55b573a4-7a92-456b-ae61-befb79214772", + "created": "2023-07-28T12:14:36.230279Z", + "modified": "2023-07-28T12:14:36.230279Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nemshi-news.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.230279Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f2de300c-9573-4c65-b50e-b082f1497e7d", + "created": "2023-07-28T12:14:36.2305Z", + "modified": "2023-07-28T12:14:36.2305Z", + "relationship_type": "indicates", + "source_ref": "indicator--55b573a4-7a92-456b-ae61-befb79214772", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6ded9f8d-bfe2-419c-8286-3fd063bea8c5", + "created": "2023-07-28T12:14:36.230571Z", + "modified": "2023-07-28T12:14:36.230571Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='olexegy.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.230571Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e9a936b9-13e0-44d2-afdd-aaa8fd230171", + "created": "2023-07-28T12:14:36.230791Z", + "modified": "2023-07-28T12:14:36.230791Z", + "relationship_type": "indicates", + "source_ref": "indicator--6ded9f8d-bfe2-419c-8286-3fd063bea8c5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a1aadedf-7915-46b3-9367-3d1e004e1bc8", + "created": "2023-07-28T12:14:36.230861Z", + "modified": "2023-07-28T12:14:36.230861Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kranos.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.230861Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d0b556aa-1638-41e5-982a-1383dcde3002", + "created": "2023-07-28T12:14:36.23108Z", + "modified": "2023-07-28T12:14:36.23108Z", + "relationship_type": "indicates", + "source_ref": "indicator--a1aadedf-7915-46b3-9367-3d1e004e1bc8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ae56c722-7800-4192-a57d-f0e204dcf9d2", + "created": "2023-07-28T12:14:36.23115Z", + "modified": "2023-07-28T12:14:36.23115Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='clockupdate.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23115Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e935834e-6871-491f-80c5-6f8015f7d505", + "created": "2023-07-28T12:14:36.231377Z", + "modified": "2023-07-28T12:14:36.231377Z", + "relationship_type": "indicates", + "source_ref": "indicator--ae56c722-7800-4192-a57d-f0e204dcf9d2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a27f85a8-e23f-4550-a3a8-33554db643bd", + "created": "2023-07-28T12:14:36.231448Z", + "modified": "2023-07-28T12:14:36.231448Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cnn.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.231448Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--40a293ab-a353-45ec-bff1-407e5e482be6", + "created": "2023-07-28T12:14:36.231671Z", + "modified": "2023-07-28T12:14:36.231671Z", + "relationship_type": "indicates", + "source_ref": "indicator--a27f85a8-e23f-4550-a3a8-33554db643bd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c096ccf1-cda3-42a5-b7d3-e78215e7715c", + "created": "2023-07-28T12:14:36.231742Z", + "modified": "2023-07-28T12:14:36.231742Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nissan.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.231742Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--223cc955-5113-4230-964d-8278c929cda7", + "created": "2023-07-28T12:14:36.231962Z", + "modified": "2023-07-28T12:14:36.231962Z", + "relationship_type": "indicates", + "source_ref": "indicator--c096ccf1-cda3-42a5-b7d3-e78215e7715c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--900f14bf-bb5a-44ca-8213-b5a55eb4f49d", + "created": "2023-07-28T12:14:36.232033Z", + "modified": "2023-07-28T12:14:36.232033Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='worldnws.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.232033Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--11e964ee-31c6-4ce1-a438-60ce33a1f5de", + "created": "2023-07-28T12:14:36.232255Z", + "modified": "2023-07-28T12:14:36.232255Z", + "relationship_type": "indicates", + "source_ref": "indicator--900f14bf-bb5a-44ca-8213-b5a55eb4f49d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c3d79302-eaa0-4ed2-8b9d-8b0464a44513", + "created": "2023-07-28T12:14:36.232326Z", + "modified": "2023-07-28T12:14:36.232326Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='zougla.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.232326Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--80d319cf-dda6-4631-9ac5-d974ccb183d0", + "created": "2023-07-28T12:14:36.23255Z", + "modified": "2023-07-28T12:14:36.23255Z", + "relationship_type": "indicates", + "source_ref": "indicator--c3d79302-eaa0-4ed2-8b9d-8b0464a44513", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e1e1a342-0716-44fc-858a-b6de68e0ab1f", + "created": "2023-07-28T12:14:36.232621Z", + "modified": "2023-07-28T12:14:36.232621Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ios-apps.store']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.232621Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ed39a259-a963-48cd-bcbb-16769c1196c1", + "created": "2023-07-28T12:14:36.232905Z", + "modified": "2023-07-28T12:14:36.232905Z", + "relationship_type": "indicates", + "source_ref": "indicator--e1e1a342-0716-44fc-858a-b6de68e0ab1f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5df9ca70-4d16-4e46-9ac9-3b8095dbf9d4", + "created": "2023-07-28T12:14:36.232978Z", + "modified": "2023-07-28T12:14:36.232978Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='alraeesnews.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.232978Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da060418-6b7a-4abf-8201-09c443590508", + "created": "2023-07-28T12:14:36.233197Z", + "modified": "2023-07-28T12:14:36.233197Z", + "relationship_type": "indicates", + "source_ref": "indicator--5df9ca70-4d16-4e46-9ac9-3b8095dbf9d4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e4e4c756-c064-4aa8-8733-3fdfedc6d3cf", + "created": "2023-07-28T12:14:36.233269Z", + "modified": "2023-07-28T12:14:36.233269Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='icloudflair.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.233269Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--32c06e3d-3be8-4907-b00a-2453c4eb341b", + "created": "2023-07-28T12:14:36.23349Z", + "modified": "2023-07-28T12:14:36.23349Z", + "relationship_type": "indicates", + "source_ref": "indicator--e4e4c756-c064-4aa8-8733-3fdfedc6d3cf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--333c3e54-7004-4096-be2c-50dd40931944", + "created": "2023-07-28T12:14:36.23356Z", + "modified": "2023-07-28T12:14:36.23356Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='landingpge.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23356Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--98fb8ae9-6293-489d-bfd6-ddce82e3c737", + "created": "2023-07-28T12:14:36.233781Z", + "modified": "2023-07-28T12:14:36.233781Z", + "relationship_type": "indicates", + "source_ref": "indicator--333c3e54-7004-4096-be2c-50dd40931944", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c07be1c7-8150-49a7-8487-f10b3aade526", + "created": "2023-07-28T12:14:36.233854Z", + "modified": "2023-07-28T12:14:36.233854Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='limk.one']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.233854Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--75adf364-6e0a-4f74-a747-3354d56be50e", + "created": "2023-07-28T12:14:36.234068Z", + "modified": "2023-07-28T12:14:36.234068Z", + "relationship_type": "indicates", + "source_ref": "indicator--c07be1c7-8150-49a7-8487-f10b3aade526", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f67041a4-705f-4736-aa4f-56288b1efc3b", + "created": "2023-07-28T12:14:36.23414Z", + "modified": "2023-07-28T12:14:36.23414Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='browsercheck.services']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23414Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cc4ec4a5-ecd9-4bd7-8822-0ba61937757d", + "created": "2023-07-28T12:14:36.234372Z", + "modified": "2023-07-28T12:14:36.234372Z", + "relationship_type": "indicates", + "source_ref": "indicator--f67041a4-705f-4736-aa4f-56288b1efc3b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c7f5b17f-e061-42d4-886e-d9d1c3484bf0", + "created": "2023-07-28T12:14:36.234448Z", + "modified": "2023-07-28T12:14:36.234448Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='alpineai.uk']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.234448Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--49e07075-e570-47ef-a5e9-b428b4c90edd", + "created": "2023-07-28T12:14:36.23467Z", + "modified": "2023-07-28T12:14:36.23467Z", + "relationship_type": "indicates", + "source_ref": "indicator--c7f5b17f-e061-42d4-886e-d9d1c3484bf0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--25864931-1bf3-4bae-a221-67732a2ba41d", + "created": "2023-07-28T12:14:36.234741Z", + "modified": "2023-07-28T12:14:36.234741Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='onlineservices.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.234741Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d83f4db3-44cc-4996-823f-40d816f0267d", + "created": "2023-07-28T12:14:36.234964Z", + "modified": "2023-07-28T12:14:36.234964Z", + "relationship_type": "indicates", + "source_ref": "indicator--25864931-1bf3-4bae-a221-67732a2ba41d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ed937024-512d-4c62-a0e3-9b53219e6f6c", + "created": "2023-07-28T12:14:36.235036Z", + "modified": "2023-07-28T12:14:36.235036Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lexpress.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.235036Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--313b1674-29b2-456b-a035-ef15c88175ec", + "created": "2023-07-28T12:14:36.235258Z", + "modified": "2023-07-28T12:14:36.235258Z", + "relationship_type": "indicates", + "source_ref": "indicator--ed937024-512d-4c62-a0e3-9b53219e6f6c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6e8198d3-cf82-4de3-a93b-343fd78b0d81", + "created": "2023-07-28T12:14:36.23533Z", + "modified": "2023-07-28T12:14:36.23533Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='politika.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23533Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3546b393-d184-42ae-8cec-89ed064fd07d", + "created": "2023-07-28T12:14:36.235612Z", + "modified": "2023-07-28T12:14:36.235612Z", + "relationship_type": "indicates", + "source_ref": "indicator--6e8198d3-cf82-4de3-a93b-343fd78b0d81", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f1ac7801-cee6-40da-8e15-f743974e2d1f", + "created": "2023-07-28T12:14:36.235684Z", + "modified": "2023-07-28T12:14:36.235684Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='live24.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.235684Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3d7edab1-d882-4b24-817a-1b27d975af1e", + "created": "2023-07-28T12:14:36.235938Z", + "modified": "2023-07-28T12:14:36.235938Z", + "relationship_type": "indicates", + "source_ref": "indicator--f1ac7801-cee6-40da-8e15-f743974e2d1f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2a4ccfcb-2ab9-4f22-a45a-9d3cbfc5e6e4", + "created": "2023-07-28T12:14:36.23601Z", + "modified": "2023-07-28T12:14:36.23601Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wha.tsapp.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23601Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bcd90162-d430-4965-9297-dc849b174a2f", + "created": "2023-07-28T12:14:36.236233Z", + "modified": "2023-07-28T12:14:36.236233Z", + "relationship_type": "indicates", + "source_ref": "indicator--2a4ccfcb-2ab9-4f22-a45a-9d3cbfc5e6e4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f77b3f78-ef51-425a-a541-d02d4f00160d", + "created": "2023-07-28T12:14:36.236303Z", + "modified": "2023-07-28T12:14:36.236303Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='proupload.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.236303Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--db340224-53dd-4448-9abb-f845644091f5", + "created": "2023-07-28T12:14:36.236525Z", + "modified": "2023-07-28T12:14:36.236525Z", + "relationship_type": "indicates", + "source_ref": "indicator--f77b3f78-ef51-425a-a541-d02d4f00160d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ba270c4-c7d4-446f-9de9-c778a3b11264", + "created": "2023-07-28T12:14:36.236598Z", + "modified": "2023-07-28T12:14:36.236598Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tiny.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.236598Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7d931ce6-d5f8-4d6b-ac58-a9d4e4cc1ce6", + "created": "2023-07-28T12:14:36.236819Z", + "modified": "2023-07-28T12:14:36.236819Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ba270c4-c7d4-446f-9de9-c778a3b11264", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f94f5c85-ecbd-4df4-b62a-09fdac03a8b8", + "created": "2023-07-28T12:14:36.23689Z", + "modified": "2023-07-28T12:14:36.23689Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='apps-ios.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.23689Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6f6b3642-8666-4e23-a5fc-f5af71ee07e5", + "created": "2023-07-28T12:14:36.237111Z", + "modified": "2023-07-28T12:14:36.237111Z", + "relationship_type": "indicates", + "source_ref": "indicator--f94f5c85-ecbd-4df4-b62a-09fdac03a8b8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--746ec06d-e63a-4304-a099-dbabfd5e7b9b", + "created": "2023-07-28T12:14:36.237182Z", + "modified": "2023-07-28T12:14:36.237182Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sports-mdg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.237182Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--42e27007-d22c-4d4e-87bd-61e9e644f36e", + "created": "2023-07-28T12:14:36.237402Z", + "modified": "2023-07-28T12:14:36.237402Z", + "relationship_type": "indicates", + "source_ref": "indicator--746ec06d-e63a-4304-a099-dbabfd5e7b9b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--80589ecc-8a1d-42ee-89af-f62840d49733", + "created": "2023-07-28T12:14:36.237473Z", + "modified": "2023-07-28T12:14:36.237473Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='etisalategypt.tech']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.237473Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ae6aae32-54b8-4a0c-bf14-77da49301e01", + "created": "2023-07-28T12:14:36.237697Z", + "modified": "2023-07-28T12:14:36.237697Z", + "relationship_type": "indicates", + "source_ref": "indicator--80589ecc-8a1d-42ee-89af-f62840d49733", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3e1b07a0-0367-42f0-8376-67e29537315b", + "created": "2023-07-28T12:14:36.237768Z", + "modified": "2023-07-28T12:14:36.237768Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kathimerini.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.237768Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a96a642b-3358-4b55-aa26-b517011dd9e9", + "created": "2023-07-28T12:14:36.23803Z", + "modified": "2023-07-28T12:14:36.23803Z", + "relationship_type": "indicates", + "source_ref": "indicator--3e1b07a0-0367-42f0-8376-67e29537315b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--83479404-c7ab-4cc7-b627-800385eeeeb4", + "created": "2023-07-28T12:14:36.238134Z", + "modified": "2023-07-28T12:14:36.238134Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='itter.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.238134Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--94d13936-d493-4c3b-8574-b01d23631596", + "created": "2023-07-28T12:14:36.238388Z", + "modified": "2023-07-28T12:14:36.238388Z", + "relationship_type": "indicates", + "source_ref": "indicator--83479404-c7ab-4cc7-b627-800385eeeeb4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--46139128-74d7-4efc-b88d-c641d08c5faf", + "created": "2023-07-28T12:14:36.238467Z", + "modified": "2023-07-28T12:14:36.238467Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='weathear.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.238467Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--76766783-b1ea-4494-af94-7ec1fd699771", + "created": "2023-07-28T12:14:36.238778Z", + "modified": "2023-07-28T12:14:36.238778Z", + "relationship_type": "indicates", + "source_ref": "indicator--46139128-74d7-4efc-b88d-c641d08c5faf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4f9d0d38-72da-4aad-8f0c-30f19c3ebadb", + "created": "2023-07-28T12:14:36.238855Z", + "modified": "2023-07-28T12:14:36.238855Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='goldenscent.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.238855Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dd4a7857-2a87-4fff-a0b7-21bfd5b998b1", + "created": "2023-07-28T12:14:36.239083Z", + "modified": "2023-07-28T12:14:36.239083Z", + "relationship_type": "indicates", + "source_ref": "indicator--4f9d0d38-72da-4aad-8f0c-30f19c3ebadb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b76720a1-b930-46f5-9eb4-e3c009335e53", + "created": "2023-07-28T12:14:36.239156Z", + "modified": "2023-07-28T12:14:36.239156Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='svetovid.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.239156Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c46a3125-a94f-4e0e-ab9e-481e4343913c", + "created": "2023-07-28T12:14:36.239384Z", + "modified": "2023-07-28T12:14:36.239384Z", + "relationship_type": "indicates", + "source_ref": "indicator--b76720a1-b930-46f5-9eb4-e3c009335e53", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c8beb320-079b-48cf-a29a-b2a3a1532519", + "created": "2023-07-28T12:14:36.239462Z", + "modified": "2023-07-28T12:14:36.239462Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bank-alahly.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.239462Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6d5cc38f-bed0-4130-bc49-6bf40ffe3fc5", + "created": "2023-07-28T12:14:36.239765Z", + "modified": "2023-07-28T12:14:36.239765Z", + "relationship_type": "indicates", + "source_ref": "indicator--c8beb320-079b-48cf-a29a-b2a3a1532519", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7ec82077-90cd-4ce0-b27d-afece0467eac", + "created": "2023-07-28T12:14:36.239841Z", + "modified": "2023-07-28T12:14:36.239841Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='trecv.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.239841Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2bf05b62-05a4-48c4-a7cb-4433772783fb", + "created": "2023-07-28T12:14:36.240068Z", + "modified": "2023-07-28T12:14:36.240068Z", + "relationship_type": "indicates", + "source_ref": "indicator--7ec82077-90cd-4ce0-b27d-afece0467eac", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--efe943b0-6bb1-41b8-a527-9dd2ca4369a7", + "created": "2023-07-28T12:14:36.24014Z", + "modified": "2023-07-28T12:14:36.24014Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pocopoc.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.24014Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--128b1f84-b436-4d17-98fe-22c0893eb8dd", + "created": "2023-07-28T12:14:36.240367Z", + "modified": "2023-07-28T12:14:36.240367Z", + "relationship_type": "indicates", + "source_ref": "indicator--efe943b0-6bb1-41b8-a527-9dd2ca4369a7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7c27d468-77a9-4458-9a32-907a099f5ce8", + "created": "2023-07-28T12:14:36.240438Z", + "modified": "2023-07-28T12:14:36.240438Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='solargoup.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.240438Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3bd61a32-443e-4560-bb6e-c7396febae00", + "created": "2023-07-28T12:14:36.240666Z", + "modified": "2023-07-28T12:14:36.240666Z", + "relationship_type": "indicates", + "source_ref": "indicator--7c27d468-77a9-4458-9a32-907a099f5ce8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cbad4b3d-04cd-4af5-aa54-8384c1c7ce8b", + "created": "2023-07-28T12:14:36.240738Z", + "modified": "2023-07-28T12:14:36.240738Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='suzuki.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.240738Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cb88c26b-bf03-4026-b6b1-851cc42f7ab0", + "created": "2023-07-28T12:14:36.240963Z", + "modified": "2023-07-28T12:14:36.240963Z", + "relationship_type": "indicates", + "source_ref": "indicator--cbad4b3d-04cd-4af5-aa54-8384c1c7ce8b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ab6266c4-98b8-4b5c-a5db-4c282ac10a74", + "created": "2023-07-28T12:14:36.241035Z", + "modified": "2023-07-28T12:14:36.241035Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='iosmnbg.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.241035Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ef60d79c-4fd9-4ea9-b4fe-d725fe901ffb", + "created": "2023-07-28T12:14:36.241259Z", + "modified": "2023-07-28T12:14:36.241259Z", + "relationship_type": "indicates", + "source_ref": "indicator--ab6266c4-98b8-4b5c-a5db-4c282ac10a74", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--61c1e2e3-93d5-4efc-a4ac-4712b155d5ab", + "created": "2023-07-28T12:14:36.241333Z", + "modified": "2023-07-28T12:14:36.241333Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='updatingnews.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.241333Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8077f5c7-fe02-4f60-8b0c-bf56717fb722", + "created": "2023-07-28T12:14:36.241629Z", + "modified": "2023-07-28T12:14:36.241629Z", + "relationship_type": "indicates", + "source_ref": "indicator--61c1e2e3-93d5-4efc-a4ac-4712b155d5ab", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--22484801-c08e-4af2-b45d-d2dca746ed37", + "created": "2023-07-28T12:14:36.241702Z", + "modified": "2023-07-28T12:14:36.241702Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='efsyn.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.241702Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--de866d7f-a672-4f04-882e-f7cc8259e80c", + "created": "2023-07-28T12:14:36.241927Z", + "modified": "2023-07-28T12:14:36.241927Z", + "relationship_type": "indicates", + "source_ref": "indicator--22484801-c08e-4af2-b45d-d2dca746ed37", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--de7854bf-a297-40a3-8e3f-08a09d53c5b6", + "created": "2023-07-28T12:14:36.242002Z", + "modified": "2023-07-28T12:14:36.242002Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='paok-24.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.242002Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a1c4ef06-ecc8-4364-a4bc-27b112decf98", + "created": "2023-07-28T12:14:36.242223Z", + "modified": "2023-07-28T12:14:36.242223Z", + "relationship_type": "indicates", + "source_ref": "indicator--de7854bf-a297-40a3-8e3f-08a09d53c5b6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3ccdfced-6909-41d2-a1ad-4b4b48e25b1f", + "created": "2023-07-28T12:14:36.242294Z", + "modified": "2023-07-28T12:14:36.242294Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='z2a.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.242294Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--22fefea5-8d01-4f6a-b4ab-7dcaa7975e0c", + "created": "2023-07-28T12:14:36.242514Z", + "modified": "2023-07-28T12:14:36.242514Z", + "relationship_type": "indicates", + "source_ref": "indicator--3ccdfced-6909-41d2-a1ad-4b4b48e25b1f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--adb3a955-7428-4418-aca1-d723fffd1687", + "created": "2023-07-28T12:14:36.242584Z", + "modified": "2023-07-28T12:14:36.242584Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='static-graph.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.242584Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--38e73cff-11fb-4bce-9c9a-5e776a8982ec", + "created": "2023-07-28T12:14:36.242807Z", + "modified": "2023-07-28T12:14:36.242807Z", + "relationship_type": "indicates", + "source_ref": "indicator--adb3a955-7428-4418-aca1-d723fffd1687", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a0295195-5fad-47b5-93e4-0c2905cc790a", + "created": "2023-07-28T12:14:36.242879Z", + "modified": "2023-07-28T12:14:36.242879Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='guardian-tt.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.242879Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--81512fd2-64c9-4eaf-9dd0-b99caadb5fc7", + "created": "2023-07-28T12:14:36.2431Z", + "modified": "2023-07-28T12:14:36.2431Z", + "relationship_type": "indicates", + "source_ref": "indicator--a0295195-5fad-47b5-93e4-0c2905cc790a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a3112048-a241-4fb6-bf12-8b01e1fd3d89", + "created": "2023-07-28T12:14:36.243171Z", + "modified": "2023-07-28T12:14:36.243171Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='espressonews.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.243171Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e3f94465-9857-4136-b1d2-3998f092ab8b", + "created": "2023-07-28T12:14:36.243396Z", + "modified": "2023-07-28T12:14:36.243396Z", + "relationship_type": "indicates", + "source_ref": "indicator--a3112048-a241-4fb6-bf12-8b01e1fd3d89", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--22a90373-4da6-418c-9362-29612c7444c4", + "created": "2023-07-28T12:14:36.243468Z", + "modified": "2023-07-28T12:14:36.243468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='md-news-direct.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.243468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b265213a-96ba-4fbd-aa58-6705d4d9a5d2", + "created": "2023-07-28T12:14:36.243692Z", + "modified": "2023-07-28T12:14:36.243692Z", + "relationship_type": "indicates", + "source_ref": "indicator--22a90373-4da6-418c-9362-29612c7444c4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dd49492f-6387-48f7-8cdd-ea600e670d8f", + "created": "2023-07-28T12:14:36.243763Z", + "modified": "2023-07-28T12:14:36.243763Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='niceonesa.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.243763Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5f80c9df-0bf9-43c3-9d5c-c2476555ad5b", + "created": "2023-07-28T12:14:36.243992Z", + "modified": "2023-07-28T12:14:36.243992Z", + "relationship_type": "indicates", + "source_ref": "indicator--dd49492f-6387-48f7-8cdd-ea600e670d8f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8e46cd1b-1b3d-4cfa-a763-b00372bbce34", + "created": "2023-07-28T12:14:36.244067Z", + "modified": "2023-07-28T12:14:36.244067Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='syncupdate.site']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.244067Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--025bc38c-7929-4072-8b39-95098e538085", + "created": "2023-07-28T12:14:36.244295Z", + "modified": "2023-07-28T12:14:36.244295Z", + "relationship_type": "indicates", + "source_ref": "indicator--8e46cd1b-1b3d-4cfa-a763-b00372bbce34", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--09297e64-1541-43dc-af2c-a13d77a01643", + "created": "2023-07-28T12:14:36.244366Z", + "modified": "2023-07-28T12:14:36.244366Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='instegram.co']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.244366Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7c4abc46-3fcb-42df-b216-244ac71fa98d", + "created": "2023-07-28T12:14:36.244652Z", + "modified": "2023-07-28T12:14:36.244652Z", + "relationship_type": "indicates", + "source_ref": "indicator--09297e64-1541-43dc-af2c-a13d77a01643", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--814ae9cc-42f1-4a38-9a42-e1c355221a72", + "created": "2023-07-28T12:14:36.244724Z", + "modified": "2023-07-28T12:14:36.244724Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ereportaz.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.244724Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4ac81591-8a7f-4c9e-9677-c140058551e4", + "created": "2023-07-28T12:14:36.244957Z", + "modified": "2023-07-28T12:14:36.244957Z", + "relationship_type": "indicates", + "source_ref": "indicator--814ae9cc-42f1-4a38-9a42-e1c355221a72", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--74ac2820-9e97-49d6-ac80-52f464a3364b", + "created": "2023-07-28T12:14:36.245028Z", + "modified": "2023-07-28T12:14:36.245028Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='linkit.cloud']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.245028Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e75ef0a7-d630-462f-af40-246c9e6d614f", + "created": "2023-07-28T12:14:36.245253Z", + "modified": "2023-07-28T12:14:36.245253Z", + "relationship_type": "indicates", + "source_ref": "indicator--74ac2820-9e97-49d6-ac80-52f464a3364b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d13aa8fb-a544-4961-bff8-ba2bf0793218", + "created": "2023-07-28T12:14:36.245323Z", + "modified": "2023-07-28T12:14:36.245323Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='emvolio-gov.gr']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.245323Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4ba34102-18b9-4886-9d76-685972f47ba3", + "created": "2023-07-28T12:14:36.245542Z", + "modified": "2023-07-28T12:14:36.245542Z", + "relationship_type": "indicates", + "source_ref": "indicator--d13aa8fb-a544-4961-bff8-ba2bf0793218", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--001f40e9-1c6a-42b2-8c81-daac23a6367c", + "created": "2023-07-28T12:14:36.245613Z", + "modified": "2023-07-28T12:14:36.245613Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='newsbeast.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.245613Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d8fbd76e-153c-4b5c-9949-e1879dab04a8", + "created": "2023-07-28T12:14:36.24584Z", + "modified": "2023-07-28T12:14:36.24584Z", + "relationship_type": "indicates", + "source_ref": "indicator--001f40e9-1c6a-42b2-8c81-daac23a6367c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ae1a9ceb-2624-439c-938d-96c8894dae36", + "created": "2023-07-28T12:14:36.245912Z", + "modified": "2023-07-28T12:14:36.245912Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='myutbe.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.245912Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3f40587e-287d-4cb3-91d3-f173f4c62321", + "created": "2023-07-28T12:14:36.246132Z", + "modified": "2023-07-28T12:14:36.246132Z", + "relationship_type": "indicates", + "source_ref": "indicator--ae1a9ceb-2624-439c-938d-96c8894dae36", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5fd4bbb5-88bb-4536-9ede-c965a56cd15f", + "created": "2023-07-28T12:14:36.246204Z", + "modified": "2023-07-28T12:14:36.246204Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='etisalatgreen.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.246204Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2ea9bbde-1909-4f5c-ac1e-3ac6d6d7f1c3", + "created": "2023-07-28T12:14:36.246426Z", + "modified": "2023-07-28T12:14:36.246426Z", + "relationship_type": "indicates", + "source_ref": "indicator--5fd4bbb5-88bb-4536-9ede-c965a56cd15f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6f0f7a65-a1b2-41f9-81ad-5cd95c34ffe1", + "created": "2023-07-28T12:14:36.246497Z", + "modified": "2023-07-28T12:14:36.246497Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='koora-egypt.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.246497Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7a4029d5-cf65-4a38-a836-e0ce36f415f7", + "created": "2023-07-28T12:14:36.246718Z", + "modified": "2023-07-28T12:14:36.246718Z", + "relationship_type": "indicates", + "source_ref": "indicator--6f0f7a65-a1b2-41f9-81ad-5cd95c34ffe1", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--862dd150-8d8a-4f7d-a1b8-0f4503cbc522", + "created": "2023-07-28T12:14:36.246792Z", + "modified": "2023-07-28T12:14:36.246792Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='utube.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.246792Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6eeae738-127b-4d43-8117-b1d27c17c848", + "created": "2023-07-28T12:14:36.247014Z", + "modified": "2023-07-28T12:14:36.247014Z", + "relationship_type": "indicates", + "source_ref": "indicator--862dd150-8d8a-4f7d-a1b8-0f4503cbc522", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a65788e1-eea5-4153-ade9-5621443d1d3c", + "created": "2023-07-28T12:14:36.247089Z", + "modified": "2023-07-28T12:14:36.247089Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='redirecting.page']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.247089Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--facb31d1-13fb-4803-abc8-10d8c6647d0f", + "created": "2023-07-28T12:14:36.247409Z", + "modified": "2023-07-28T12:14:36.247409Z", + "relationship_type": "indicates", + "source_ref": "indicator--a65788e1-eea5-4153-ade9-5621443d1d3c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--29bd2b6c-b518-4687-b145-6a736dee986e", + "created": "2023-07-28T12:14:36.247483Z", + "modified": "2023-07-28T12:14:36.247483Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bit-li.ws']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.247483Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8a7d05bb-036c-497d-8944-035f57935a1a", + "created": "2023-07-28T12:14:36.247703Z", + "modified": "2023-07-28T12:14:36.247703Z", + "relationship_type": "indicates", + "source_ref": "indicator--29bd2b6c-b518-4687-b145-6a736dee986e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dc6ad9ff-a03e-49be-9e82-5a1199b2d894", + "created": "2023-07-28T12:14:36.247776Z", + "modified": "2023-07-28T12:14:36.247776Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tly.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.247776Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a46d6400-9143-40f9-b2fc-df6aada977b5", + "created": "2023-07-28T12:14:36.247997Z", + "modified": "2023-07-28T12:14:36.247997Z", + "relationship_type": "indicates", + "source_ref": "indicator--dc6ad9ff-a03e-49be-9e82-5a1199b2d894", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9ec681d1-92ff-4349-958c-e660ed006687", + "created": "2023-07-28T12:14:36.248067Z", + "modified": "2023-07-28T12:14:36.248067Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='telenorconn.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.248067Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4c13d79e-50a6-4b7c-aa21-f4db27eb24e6", + "created": "2023-07-28T12:14:36.248288Z", + "modified": "2023-07-28T12:14:36.248288Z", + "relationship_type": "indicates", + "source_ref": "indicator--9ec681d1-92ff-4349-958c-e660ed006687", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0445ff91-1f2b-4a23-8848-f28c989a45f5", + "created": "2023-07-28T12:14:36.248359Z", + "modified": "2023-07-28T12:14:36.248359Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shortely.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.248359Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a9302002-a6b7-4b72-bb2b-99b739d544d6", + "created": "2023-07-28T12:14:36.248578Z", + "modified": "2023-07-28T12:14:36.248578Z", + "relationship_type": "indicates", + "source_ref": "indicator--0445ff91-1f2b-4a23-8848-f28c989a45f5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1c45dce4-614b-4a7b-a9ad-c8e314e403b7", + "created": "2023-07-28T12:14:36.248649Z", + "modified": "2023-07-28T12:14:36.248649Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cloudstatistics.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.248649Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5998f540-724f-4838-bee4-ce7b1c934e70", + "created": "2023-07-28T12:14:36.248875Z", + "modified": "2023-07-28T12:14:36.248875Z", + "relationship_type": "indicates", + "source_ref": "indicator--1c45dce4-614b-4a7b-a9ad-c8e314e403b7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e643d827-7970-45df-b56b-d13e7460259e", + "created": "2023-07-28T12:14:36.248949Z", + "modified": "2023-07-28T12:14:36.248949Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='linktothisa.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.248949Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e08373c2-9a79-43c7-bb5b-9bd213e084e0", + "created": "2023-07-28T12:14:36.24917Z", + "modified": "2023-07-28T12:14:36.24917Z", + "relationship_type": "indicates", + "source_ref": "indicator--e643d827-7970-45df-b56b-d13e7460259e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--df56811e-5c1a-4697-a49c-9756a2a711bd", + "created": "2023-07-28T12:14:36.249241Z", + "modified": "2023-07-28T12:14:36.249241Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='qwxzyl.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.249241Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--eb7d08a5-e406-4410-b01f-bd9b20a790ba", + "created": "2023-07-28T12:14:36.249506Z", + "modified": "2023-07-28T12:14:36.249506Z", + "relationship_type": "indicates", + "source_ref": "indicator--df56811e-5c1a-4697-a49c-9756a2a711bd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--818ee841-4df8-4f45-a28c-d073ef6d2558", + "created": "2023-07-28T12:14:36.249578Z", + "modified": "2023-07-28T12:14:36.249578Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ps2link.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.249578Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b92dcaf9-2d99-48e7-951b-a3a133f06915", + "created": "2023-07-28T12:14:36.249802Z", + "modified": "2023-07-28T12:14:36.249802Z", + "relationship_type": "indicates", + "source_ref": "indicator--818ee841-4df8-4f45-a28c-d073ef6d2558", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--68fb458d-7ea0-4956-9f5d-fec1608633c4", + "created": "2023-07-28T12:14:36.249878Z", + "modified": "2023-07-28T12:14:36.249878Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='canyouc.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.249878Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f4ee5b3c-d8d6-47fd-b15e-60a42ed9a9f6", + "created": "2023-07-28T12:14:36.250101Z", + "modified": "2023-07-28T12:14:36.250101Z", + "relationship_type": "indicates", + "source_ref": "indicator--68fb458d-7ea0-4956-9f5d-fec1608633c4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7674ebe9-cc67-479e-92b0-7c2b43db288a", + "created": "2023-07-28T12:14:36.250174Z", + "modified": "2023-07-28T12:14:36.250174Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tvxs.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.250174Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ff4bf7f3-5d45-45a4-85b8-aa64a5a85ca1", + "created": "2023-07-28T12:14:36.250465Z", + "modified": "2023-07-28T12:14:36.250465Z", + "relationship_type": "indicates", + "source_ref": "indicator--7674ebe9-cc67-479e-92b0-7c2b43db288a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d860628a-a799-44db-8032-d5580036bcb8", + "created": "2023-07-28T12:14:36.250542Z", + "modified": "2023-07-28T12:14:36.250542Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='updatetime.zone']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.250542Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d9c5c823-f071-4ca0-8068-65105bb17168", + "created": "2023-07-28T12:14:36.250765Z", + "modified": "2023-07-28T12:14:36.250765Z", + "relationship_type": "indicates", + "source_ref": "indicator--d860628a-a799-44db-8032-d5580036bcb8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3b8add23-9bb6-4ce9-a0cc-3fa97a537e73", + "created": "2023-07-28T12:14:36.250836Z", + "modified": "2023-07-28T12:14:36.250836Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='miniiosapps.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.250836Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ef132a2b-2ed7-4890-aa88-b91459623fff", + "created": "2023-07-28T12:14:36.251059Z", + "modified": "2023-07-28T12:14:36.251059Z", + "relationship_type": "indicates", + "source_ref": "indicator--3b8add23-9bb6-4ce9-a0cc-3fa97a537e73", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b46a2265-33d8-45e5-a85d-a2ed3127b27d", + "created": "2023-07-28T12:14:36.25113Z", + "modified": "2023-07-28T12:14:36.25113Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='liponals.store']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.25113Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1cf07788-dd5c-42bb-bf98-cc62167eaef9", + "created": "2023-07-28T12:14:36.25135Z", + "modified": "2023-07-28T12:14:36.25135Z", + "relationship_type": "indicates", + "source_ref": "indicator--b46a2265-33d8-45e5-a85d-a2ed3127b27d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f62bc993-acf1-4457-a6fe-8eb8703edecf", + "created": "2023-07-28T12:14:36.251421Z", + "modified": "2023-07-28T12:14:36.251421Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bitt.fi']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.251421Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0cc4f5ec-6a89-4f46-8fd4-cbec47d11e00", + "created": "2023-07-28T12:14:36.251638Z", + "modified": "2023-07-28T12:14:36.251638Z", + "relationship_type": "indicates", + "source_ref": "indicator--f62bc993-acf1-4457-a6fe-8eb8703edecf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d5bc53ef-4c7a-411d-923f-09a10821e2be", + "created": "2023-07-28T12:14:36.25171Z", + "modified": "2023-07-28T12:14:36.25171Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='koenigseggg.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.25171Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e9ec1f37-fbed-4fdc-b7e6-81d8c431bac6", + "created": "2023-07-28T12:14:36.251933Z", + "modified": "2023-07-28T12:14:36.251933Z", + "relationship_type": "indicates", + "source_ref": "indicator--d5bc53ef-4c7a-411d-923f-09a10821e2be", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--aa6ad3b7-54c2-4f63-938b-e278493ccd9f", + "created": "2023-07-28T12:14:36.252005Z", + "modified": "2023-07-28T12:14:36.252005Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yo.utube.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.252005Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a39f5640-9868-48db-9179-6efc61ad96c3", + "created": "2023-07-28T12:14:36.252227Z", + "modified": "2023-07-28T12:14:36.252227Z", + "relationship_type": "indicates", + "source_ref": "indicator--aa6ad3b7-54c2-4f63-938b-e278493ccd9f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3b9c23bd-2d4b-43dd-83f8-a47939500a91", + "created": "2023-07-28T12:14:36.252303Z", + "modified": "2023-07-28T12:14:36.252303Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtubewatch.co']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.252303Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c62e4a06-3f9e-4347-9fe1-f788f0a4bfa3", + "created": "2023-07-28T12:14:36.252528Z", + "modified": "2023-07-28T12:14:36.252528Z", + "relationship_type": "indicates", + "source_ref": "indicator--3b9c23bd-2d4b-43dd-83f8-a47939500a91", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5e801174-4ee7-4f4a-b22e-e8311cb134bd", + "created": "2023-07-28T12:14:36.2526Z", + "modified": "2023-07-28T12:14:36.2526Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fimes.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.2526Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f1eb9400-ad3b-412d-963b-64ca6cb1dc3b", + "created": "2023-07-28T12:14:36.25282Z", + "modified": "2023-07-28T12:14:36.25282Z", + "relationship_type": "indicates", + "source_ref": "indicator--5e801174-4ee7-4f4a-b22e-e8311cb134bd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--220e651d-72a3-4d3f-bae6-c2b3390c7343", + "created": "2023-07-28T12:14:36.252891Z", + "modified": "2023-07-28T12:14:36.252891Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bit-ly.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.252891Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d60e165b-1037-479b-b414-fec951bb2617", + "created": "2023-07-28T12:14:36.253333Z", + "modified": "2023-07-28T12:14:36.253333Z", + "relationship_type": "indicates", + "source_ref": "indicator--220e651d-72a3-4d3f-bae6-c2b3390c7343", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0bc9732b-82b3-4472-9fee-a4f22f207007", + "created": "2023-07-28T12:14:36.253407Z", + "modified": "2023-07-28T12:14:36.253407Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='we-site.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.253407Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--825839c9-1273-4c28-bad9-a555340d8a5c", + "created": "2023-07-28T12:14:36.253629Z", + "modified": "2023-07-28T12:14:36.253629Z", + "relationship_type": "indicates", + "source_ref": "indicator--0bc9732b-82b3-4472-9fee-a4f22f207007", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7786bb47-08ac-4453-98a3-1e9e7ecdcfba", + "created": "2023-07-28T12:14:36.253702Z", + "modified": "2023-07-28T12:14:36.253702Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bbcsworld.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.253702Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4e5a5589-c3be-4431-807a-c347252952f8", + "created": "2023-07-28T12:14:36.253923Z", + "modified": "2023-07-28T12:14:36.253923Z", + "relationship_type": "indicates", + "source_ref": "indicator--7786bb47-08ac-4453-98a3-1e9e7ecdcfba", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c5b79774-ccdb-400f-9486-f854083aaef9", + "created": "2023-07-28T12:14:36.253994Z", + "modified": "2023-07-28T12:14:36.253994Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='novosti.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.253994Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--69d7d2d8-0c62-439b-aee4-92c77c41d2ea", + "created": "2023-07-28T12:14:36.254211Z", + "modified": "2023-07-28T12:14:36.254211Z", + "relationship_type": "indicates", + "source_ref": "indicator--c5b79774-ccdb-400f-9486-f854083aaef9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2432840d-8827-4907-a543-cd43964f94a8", + "created": "2023-07-28T12:14:36.254281Z", + "modified": "2023-07-28T12:14:36.254281Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='safelyredirecting.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.254281Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b7c3a25b-c1e1-4dc9-8454-3a364d5e7dc8", + "created": "2023-07-28T12:14:36.254506Z", + "modified": "2023-07-28T12:14:36.254506Z", + "relationship_type": "indicates", + "source_ref": "indicator--2432840d-8827-4907-a543-cd43964f94a8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c5c0d5d1-8c96-447d-8443-70b4ae989012", + "created": "2023-07-28T12:14:36.254578Z", + "modified": "2023-07-28T12:14:36.254578Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wtc2222.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.254578Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8cf130be-3d5a-45ca-9d72-42a065315370", + "created": "2023-07-28T12:14:36.254796Z", + "modified": "2023-07-28T12:14:36.254796Z", + "relationship_type": "indicates", + "source_ref": "indicator--c5c0d5d1-8c96-447d-8443-70b4ae989012", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--21eb7d21-6009-4b12-8472-15418739218d", + "created": "2023-07-28T12:14:36.254869Z", + "modified": "2023-07-28T12:14:36.254869Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cyber.country']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.254869Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6ec966ce-e534-4f47-9c01-818a745fcbf7", + "created": "2023-07-28T12:14:36.255093Z", + "modified": "2023-07-28T12:14:36.255093Z", + "relationship_type": "indicates", + "source_ref": "indicator--21eb7d21-6009-4b12-8472-15418739218d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--11b9da91-e1b9-4883-a712-dc495fef9ff9", + "created": "2023-07-28T12:14:36.255164Z", + "modified": "2023-07-28T12:14:36.255164Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ilnk.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.255164Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1030952d-ab58-46f4-8a0d-95e83daa9022", + "created": "2023-07-28T12:14:36.255381Z", + "modified": "2023-07-28T12:14:36.255381Z", + "relationship_type": "indicates", + "source_ref": "indicator--11b9da91-e1b9-4883-a712-dc495fef9ff9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f536b0c5-6cd6-4e83-9f37-af257d9cde37", + "created": "2023-07-28T12:14:36.255452Z", + "modified": "2023-07-28T12:14:36.255452Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='crashonline.site']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.255452Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--eef25750-9676-43de-bf7f-be3dacb4f5c6", + "created": "2023-07-28T12:14:36.255736Z", + "modified": "2023-07-28T12:14:36.255736Z", + "relationship_type": "indicates", + "source_ref": "indicator--f536b0c5-6cd6-4e83-9f37-af257d9cde37", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--153e2aeb-39a6-4507-b9b6-ae47a15414e9", + "created": "2023-07-28T12:14:36.255813Z", + "modified": "2023-07-28T12:14:36.255813Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='5m5.io']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.255813Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bdcce58b-971a-4282-b8a6-c2b892fb0eef", + "created": "2023-07-28T12:14:36.256089Z", + "modified": "2023-07-28T12:14:36.256089Z", + "relationship_type": "indicates", + "source_ref": "indicator--153e2aeb-39a6-4507-b9b6-ae47a15414e9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6eaa9d77-992f-49ff-8737-d38f423fda6c", + "created": "2023-07-28T12:14:36.256161Z", + "modified": "2023-07-28T12:14:36.256161Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='advfb.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.256161Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--690f83cc-d637-4252-9217-f2cb86d57ad0", + "created": "2023-07-28T12:14:36.256444Z", + "modified": "2023-07-28T12:14:36.256444Z", + "relationship_type": "indicates", + "source_ref": "indicator--6eaa9d77-992f-49ff-8737-d38f423fda6c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ecb94be3-dfc0-40b9-803c-ede6d572949b", + "created": "2023-07-28T12:14:36.256517Z", + "modified": "2023-07-28T12:14:36.256517Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cellconn.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.256517Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7773dad1-4759-4184-9383-03a9f8ec7934", + "created": "2023-07-28T12:14:36.25674Z", + "modified": "2023-07-28T12:14:36.25674Z", + "relationship_type": "indicates", + "source_ref": "indicator--ecb94be3-dfc0-40b9-803c-ede6d572949b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f8960c58-b0df-4737-91e7-333dfa2cb261", + "created": "2023-07-28T12:14:36.256813Z", + "modified": "2023-07-28T12:14:36.256813Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cbbc01.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.256813Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--482e19f8-46ca-4467-9ad6-afeba56c5d03", + "created": "2023-07-28T12:14:36.257059Z", + "modified": "2023-07-28T12:14:36.257059Z", + "relationship_type": "indicates", + "source_ref": "indicator--f8960c58-b0df-4737-91e7-333dfa2cb261", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1c2038ec-2f6d-4961-8a05-b87794b0ce6f", + "created": "2023-07-28T12:14:36.257136Z", + "modified": "2023-07-28T12:14:36.257136Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='citroen.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.257136Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9be81c54-8872-4120-a810-4223cf7363b8", + "created": "2023-07-28T12:14:36.257357Z", + "modified": "2023-07-28T12:14:36.257357Z", + "relationship_type": "indicates", + "source_ref": "indicator--1c2038ec-2f6d-4961-8a05-b87794b0ce6f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--62eb1fa2-88c0-431f-bb64-caf7779abc83", + "created": "2023-07-28T12:14:36.257429Z", + "modified": "2023-07-28T12:14:36.257429Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='speedy.sbs']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.257429Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d525e087-9e72-4f43-aef5-e48255c5f770", + "created": "2023-07-28T12:14:36.257656Z", + "modified": "2023-07-28T12:14:36.257656Z", + "relationship_type": "indicates", + "source_ref": "indicator--62eb1fa2-88c0-431f-bb64-caf7779abc83", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a602a3c0-5efa-4758-be0f-43a56c0bacf4", + "created": "2023-07-28T12:14:36.257728Z", + "modified": "2023-07-28T12:14:36.257728Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='forwardeshoptt.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.257728Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a88659a1-e894-44ec-915c-50e02400ddee", + "created": "2023-07-28T12:14:36.257954Z", + "modified": "2023-07-28T12:14:36.257954Z", + "relationship_type": "indicates", + "source_ref": "indicator--a602a3c0-5efa-4758-be0f-43a56c0bacf4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f8f3b50a-94e4-47f0-868f-95b425cd8dc2", + "created": "2023-07-28T12:14:36.258026Z", + "modified": "2023-07-28T12:14:36.258026Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='quickupdates.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.258026Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a19651a9-1973-4582-bb20-816976764735", + "created": "2023-07-28T12:14:36.258249Z", + "modified": "2023-07-28T12:14:36.258249Z", + "relationship_type": "indicates", + "source_ref": "indicator--f8f3b50a-94e4-47f0-868f-95b425cd8dc2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--75b29fc5-e9f0-40b1-9ff0-42340efcdcf4", + "created": "2023-07-28T12:14:36.258321Z", + "modified": "2023-07-28T12:14:36.258321Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='protothema.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.258321Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e645ec33-1366-4d55-86d8-a65cf4ea71b8", + "created": "2023-07-28T12:14:36.258553Z", + "modified": "2023-07-28T12:14:36.258553Z", + "relationship_type": "indicates", + "source_ref": "indicator--75b29fc5-e9f0-40b1-9ff0-42340efcdcf4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fa7d837d-1be7-4f6a-80e5-26033eb4c7d4", + "created": "2023-07-28T12:14:36.258625Z", + "modified": "2023-07-28T12:14:36.258625Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='inservices.digital']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.258625Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--533e54b9-6647-4d0d-9853-c59109ff7f81", + "created": "2023-07-28T12:14:36.258849Z", + "modified": "2023-07-28T12:14:36.258849Z", + "relationship_type": "indicates", + "source_ref": "indicator--fa7d837d-1be7-4f6a-80e5-26033eb4c7d4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d62a9078-4a14-48ce-a4eb-ad493568a0b8", + "created": "2023-07-28T12:14:36.25892Z", + "modified": "2023-07-28T12:14:36.25892Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='twtter.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.25892Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2750e0a1-4857-436e-9e27-c1a6a65e6f29", + "created": "2023-07-28T12:14:36.259214Z", + "modified": "2023-07-28T12:14:36.259214Z", + "relationship_type": "indicates", + "source_ref": "indicator--d62a9078-4a14-48ce-a4eb-ad493568a0b8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--81b98c65-1fc0-45ad-ab43-0841c803ca65", + "created": "2023-07-28T12:14:36.259287Z", + "modified": "2023-07-28T12:14:36.259287Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fbc8213450838f7ae251d4519c195138.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.259287Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9034d80e-75c3-4a15-97a0-4c3d70222076", + "created": "2023-07-28T12:14:36.259556Z", + "modified": "2023-07-28T12:14:36.259556Z", + "relationship_type": "indicates", + "source_ref": "indicator--81b98c65-1fc0-45ad-ab43-0841c803ca65", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f1d64917-4ed6-4270-88d8-828bb22ffd7e", + "created": "2023-07-28T12:14:36.259629Z", + "modified": "2023-07-28T12:14:36.259629Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='itly.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.259629Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2ed65cd5-4864-4201-858e-301d4164fe93", + "created": "2023-07-28T12:14:36.259853Z", + "modified": "2023-07-28T12:14:36.259853Z", + "relationship_type": "indicates", + "source_ref": "indicator--f1d64917-4ed6-4270-88d8-828bb22ffd7e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a3b72501-650f-4360-8a02-514b32674346", + "created": "2023-07-28T12:14:36.259925Z", + "modified": "2023-07-28T12:14:36.259925Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sepenet.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.259925Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b7e76f7c-13b7-47e8-aa67-c1e000c0c344", + "created": "2023-07-28T12:14:36.260149Z", + "modified": "2023-07-28T12:14:36.260149Z", + "relationship_type": "indicates", + "source_ref": "indicator--a3b72501-650f-4360-8a02-514b32674346", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3965dda3-02f3-4de9-9b54-e8ac32b58104", + "created": "2023-07-28T12:14:36.260221Z", + "modified": "2023-07-28T12:14:36.260221Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='teslal.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.260221Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8c44413d-0815-479e-9eaf-048e1498205c", + "created": "2023-07-28T12:14:36.260442Z", + "modified": "2023-07-28T12:14:36.260442Z", + "relationship_type": "indicates", + "source_ref": "indicator--3965dda3-02f3-4de9-9b54-e8ac32b58104", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--30df1409-ed60-4502-be11-271f8a441e30", + "created": "2023-07-28T12:14:36.260519Z", + "modified": "2023-07-28T12:14:36.260519Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sextape225.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.260519Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1af78b54-9c95-4f01-8e43-0cb9780d9965", + "created": "2023-07-28T12:14:36.26074Z", + "modified": "2023-07-28T12:14:36.26074Z", + "relationship_type": "indicates", + "source_ref": "indicator--30df1409-ed60-4502-be11-271f8a441e30", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c88631a3-cdc2-4aa5-991d-faad7ccc5310", + "created": "2023-07-28T12:14:36.260811Z", + "modified": "2023-07-28T12:14:36.260811Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tly.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.260811Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e4fcbf49-e061-4e48-8103-fce8bb5e24f4", + "created": "2023-07-28T12:14:36.261039Z", + "modified": "2023-07-28T12:14:36.261039Z", + "relationship_type": "indicates", + "source_ref": "indicator--c88631a3-cdc2-4aa5-991d-faad7ccc5310", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e2c110a5-7b8a-452a-b8c0-8ae91bb190ac", + "created": "2023-07-28T12:14:36.261115Z", + "modified": "2023-07-28T12:14:36.261115Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='connectivitychecker.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.261115Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b335b0b9-2c89-41e2-b8c5-7cb479711df6", + "created": "2023-07-28T12:14:36.261348Z", + "modified": "2023-07-28T12:14:36.261348Z", + "relationship_type": "indicates", + "source_ref": "indicator--e2c110a5-7b8a-452a-b8c0-8ae91bb190ac", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b3192319-131b-42c5-ad78-e06cc37ddd06", + "created": "2023-07-28T12:14:36.261426Z", + "modified": "2023-07-28T12:14:36.261426Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hopnope.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.261426Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--46225ad1-c1c7-4f2a-ba76-5401c8c1e356", + "created": "2023-07-28T12:14:36.261651Z", + "modified": "2023-07-28T12:14:36.261651Z", + "relationship_type": "indicates", + "source_ref": "indicator--b3192319-131b-42c5-ad78-e06cc37ddd06", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1a8b3131-7948-4e14-b0b9-72f96bda3b40", + "created": "2023-07-28T12:14:36.261725Z", + "modified": "2023-07-28T12:14:36.261725Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='timeupdate.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.261725Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3d980a0a-7b4c-49ae-b9b4-a41f5860dce5", + "created": "2023-07-28T12:14:36.261947Z", + "modified": "2023-07-28T12:14:36.261947Z", + "relationship_type": "indicates", + "source_ref": "indicator--1a8b3131-7948-4e14-b0b9-72f96bda3b40", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7602a7f3-6e57-496c-afd5-e5783d89a133", + "created": "2023-07-28T12:14:36.262017Z", + "modified": "2023-07-28T12:14:36.262017Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lnkedin.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.262017Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--49f394cc-833c-42b3-a13a-5ebf26fb0c45", + "created": "2023-07-28T12:14:36.262302Z", + "modified": "2023-07-28T12:14:36.262302Z", + "relationship_type": "indicates", + "source_ref": "indicator--7602a7f3-6e57-496c-afd5-e5783d89a133", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--da5f2baa-fa7e-4025-9582-b802cd74e4b3", + "created": "2023-07-28T12:14:36.262374Z", + "modified": "2023-07-28T12:14:36.262374Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='oilgy.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.262374Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6b50aa6e-1834-4836-bc0d-7502e1ed0387", + "created": "2023-07-28T12:14:36.262591Z", + "modified": "2023-07-28T12:14:36.262591Z", + "relationship_type": "indicates", + "source_ref": "indicator--da5f2baa-fa7e-4025-9582-b802cd74e4b3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9db464d0-2012-41d3-8ce3-a94b6272b77b", + "created": "2023-07-28T12:14:36.262662Z", + "modified": "2023-07-28T12:14:36.262662Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tinyulrs.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.262662Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--54a529e3-80b2-49a0-9107-6a2bc09ef527", + "created": "2023-07-28T12:14:36.26288Z", + "modified": "2023-07-28T12:14:36.26288Z", + "relationship_type": "indicates", + "source_ref": "indicator--9db464d0-2012-41d3-8ce3-a94b6272b77b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9b1054a2-c059-4ca0-bd79-2859c43ad21c", + "created": "2023-07-28T12:14:36.262951Z", + "modified": "2023-07-28T12:14:36.262951Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='icloudeu.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.262951Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f5fe7271-9167-4ffc-ab7e-e8ee7504385f", + "created": "2023-07-28T12:14:36.263178Z", + "modified": "2023-07-28T12:14:36.263178Z", + "relationship_type": "indicates", + "source_ref": "indicator--9b1054a2-c059-4ca0-bd79-2859c43ad21c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--57f645ec-7897-4537-aa28-430615617893", + "created": "2023-07-28T12:14:36.26325Z", + "modified": "2023-07-28T12:14:36.26325Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='omanreal.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.26325Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--954bad89-0702-49c2-941a-d1a1196deb17", + "created": "2023-07-28T12:14:36.263472Z", + "modified": "2023-07-28T12:14:36.263472Z", + "relationship_type": "indicates", + "source_ref": "indicator--57f645ec-7897-4537-aa28-430615617893", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c3b31830-1e3c-4d29-879c-8cf6a79fec1e", + "created": "2023-07-28T12:14:36.263548Z", + "modified": "2023-07-28T12:14:36.263548Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='api-apple-buy.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.263548Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5873bb7d-2292-4c60-b25b-3a6c3817877c", + "created": "2023-07-28T12:14:36.263771Z", + "modified": "2023-07-28T12:14:36.263771Z", + "relationship_type": "indicates", + "source_ref": "indicator--c3b31830-1e3c-4d29-879c-8cf6a79fec1e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0c8cbbca-5bfd-4d43-8b5f-02bada6b9699", + "created": "2023-07-28T12:14:36.263842Z", + "modified": "2023-07-28T12:14:36.263842Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lifestyleshops.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.263842Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--25adb53c-2a4d-445d-b3b3-0576bc4b47c1", + "created": "2023-07-28T12:14:36.264066Z", + "modified": "2023-07-28T12:14:36.264066Z", + "relationship_type": "indicates", + "source_ref": "indicator--0c8cbbca-5bfd-4d43-8b5f-02bada6b9699", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4abceff3-67ce-4fe1-b58c-b372bfe6d1ab", + "created": "2023-07-28T12:14:36.264137Z", + "modified": "2023-07-28T12:14:36.264137Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='snapfire.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.264137Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--37428152-34d5-429f-86d7-5897e766b883", + "created": "2023-07-28T12:14:36.264356Z", + "modified": "2023-07-28T12:14:36.264356Z", + "relationship_type": "indicates", + "source_ref": "indicator--4abceff3-67ce-4fe1-b58c-b372bfe6d1ab", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e6b0df34-2353-48e5-a5be-5a350cdba2b2", + "created": "2023-07-28T12:14:36.264427Z", + "modified": "2023-07-28T12:14:36.264427Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nikjol.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.264427Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--51b73a26-c699-4f07-b4d9-9218a399c936", + "created": "2023-07-28T12:14:36.264648Z", + "modified": "2023-07-28T12:14:36.264648Z", + "relationship_type": "indicates", + "source_ref": "indicator--e6b0df34-2353-48e5-a5be-5a350cdba2b2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3707033d-626e-464b-9a65-37795a37a3f4", + "created": "2023-07-28T12:14:36.264733Z", + "modified": "2023-07-28T12:14:36.264733Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='solargroup.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.264733Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--aa91f896-430f-4a26-a32b-390037fbd2f3", + "created": "2023-07-28T12:14:36.265016Z", + "modified": "2023-07-28T12:14:36.265016Z", + "relationship_type": "indicates", + "source_ref": "indicator--3707033d-626e-464b-9a65-37795a37a3f4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9b643d97-96dd-458c-90f3-533ba9261067", + "created": "2023-07-28T12:14:36.26509Z", + "modified": "2023-07-28T12:14:36.26509Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shortwidgets.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.26509Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--46c2f4b0-62ce-4e59-b72a-2a870f10cd32", + "created": "2023-07-28T12:14:36.265315Z", + "modified": "2023-07-28T12:14:36.265315Z", + "relationship_type": "indicates", + "source_ref": "indicator--9b643d97-96dd-458c-90f3-533ba9261067", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d78e78f6-e23a-4fa7-9812-41adfd506229", + "created": "2023-07-28T12:14:36.265387Z", + "modified": "2023-07-28T12:14:36.265387Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nemshi.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.265387Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dd81c067-bbec-40e6-b5e3-2cbb479db35e", + "created": "2023-07-28T12:14:36.265613Z", + "modified": "2023-07-28T12:14:36.265613Z", + "relationship_type": "indicates", + "source_ref": "indicator--d78e78f6-e23a-4fa7-9812-41adfd506229", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8b0a9521-6e49-41d8-afb5-cc5effe446dc", + "created": "2023-07-28T12:14:36.26569Z", + "modified": "2023-07-28T12:14:36.26569Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='timeupdateservice.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.26569Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7056e987-915d-410b-94ba-523e33d8a66a", + "created": "2023-07-28T12:14:36.265915Z", + "modified": "2023-07-28T12:14:36.265915Z", + "relationship_type": "indicates", + "source_ref": "indicator--8b0a9521-6e49-41d8-afb5-cc5effe446dc", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3a3c4f39-e7aa-419d-8f05-08c3abccda57", + "created": "2023-07-28T12:14:36.265986Z", + "modified": "2023-07-28T12:14:36.265986Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shorten.fi']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.265986Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a901bc89-1f66-4602-85ad-14384cfd6bde", + "created": "2023-07-28T12:14:36.266206Z", + "modified": "2023-07-28T12:14:36.266206Z", + "relationship_type": "indicates", + "source_ref": "indicator--3a3c4f39-e7aa-419d-8f05-08c3abccda57", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--315530e0-6acd-43e0-a76b-28cd45db81ee", + "created": "2023-07-28T12:14:36.266283Z", + "modified": "2023-07-28T12:14:36.266283Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mywebsitevpstest.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.266283Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7c5f25ac-9f52-48c1-9d48-ebc85b8070ad", + "created": "2023-07-28T12:14:36.266513Z", + "modified": "2023-07-28T12:14:36.266513Z", + "relationship_type": "indicates", + "source_ref": "indicator--315530e0-6acd-43e0-a76b-28cd45db81ee", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f6681095-d5f3-4a76-bcb3-f064e81b9aa6", + "created": "2023-07-28T12:14:36.266588Z", + "modified": "2023-07-28T12:14:36.266588Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='audit-pvv.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.266588Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b7e26b6e-2538-45f1-80a6-2289dd389517", + "created": "2023-07-28T12:14:36.266806Z", + "modified": "2023-07-28T12:14:36.266806Z", + "relationship_type": "indicates", + "source_ref": "indicator--f6681095-d5f3-4a76-bcb3-f064e81b9aa6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ad779300-ce3b-4192-b246-f3504fd29674", + "created": "2023-07-28T12:14:36.266878Z", + "modified": "2023-07-28T12:14:36.266878Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nemshi-news.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.266878Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b1faaced-4874-4b2d-9d60-3f3c9f5bcc5f", + "created": "2023-07-28T12:14:36.267098Z", + "modified": "2023-07-28T12:14:36.267098Z", + "relationship_type": "indicates", + "source_ref": "indicator--ad779300-ce3b-4192-b246-f3504fd29674", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--761c71da-5256-41e9-8a2c-9e7ca5702e12", + "created": "2023-07-28T12:14:36.267169Z", + "modified": "2023-07-28T12:14:36.267169Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='simetricode.uk']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.267169Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--966ff38a-85b5-410f-a4bd-c45649cf5b82", + "created": "2023-07-28T12:14:36.267392Z", + "modified": "2023-07-28T12:14:36.267392Z", + "relationship_type": "indicates", + "source_ref": "indicator--761c71da-5256-41e9-8a2c-9e7ca5702e12", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1e2513ae-93af-4866-afd1-5d8bd298c543", + "created": "2023-07-28T12:14:36.267465Z", + "modified": "2023-07-28T12:14:36.267465Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cut.red']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.267465Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f3a12dae-6067-4935-8b8b-b0bb972460cb", + "created": "2023-07-28T12:14:36.267682Z", + "modified": "2023-07-28T12:14:36.267682Z", + "relationship_type": "indicates", + "source_ref": "indicator--1e2513ae-93af-4866-afd1-5d8bd298c543", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ee44ac98-078a-45d0-b56e-dba6a0f40071", + "created": "2023-07-28T12:14:36.267753Z", + "modified": "2023-07-28T12:14:36.267753Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yo.utube.to']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.267753Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ded685bf-20c0-4406-b04f-1789df6ee7a0", + "created": "2023-07-28T12:14:36.268035Z", + "modified": "2023-07-28T12:14:36.268035Z", + "relationship_type": "indicates", + "source_ref": "indicator--ee44ac98-078a-45d0-b56e-dba6a0f40071", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3f11f2ed-d17b-4336-9ae7-71dedfade4b6", + "created": "2023-07-28T12:14:36.268107Z", + "modified": "2023-07-28T12:14:36.268107Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wtc1111.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.268107Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f08e39ec-14f1-4a8f-9a71-2b3402ec74d3", + "created": "2023-07-28T12:14:36.268326Z", + "modified": "2023-07-28T12:14:36.268326Z", + "relationship_type": "indicates", + "source_ref": "indicator--3f11f2ed-d17b-4336-9ae7-71dedfade4b6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d079b19b-f257-4e10-ba66-cc5cba47093b", + "created": "2023-07-28T12:14:36.268398Z", + "modified": "2023-07-28T12:14:36.268398Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='amazing.lab']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.268398Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a8173383-fd42-4bf3-9538-5fff7542170e", + "created": "2023-07-28T12:14:36.268618Z", + "modified": "2023-07-28T12:14:36.268618Z", + "relationship_type": "indicates", + "source_ref": "indicator--d079b19b-f257-4e10-ba66-cc5cba47093b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4a55bdff-ff76-40c4-b77b-da9cca5b509e", + "created": "2023-07-28T12:14:36.268689Z", + "modified": "2023-07-28T12:14:36.268689Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='trecvf.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.268689Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dee19b3f-8bf5-4078-87d9-9781915bc425", + "created": "2023-07-28T12:14:36.268908Z", + "modified": "2023-07-28T12:14:36.268908Z", + "relationship_type": "indicates", + "source_ref": "indicator--4a55bdff-ff76-40c4-b77b-da9cca5b509e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5c80c371-8877-4189-be3b-9b12fad53871", + "created": "2023-07-28T12:14:36.268979Z", + "modified": "2023-07-28T12:14:36.268979Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bity.ws']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.268979Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--501226f7-0c8d-4f6f-96e2-fa36c1d5a7ff", + "created": "2023-07-28T12:14:36.269196Z", + "modified": "2023-07-28T12:14:36.269196Z", + "relationship_type": "indicates", + "source_ref": "indicator--5c80c371-8877-4189-be3b-9b12fad53871", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--813f61c0-2caf-46b4-9ba9-5cbfae60a6e8", + "created": "2023-07-28T12:14:36.269266Z", + "modified": "2023-07-28T12:14:36.269266Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sinai-new.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.269266Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d2b167cb-793e-4bdc-a795-bbe7505b2cd5", + "created": "2023-07-28T12:14:36.269487Z", + "modified": "2023-07-28T12:14:36.269487Z", + "relationship_type": "indicates", + "source_ref": "indicator--813f61c0-2caf-46b4-9ba9-5cbfae60a6e8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--37e33e62-cac0-4ee4-b57a-8f744eaf69c1", + "created": "2023-07-28T12:14:36.269558Z", + "modified": "2023-07-28T12:14:36.269558Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='adibjan.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.269558Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2c39717f-6fad-4410-9c74-7407379d67e7", + "created": "2023-07-28T12:14:36.269775Z", + "modified": "2023-07-28T12:14:36.269775Z", + "relationship_type": "indicates", + "source_ref": "indicator--37e33e62-cac0-4ee4-b57a-8f744eaf69c1", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e1cd3043-4361-46c5-ad23-0a90a2657c78", + "created": "2023-07-28T12:14:36.269846Z", + "modified": "2023-07-28T12:14:36.269846Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='distedc.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.269846Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--fce5112a-892c-4faf-9d77-315d7cc5466f", + "created": "2023-07-28T12:14:36.270094Z", + "modified": "2023-07-28T12:14:36.270094Z", + "relationship_type": "indicates", + "source_ref": "indicator--e1cd3043-4361-46c5-ad23-0a90a2657c78", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--24c61c2c-b47d-49ba-9500-6135a1fe2ae0", + "created": "2023-07-28T12:14:36.270166Z", + "modified": "2023-07-28T12:14:36.270166Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='playestore.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.270166Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9301a0d4-d371-477e-b9bd-12adaf3991d9", + "created": "2023-07-28T12:14:36.270388Z", + "modified": "2023-07-28T12:14:36.270388Z", + "relationship_type": "indicates", + "source_ref": "indicator--24c61c2c-b47d-49ba-9500-6135a1fe2ae0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0ab67551-970f-4bd1-825f-9ce473ba62e8", + "created": "2023-07-28T12:14:36.270459Z", + "modified": "2023-07-28T12:14:36.270459Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='edolio5.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.270459Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5126fde4-6539-4637-bbd2-5afbe95a246d", + "created": "2023-07-28T12:14:36.27074Z", + "modified": "2023-07-28T12:14:36.27074Z", + "relationship_type": "indicates", + "source_ref": "indicator--0ab67551-970f-4bd1-825f-9ce473ba62e8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5cbc53a6-ed1b-453b-8786-14292f02663b", + "created": "2023-07-28T12:14:36.270817Z", + "modified": "2023-07-28T12:14:36.270817Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='businesnews.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.270817Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f712ba31-897e-44c9-9b1f-855ee653eee8", + "created": "2023-07-28T12:14:36.271039Z", + "modified": "2023-07-28T12:14:36.271039Z", + "relationship_type": "indicates", + "source_ref": "indicator--5cbc53a6-ed1b-453b-8786-14292f02663b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d8bff1c5-6197-4ee4-82cf-da4fa9edd6a7", + "created": "2023-07-28T12:14:36.271117Z", + "modified": "2023-07-28T12:14:36.271117Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sportsnewz.site']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.271117Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--934612aa-6ddc-41d1-8466-328dce932cf2", + "created": "2023-07-28T12:14:36.271337Z", + "modified": "2023-07-28T12:14:36.271337Z", + "relationship_type": "indicates", + "source_ref": "indicator--d8bff1c5-6197-4ee4-82cf-da4fa9edd6a7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8e5caf51-ddda-4cf3-ae06-bf36d17f86ed", + "created": "2023-07-28T12:14:36.271411Z", + "modified": "2023-07-28T12:14:36.271411Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='actumali.org']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.271411Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9f3ca3a8-8ae5-4b06-9024-f7152c8752b8", + "created": "2023-07-28T12:14:36.271642Z", + "modified": "2023-07-28T12:14:36.271642Z", + "relationship_type": "indicates", + "source_ref": "indicator--8e5caf51-ddda-4cf3-ae06-bf36d17f86ed", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5de697dc-98fb-4cc4-ade7-b0d6ff5c56b5", + "created": "2023-07-28T12:14:36.271716Z", + "modified": "2023-07-28T12:14:36.271716Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ube.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.271716Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f23619ff-975d-4ed6-8f1f-3f21608e316c", + "created": "2023-07-28T12:14:36.271944Z", + "modified": "2023-07-28T12:14:36.271944Z", + "relationship_type": "indicates", + "source_ref": "indicator--5de697dc-98fb-4cc4-ade7-b0d6ff5c56b5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2ecda302-a86b-4433-840f-d48be7694dbe", + "created": "2023-07-28T12:14:36.272021Z", + "modified": "2023-07-28T12:14:36.272021Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='z2adigital.cloud']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.272021Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--eebbcb7c-042d-4e2e-8dca-d54d4d85fd6f", + "created": "2023-07-28T12:14:36.272242Z", + "modified": "2023-07-28T12:14:36.272242Z", + "relationship_type": "indicates", + "source_ref": "indicator--2ecda302-a86b-4433-840f-d48be7694dbe", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3bd897cb-96c4-4fee-8e6d-9429d17be3e9", + "created": "2023-07-28T12:14:36.272313Z", + "modified": "2023-07-28T12:14:36.272313Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tinylinks.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.272313Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9dc6c3e6-45fb-4edd-92a5-d7710a2b5e69", + "created": "2023-07-28T12:14:36.272532Z", + "modified": "2023-07-28T12:14:36.272532Z", + "relationship_type": "indicates", + "source_ref": "indicator--3bd897cb-96c4-4fee-8e6d-9429d17be3e9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4264cd29-0a85-4a1d-b674-8257e3869144", + "created": "2023-07-28T12:14:36.272603Z", + "modified": "2023-07-28T12:14:36.272603Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tiol.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.272603Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2ea3ffd1-0c9c-455d-9f4b-8dcfa6fe31a3", + "created": "2023-07-28T12:14:36.272817Z", + "modified": "2023-07-28T12:14:36.272817Z", + "relationship_type": "indicates", + "source_ref": "indicator--4264cd29-0a85-4a1d-b674-8257e3869144", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--992b52cd-4fbf-47fc-a2bc-fd3ea45aeae0", + "created": "2023-07-28T12:14:36.272889Z", + "modified": "2023-07-28T12:14:36.272889Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nabd.site']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.272889Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0b393afa-7a0b-41a1-abbf-1f01fadf716d", + "created": "2023-07-28T12:14:36.273108Z", + "modified": "2023-07-28T12:14:36.273108Z", + "relationship_type": "indicates", + "source_ref": "indicator--992b52cd-4fbf-47fc-a2bc-fd3ea45aeae0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7b962fd1-3427-44e2-b3b0-01f68eb760d9", + "created": "2023-07-28T12:14:36.273179Z", + "modified": "2023-07-28T12:14:36.273179Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lexpress-mg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.273179Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--446411b5-18d8-4ff9-a00c-b03a02ed0911", + "created": "2023-07-28T12:14:36.27341Z", + "modified": "2023-07-28T12:14:36.27341Z", + "relationship_type": "indicates", + "source_ref": "indicator--7b962fd1-3427-44e2-b3b0-01f68eb760d9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cbcdbf9b-587b-496b-982e-5b40f2c4a95b", + "created": "2023-07-28T12:14:36.273488Z", + "modified": "2023-07-28T12:14:36.273488Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nabde.app']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.273488Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8fd5f029-773e-4297-99cd-f13603f80257", + "created": "2023-07-28T12:14:36.273773Z", + "modified": "2023-07-28T12:14:36.273773Z", + "relationship_type": "indicates", + "source_ref": "indicator--cbcdbf9b-587b-496b-982e-5b40f2c4a95b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2ee07470-f675-48ef-bd34-4e592d5c2bdd", + "created": "2023-07-28T12:14:36.273845Z", + "modified": "2023-07-28T12:14:36.273845Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shortxyz.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.273845Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c055f62d-b5de-425b-a5f4-9fd445e7c325", + "created": "2023-07-28T12:14:36.274064Z", + "modified": "2023-07-28T12:14:36.274064Z", + "relationship_type": "indicates", + "source_ref": "indicator--2ee07470-f675-48ef-bd34-4e592d5c2bdd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--efb71e07-4bd1-48be-827b-cc1f7e7e9c4d", + "created": "2023-07-28T12:14:36.274135Z", + "modified": "2023-07-28T12:14:36.274135Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='jquery-updater.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.274135Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9f8150dd-1c5d-4e0d-b243-ec5ad8bd21e1", + "created": "2023-07-28T12:14:36.274385Z", + "modified": "2023-07-28T12:14:36.274385Z", + "relationship_type": "indicates", + "source_ref": "indicator--efb71e07-4bd1-48be-827b-cc1f7e7e9c4d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7dd3b693-0207-4505-91ee-319684253a8b", + "created": "2023-07-28T12:14:36.274457Z", + "modified": "2023-07-28T12:14:36.274457Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='elpais.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.274457Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1a378b0c-56f3-4283-87d4-6da9d101631e", + "created": "2023-07-28T12:14:36.274674Z", + "modified": "2023-07-28T12:14:36.274674Z", + "relationship_type": "indicates", + "source_ref": "indicator--7dd3b693-0207-4505-91ee-319684253a8b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7fe4cb54-30f2-43d0-93ee-314420772a2d", + "created": "2023-07-28T12:14:36.274746Z", + "modified": "2023-07-28T12:14:36.274746Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='timestampsync.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.274746Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cf7c1003-41ed-4c0e-8d43-e1fb82ec0194", + "created": "2023-07-28T12:14:36.274968Z", + "modified": "2023-07-28T12:14:36.274968Z", + "relationship_type": "indicates", + "source_ref": "indicator--7fe4cb54-30f2-43d0-93ee-314420772a2d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fb0a9843-2066-4b5d-a261-4b93bdff10f5", + "created": "2023-07-28T12:14:36.275039Z", + "modified": "2023-07-28T12:14:36.275039Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='updates4you.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.275039Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f6072849-0cd6-4da7-ae51-b4c7f6c44371", + "created": "2023-07-28T12:14:36.275263Z", + "modified": "2023-07-28T12:14:36.275263Z", + "relationship_type": "indicates", + "source_ref": "indicator--fb0a9843-2066-4b5d-a261-4b93bdff10f5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--da0369cc-4698-44de-9649-c089368078b5", + "created": "2023-07-28T12:14:36.275336Z", + "modified": "2023-07-28T12:14:36.275336Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mycoffeeshop.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.275336Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d2b8049c-1672-4ea7-82a7-1e19d370c4a9", + "created": "2023-07-28T12:14:36.27556Z", + "modified": "2023-07-28T12:14:36.27556Z", + "relationship_type": "indicates", + "source_ref": "indicator--da0369cc-4698-44de-9649-c089368078b5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--843ab6c5-59c2-443f-a357-d250c69fc92a", + "created": "2023-07-28T12:14:36.275635Z", + "modified": "2023-07-28T12:14:36.275635Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ps1link.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.275635Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1efc0240-0cdb-4aab-91a0-02e8478e0ad8", + "created": "2023-07-28T12:14:36.275856Z", + "modified": "2023-07-28T12:14:36.275856Z", + "relationship_type": "indicates", + "source_ref": "indicator--843ab6c5-59c2-443f-a357-d250c69fc92a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3a2759fb-529a-4d43-9a84-24da7e95561d", + "created": "2023-07-28T12:14:36.275927Z", + "modified": "2023-07-28T12:14:36.275927Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='instagam.in']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.275927Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1b25fe23-8334-4535-bb05-fd0b1a259302", + "created": "2023-07-28T12:14:36.27615Z", + "modified": "2023-07-28T12:14:36.27615Z", + "relationship_type": "indicates", + "source_ref": "indicator--3a2759fb-529a-4d43-9a84-24da7e95561d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7c6d0d20-0542-48a7-a635-77bdbf3cf4bf", + "created": "2023-07-28T12:14:36.27622Z", + "modified": "2023-07-28T12:14:36.27622Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='leanwithme.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.27622Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--44e58cc6-8be2-4fb5-af94-3960624ce673", + "created": "2023-07-28T12:14:36.276501Z", + "modified": "2023-07-28T12:14:36.276501Z", + "relationship_type": "indicates", + "source_ref": "indicator--7c6d0d20-0542-48a7-a635-77bdbf3cf4bf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9d23729d-3479-4de7-8c12-bbec47426a0c", + "created": "2023-07-28T12:14:36.276574Z", + "modified": "2023-07-28T12:14:36.276574Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='newzeto.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.276574Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6ad6a9ff-fe7e-406b-ae7b-7bb702cf98f6", + "created": "2023-07-28T12:14:36.276794Z", + "modified": "2023-07-28T12:14:36.276794Z", + "relationship_type": "indicates", + "source_ref": "indicator--9d23729d-3479-4de7-8c12-bbec47426a0c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6a2cd7dc-dcaa-4062-9be8-9ebd027c342a", + "created": "2023-07-28T12:14:36.276868Z", + "modified": "2023-07-28T12:14:36.276868Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='heaven.army']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.276868Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9145f302-2f49-4c05-b71a-75100a05033c", + "created": "2023-07-28T12:14:36.277099Z", + "modified": "2023-07-28T12:14:36.277099Z", + "relationship_type": "indicates", + "source_ref": "indicator--6a2cd7dc-dcaa-4062-9be8-9ebd027c342a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--af93a686-f19f-4fa4-bddc-f587b9e2ef94", + "created": "2023-07-28T12:14:36.277175Z", + "modified": "2023-07-28T12:14:36.277175Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='redirecting.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.277175Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e854657a-88df-407e-992a-413f900cb0e2", + "created": "2023-07-28T12:14:36.277401Z", + "modified": "2023-07-28T12:14:36.277401Z", + "relationship_type": "indicates", + "source_ref": "indicator--af93a686-f19f-4fa4-bddc-f587b9e2ef94", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--53c8054e-e0e5-4c1b-aca9-6c5d6a2438fb", + "created": "2023-07-28T12:14:36.277472Z", + "modified": "2023-07-28T12:14:36.277472Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='celebrnewz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.277472Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--45a6ef1d-8236-427e-b22c-9793988015dc", + "created": "2023-07-28T12:14:36.277696Z", + "modified": "2023-07-28T12:14:36.277696Z", + "relationship_type": "indicates", + "source_ref": "indicator--53c8054e-e0e5-4c1b-aca9-6c5d6a2438fb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3832952d-b7e5-411f-b45b-ca43d4a115e8", + "created": "2023-07-28T12:14:36.277767Z", + "modified": "2023-07-28T12:14:36.277767Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='adultpcz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.277767Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bb4829e9-6f8b-4ea9-bec7-2db0fc1a290f", + "created": "2023-07-28T12:14:36.277988Z", + "modified": "2023-07-28T12:14:36.277988Z", + "relationship_type": "indicates", + "source_ref": "indicator--3832952d-b7e5-411f-b45b-ca43d4a115e8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--848c1df8-b994-41fa-8e90-46619bcfa9e7", + "created": "2023-07-28T12:14:36.278059Z", + "modified": "2023-07-28T12:14:36.278059Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='enikos.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.278059Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--73800606-0fc7-4b24-918c-63aaaeda66ac", + "created": "2023-07-28T12:14:36.278279Z", + "modified": "2023-07-28T12:14:36.278279Z", + "relationship_type": "indicates", + "source_ref": "indicator--848c1df8-b994-41fa-8e90-46619bcfa9e7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d5ef6fcd-f4d4-4b58-830b-ebc1f641115b", + "created": "2023-07-28T12:14:36.27835Z", + "modified": "2023-07-28T12:14:36.27835Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='viva.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.27835Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6e5f1630-d26b-442d-a007-3c5b24a10e20", + "created": "2023-07-28T12:14:36.278573Z", + "modified": "2023-07-28T12:14:36.278573Z", + "relationship_type": "indicates", + "source_ref": "indicator--d5ef6fcd-f4d4-4b58-830b-ebc1f641115b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ca8a241-1952-4401-b12a-cf1a8e43e684", + "created": "2023-07-28T12:14:36.278647Z", + "modified": "2023-07-28T12:14:36.278647Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hempower.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.278647Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7393fceb-f666-4c09-8bb1-bf518f6d8acc", + "created": "2023-07-28T12:14:36.278871Z", + "modified": "2023-07-28T12:14:36.278871Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ca8a241-1952-4401-b12a-cf1a8e43e684", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6dfc665b-076d-4575-b308-6e3687737626", + "created": "2023-07-28T12:14:36.278942Z", + "modified": "2023-07-28T12:14:36.278942Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wavekli.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.278942Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--31a7aed8-a7da-478c-8f5c-8038cd48aa49", + "created": "2023-07-28T12:14:36.279161Z", + "modified": "2023-07-28T12:14:36.279161Z", + "relationship_type": "indicates", + "source_ref": "indicator--6dfc665b-076d-4575-b308-6e3687737626", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--960a11f8-16ba-46ef-b19c-040f0459daae", + "created": "2023-07-28T12:14:36.279237Z", + "modified": "2023-07-28T12:14:36.279237Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='safelyredirecting.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.279237Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d10eb6e5-513d-4365-8477-80fd424aa23b", + "created": "2023-07-28T12:14:36.279521Z", + "modified": "2023-07-28T12:14:36.279521Z", + "relationship_type": "indicates", + "source_ref": "indicator--960a11f8-16ba-46ef-b19c-040f0459daae", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--887c6428-4575-4b09-aacd-df637eaa4d83", + "created": "2023-07-28T12:14:36.279597Z", + "modified": "2023-07-28T12:14:36.279597Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tinyurl.cloud']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.279597Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6fc664d0-04d7-4f17-9966-e614745bd6a4", + "created": "2023-07-28T12:14:36.279817Z", + "modified": "2023-07-28T12:14:36.279817Z", + "relationship_type": "indicates", + "source_ref": "indicator--887c6428-4575-4b09-aacd-df637eaa4d83", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ca629e7-8f70-4136-baac-7875c8481561", + "created": "2023-07-28T12:14:36.279888Z", + "modified": "2023-07-28T12:14:36.279888Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='altsantiri.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.279888Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--67f48dba-92d9-401f-8d19-53edbf59ed66", + "created": "2023-07-28T12:14:36.280109Z", + "modified": "2023-07-28T12:14:36.280109Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ca629e7-8f70-4136-baac-7875c8481561", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--84f2c64b-1d21-4b20-8204-cd6ed7b135b1", + "created": "2023-07-28T12:14:36.280179Z", + "modified": "2023-07-28T12:14:36.280179Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='uservicesforyou.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.280179Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5d2f7272-f081-48a8-9fc1-0a97f6a87834", + "created": "2023-07-28T12:14:36.280403Z", + "modified": "2023-07-28T12:14:36.280403Z", + "relationship_type": "indicates", + "source_ref": "indicator--84f2c64b-1d21-4b20-8204-cd6ed7b135b1", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--783ff0e4-7093-41cc-b292-9fd7e8e9bf85", + "created": "2023-07-28T12:14:36.280476Z", + "modified": "2023-07-28T12:14:36.280476Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='advertsservices.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.280476Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d164de2d-b0d6-4721-b117-d9081f3e60a9", + "created": "2023-07-28T12:14:36.280708Z", + "modified": "2023-07-28T12:14:36.280708Z", + "relationship_type": "indicates", + "source_ref": "indicator--783ff0e4-7093-41cc-b292-9fd7e8e9bf85", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--29a920d8-ee3a-46f5-907f-f94d0aadfdbf", + "created": "2023-07-28T12:14:36.280785Z", + "modified": "2023-07-28T12:14:36.280785Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ikea-egypt.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.280785Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7f534f1b-7efa-4066-a1d9-bbace50d1f98", + "created": "2023-07-28T12:14:36.281017Z", + "modified": "2023-07-28T12:14:36.281017Z", + "relationship_type": "indicates", + "source_ref": "indicator--29a920d8-ee3a-46f5-907f-f94d0aadfdbf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c7954d65-66a8-4ee6-984d-225c54499d7c", + "created": "2023-07-28T12:14:36.281091Z", + "modified": "2023-07-28T12:14:36.281091Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='olxeg.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.281091Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5e6c6d58-92c7-41d6-8d09-fa7054974040", + "created": "2023-07-28T12:14:36.281323Z", + "modified": "2023-07-28T12:14:36.281323Z", + "relationship_type": "indicates", + "source_ref": "indicator--c7954d65-66a8-4ee6-984d-225c54499d7c", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e8b1b726-d2bc-4b13-85e3-54442b14c0b7", + "created": "2023-07-28T12:14:36.281397Z", + "modified": "2023-07-28T12:14:36.281397Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ferrari.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.281397Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2eb2eb4e-9be8-4be7-b8b5-1aa7c922c2a9", + "created": "2023-07-28T12:14:36.281624Z", + "modified": "2023-07-28T12:14:36.281624Z", + "relationship_type": "indicates", + "source_ref": "indicator--e8b1b726-d2bc-4b13-85e3-54442b14c0b7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c08d60e8-766d-4434-9e1e-aeea2d14d061", + "created": "2023-07-28T12:14:36.281698Z", + "modified": "2023-07-28T12:14:36.281698Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hellottec.art']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.281698Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--91d39116-96f5-4111-940c-7b07470b568c", + "created": "2023-07-28T12:14:36.281931Z", + "modified": "2023-07-28T12:14:36.281931Z", + "relationship_type": "indicates", + "source_ref": "indicator--c08d60e8-766d-4434-9e1e-aeea2d14d061", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--79c87cb7-8598-4663-9631-17f045349503", + "created": "2023-07-28T12:14:36.282007Z", + "modified": "2023-07-28T12:14:36.282007Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='insider.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.282007Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a042b750-b0fb-4a88-b567-91b82c8d5d70", + "created": "2023-07-28T12:14:36.282353Z", + "modified": "2023-07-28T12:14:36.282353Z", + "relationship_type": "indicates", + "source_ref": "indicator--79c87cb7-8598-4663-9631-17f045349503", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--be9e3dbc-bfc6-4597-a18f-1c0d7775deb5", + "created": "2023-07-28T12:14:36.282468Z", + "modified": "2023-07-28T12:14:36.282468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='stonisi.news']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.282468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--72f7dd80-8565-4aa9-88d5-86cfeba6248e", + "created": "2023-07-28T12:14:36.282732Z", + "modified": "2023-07-28T12:14:36.282732Z", + "relationship_type": "indicates", + "source_ref": "indicator--be9e3dbc-bfc6-4597-a18f-1c0d7775deb5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9140c738-63bc-4974-a3b6-19899b8f2b66", + "created": "2023-07-28T12:14:36.282811Z", + "modified": "2023-07-28T12:14:36.282811Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tribune-mg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.282811Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3161215b-f3e8-444c-b8fc-5f6771c0a7a5", + "created": "2023-07-28T12:14:36.283044Z", + "modified": "2023-07-28T12:14:36.283044Z", + "relationship_type": "indicates", + "source_ref": "indicator--9140c738-63bc-4974-a3b6-19899b8f2b66", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--922d20d9-55d4-43d3-9190-bead49b4e33d", + "created": "2023-07-28T12:14:36.28312Z", + "modified": "2023-07-28T12:14:36.28312Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='qwert.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.28312Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ebecd6ac-d6a8-4408-920b-526ea17e45db", + "created": "2023-07-28T12:14:36.283351Z", + "modified": "2023-07-28T12:14:36.283351Z", + "relationship_type": "indicates", + "source_ref": "indicator--922d20d9-55d4-43d3-9190-bead49b4e33d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--97e44704-dd09-458a-869f-e4e6607d7c1d", + "created": "2023-07-28T12:14:36.283425Z", + "modified": "2023-07-28T12:14:36.283425Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dragonair.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.283425Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e578f168-0d9d-49bb-9c0e-b24610e430a2", + "created": "2023-07-28T12:14:36.28365Z", + "modified": "2023-07-28T12:14:36.28365Z", + "relationship_type": "indicates", + "source_ref": "indicator--97e44704-dd09-458a-869f-e4e6607d7c1d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ceca60ed-8876-4091-97a8-53cc9b4aaf18", + "created": "2023-07-28T12:14:36.283722Z", + "modified": "2023-07-28T12:14:36.283722Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='url-promo.club']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.283722Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4adbd0c2-1731-4e8b-8b1f-d32c961477e0", + "created": "2023-07-28T12:14:36.283953Z", + "modified": "2023-07-28T12:14:36.283953Z", + "relationship_type": "indicates", + "source_ref": "indicator--ceca60ed-8876-4091-97a8-53cc9b4aaf18", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--38671e60-59ec-4c48-b815-104ea1df9695", + "created": "2023-07-28T12:14:36.284027Z", + "modified": "2023-07-28T12:14:36.284027Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lamborghini-s.shop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.284027Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b3fd52ba-8862-461f-bdbf-766c4586fd46", + "created": "2023-07-28T12:14:36.284254Z", + "modified": "2023-07-28T12:14:36.284254Z", + "relationship_type": "indicates", + "source_ref": "indicator--38671e60-59ec-4c48-b815-104ea1df9695", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--07102c66-5b94-4cc3-82cb-65c8416a4dd7", + "created": "2023-07-28T12:14:36.284326Z", + "modified": "2023-07-28T12:14:36.284326Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tovima.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.284326Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--01ebd637-0be8-4f5a-a09c-50b0f33a39d1", + "created": "2023-07-28T12:14:36.284549Z", + "modified": "2023-07-28T12:14:36.284549Z", + "relationship_type": "indicates", + "source_ref": "indicator--07102c66-5b94-4cc3-82cb-65c8416a4dd7", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--401fe310-5c1e-4704-84c6-61e6f26bb82a", + "created": "2023-07-28T12:14:36.284621Z", + "modified": "2023-07-28T12:14:36.284621Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='weathersite.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.284621Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b3defba7-1b9a-49ef-9a68-eb85ee6c8e88", + "created": "2023-07-28T12:14:36.284845Z", + "modified": "2023-07-28T12:14:36.284845Z", + "relationship_type": "indicates", + "source_ref": "indicator--401fe310-5c1e-4704-84c6-61e6f26bb82a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--353fb1b0-4307-4faf-a24c-8d983e906770", + "created": "2023-07-28T12:14:36.284917Z", + "modified": "2023-07-28T12:14:36.284917Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='newzgroup.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.284917Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--671abcd7-6e4a-486e-9f90-18d8ae4e5521", + "created": "2023-07-28T12:14:36.285136Z", + "modified": "2023-07-28T12:14:36.285136Z", + "relationship_type": "indicates", + "source_ref": "indicator--353fb1b0-4307-4faf-a24c-8d983e906770", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--65bcb2af-6234-4559-b102-4527f7b82219", + "created": "2023-07-28T12:14:36.285213Z", + "modified": "2023-07-28T12:14:36.285213Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vodafoneegypt.tech']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.285213Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0180c992-fbe3-455d-9e79-681a82539138", + "created": "2023-07-28T12:14:36.285507Z", + "modified": "2023-07-28T12:14:36.285507Z", + "relationship_type": "indicates", + "source_ref": "indicator--65bcb2af-6234-4559-b102-4527f7b82219", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6fbb321a-2aaf-49be-a3b5-325cf5521874", + "created": "2023-07-28T12:14:36.28558Z", + "modified": "2023-07-28T12:14:36.28558Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='contents-domain.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.28558Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--17dd4ed4-b5e8-4ece-9ed9-85cc1056238a", + "created": "2023-07-28T12:14:36.285803Z", + "modified": "2023-07-28T12:14:36.285803Z", + "relationship_type": "indicates", + "source_ref": "indicator--6fbb321a-2aaf-49be-a3b5-325cf5521874", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b8166f5f-d71e-413f-85c8-cd8e374b70c6", + "created": "2023-07-28T12:14:36.285878Z", + "modified": "2023-07-28T12:14:36.285878Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mifcbook.link']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.285878Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2462cb63-b9bb-4748-b458-9c15188f1f06", + "created": "2023-07-28T12:14:36.286099Z", + "modified": "2023-07-28T12:14:36.286099Z", + "relationship_type": "indicates", + "source_ref": "indicator--b8166f5f-d71e-413f-85c8-cd8e374b70c6", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--186e3645-0de5-48ec-9724-8c4255691b25", + "created": "2023-07-28T12:14:36.28617Z", + "modified": "2023-07-28T12:14:36.28617Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2y4nothing.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.28617Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a020f4d9-5776-4228-97a9-4aed0345cfaa", + "created": "2023-07-28T12:14:36.286426Z", + "modified": "2023-07-28T12:14:36.286426Z", + "relationship_type": "indicates", + "source_ref": "indicator--186e3645-0de5-48ec-9724-8c4255691b25", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--81350325-351f-4779-aa6a-6e789d3b86a8", + "created": "2023-07-28T12:14:36.286499Z", + "modified": "2023-07-28T12:14:36.286499Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='politique-koaci.info']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.286499Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--db31bd2b-f67b-47b1-b306-0ac4cd5dd038", + "created": "2023-07-28T12:14:36.286727Z", + "modified": "2023-07-28T12:14:36.286727Z", + "relationship_type": "indicates", + "source_ref": "indicator--81350325-351f-4779-aa6a-6e789d3b86a8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f57de312-b3a5-4e7d-a9d4-f5e123f78946", + "created": "2023-07-28T12:14:36.2868Z", + "modified": "2023-07-28T12:14:36.2868Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='orangegypt.co']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.2868Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--eac28249-421f-445c-acea-68086a44a69b", + "created": "2023-07-28T12:14:36.287021Z", + "modified": "2023-07-28T12:14:36.287021Z", + "relationship_type": "indicates", + "source_ref": "indicator--f57de312-b3a5-4e7d-a9d4-f5e123f78946", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ffae3e03-ebf2-4f6e-9e8e-7d6c8d9e1e12", + "created": "2023-07-28T12:14:36.287093Z", + "modified": "2023-07-28T12:14:36.287093Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='syncservices.one']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.287093Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d449ee44-5283-4f04-8375-4e9de3f45d3c", + "created": "2023-07-28T12:14:36.28732Z", + "modified": "2023-07-28T12:14:36.28732Z", + "relationship_type": "indicates", + "source_ref": "indicator--ffae3e03-ebf2-4f6e-9e8e-7d6c8d9e1e12", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4eb8128e-05e3-4822-a354-a37756b44ceb", + "created": "2023-07-28T12:14:36.287391Z", + "modified": "2023-07-28T12:14:36.287391Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='eagerfox.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.287391Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8079d7db-da47-4a6e-bdf3-a15e52b737c6", + "created": "2023-07-28T12:14:36.287625Z", + "modified": "2023-07-28T12:14:36.287625Z", + "relationship_type": "indicates", + "source_ref": "indicator--4eb8128e-05e3-4822-a354-a37756b44ceb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1186f68a-5091-4386-82d1-4a0b633b48c2", + "created": "2023-07-28T12:14:36.287699Z", + "modified": "2023-07-28T12:14:36.287699Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kohaicorp.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.287699Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3267fb39-6ced-4a06-802e-28b8d21d84a2", + "created": "2023-07-28T12:14:36.28793Z", + "modified": "2023-07-28T12:14:36.28793Z", + "relationship_type": "indicates", + "source_ref": "indicator--1186f68a-5091-4386-82d1-4a0b633b48c2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--74da948e-c007-410a-b149-f010da3ab546", + "created": "2023-07-28T12:14:36.288003Z", + "modified": "2023-07-28T12:14:36.288003Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fastdownload.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.288003Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1dd3a734-2402-46b5-a9c4-07664cd5e166", + "created": "2023-07-28T12:14:36.288462Z", + "modified": "2023-07-28T12:14:36.288462Z", + "relationship_type": "indicates", + "source_ref": "indicator--74da948e-c007-410a-b149-f010da3ab546", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c1ccb601-c949-479f-b88c-a26fb493c756", + "created": "2023-07-28T12:14:36.288538Z", + "modified": "2023-07-28T12:14:36.288538Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtube.voto']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.288538Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--425e66ee-c1e6-431d-9a65-e9684abee374", + "created": "2023-07-28T12:14:36.288762Z", + "modified": "2023-07-28T12:14:36.288762Z", + "relationship_type": "indicates", + "source_ref": "indicator--c1ccb601-c949-479f-b88c-a26fb493c756", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8981cf4d-2fa7-4799-a3bc-b2b1b1579baf", + "created": "2023-07-28T12:14:36.288834Z", + "modified": "2023-07-28T12:14:36.288834Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='z2digital.cloud']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.288834Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e0e130fa-a72f-4732-b12c-1633c9f075da", + "created": "2023-07-28T12:14:36.289057Z", + "modified": "2023-07-28T12:14:36.289057Z", + "relationship_type": "indicates", + "source_ref": "indicator--8981cf4d-2fa7-4799-a3bc-b2b1b1579baf", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1a43f5f7-e2c0-4cb5-94b7-6a660ef53238", + "created": "2023-07-28T12:14:36.289129Z", + "modified": "2023-07-28T12:14:36.289129Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='danas.bid']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.289129Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f875080f-3954-4f32-8c01-b806d10746bd", + "created": "2023-07-28T12:14:36.289352Z", + "modified": "2023-07-28T12:14:36.289352Z", + "relationship_type": "indicates", + "source_ref": "indicator--1a43f5f7-e2c0-4cb5-94b7-6a660ef53238", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8442d774-14a4-4ca7-b394-133727c0c673", + "created": "2023-07-28T12:14:36.289426Z", + "modified": "2023-07-28T12:14:36.289426Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kinder.engine.ninja']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.289426Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1774dd9e-347b-463d-a9e0-abe92e3cd3c7", + "created": "2023-07-28T12:14:36.289651Z", + "modified": "2023-07-28T12:14:36.289651Z", + "relationship_type": "indicates", + "source_ref": "indicator--8442d774-14a4-4ca7-b394-133727c0c673", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2915ded0-1d0f-4de4-8f98-a2a2c691485f", + "created": "2023-07-28T12:14:36.289723Z", + "modified": "2023-07-28T12:14:36.289723Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='affise.app']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.289723Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--17211b8b-4e5a-4b0b-a8ae-4698d4aebfed", + "created": "2023-07-28T12:14:36.289941Z", + "modified": "2023-07-28T12:14:36.289941Z", + "relationship_type": "indicates", + "source_ref": "indicator--2915ded0-1d0f-4de4-8f98-a2a2c691485f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2893dcf3-6c11-4c4c-92e9-7e59cb71b493", + "created": "2023-07-28T12:14:36.290012Z", + "modified": "2023-07-28T12:14:36.290012Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ancienthistory.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.290012Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3f6ac45e-0c18-49d5-8271-b4d916246503", + "created": "2023-07-28T12:14:36.290237Z", + "modified": "2023-07-28T12:14:36.290237Z", + "relationship_type": "indicates", + "source_ref": "indicator--2893dcf3-6c11-4c4c-92e9-7e59cb71b493", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--44eb314d-48b2-4c96-a9a9-c17d24caa2a4", + "created": "2023-07-28T12:14:36.290311Z", + "modified": "2023-07-28T12:14:36.290311Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='getupdatesnow.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.290311Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c37b6d85-282e-4a1a-9e97-7400a02cd5a2", + "created": "2023-07-28T12:14:36.290534Z", + "modified": "2023-07-28T12:14:36.290534Z", + "relationship_type": "indicates", + "source_ref": "indicator--44eb314d-48b2-4c96-a9a9-c17d24caa2a4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--abf03d80-198c-4aa8-b39a-69c3933802d8", + "created": "2023-07-28T12:14:36.29061Z", + "modified": "2023-07-28T12:14:36.29061Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='redeitt.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.29061Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--34ac66be-7153-4732-a886-d170e036b801", + "created": "2023-07-28T12:14:36.290831Z", + "modified": "2023-07-28T12:14:36.290831Z", + "relationship_type": "indicates", + "source_ref": "indicator--abf03d80-198c-4aa8-b39a-69c3933802d8", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dd19c922-6749-4688-9c22-4a869725288b", + "created": "2023-07-28T12:14:36.290903Z", + "modified": "2023-07-28T12:14:36.290903Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sephoragroup.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.290903Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--809c46f0-42f6-4700-9e86-06afb2c093cd", + "created": "2023-07-28T12:14:36.291127Z", + "modified": "2023-07-28T12:14:36.291127Z", + "relationship_type": "indicates", + "source_ref": "indicator--dd19c922-6749-4688-9c22-4a869725288b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--22b7053c-2786-490e-87ac-32a1a2748edc", + "created": "2023-07-28T12:14:36.291199Z", + "modified": "2023-07-28T12:14:36.291199Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='atheere.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.291199Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7c9d14aa-504d-45e5-856f-dc4f9e6e2923", + "created": "2023-07-28T12:14:36.291483Z", + "modified": "2023-07-28T12:14:36.291483Z", + "relationship_type": "indicates", + "source_ref": "indicator--22b7053c-2786-490e-87ac-32a1a2748edc", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0eef3a99-0f73-4690-8abb-8115738c58db", + "created": "2023-07-28T12:14:36.291558Z", + "modified": "2023-07-28T12:14:36.291558Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='updateservice.center']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.291558Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0644b919-bf6b-4fd0-860e-67549e63840b", + "created": "2023-07-28T12:14:36.291783Z", + "modified": "2023-07-28T12:14:36.291783Z", + "relationship_type": "indicates", + "source_ref": "indicator--0eef3a99-0f73-4690-8abb-8115738c58db", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ed41067c-9d72-4d5b-b3e0-8b60acd5d247", + "created": "2023-07-28T12:14:36.291862Z", + "modified": "2023-07-28T12:14:36.291862Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='charmander.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.291862Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7f0b7c89-7610-481e-8629-2b0e88f33a82", + "created": "2023-07-28T12:14:36.292087Z", + "modified": "2023-07-28T12:14:36.292087Z", + "relationship_type": "indicates", + "source_ref": "indicator--ed41067c-9d72-4d5b-b3e0-8b60acd5d247", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8c1f80bf-9bf2-4c9b-a6b3-94465b54a1fb", + "created": "2023-07-28T12:14:36.292159Z", + "modified": "2023-07-28T12:14:36.292159Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ckforward.one']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.292159Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9314aca5-2bd5-4d04-9973-ec14aac525e3", + "created": "2023-07-28T12:14:36.292386Z", + "modified": "2023-07-28T12:14:36.292386Z", + "relationship_type": "indicates", + "source_ref": "indicator--8c1f80bf-9bf2-4c9b-a6b3-94465b54a1fb", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dc1f858e-894a-442c-bbd7-ebbae872d20a", + "created": "2023-07-28T12:14:36.292458Z", + "modified": "2023-07-28T12:14:36.292458Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='teslali.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.292458Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--097cc910-b6ec-4ee1-8d26-d7a419f5e874", + "created": "2023-07-28T12:14:36.292684Z", + "modified": "2023-07-28T12:14:36.292684Z", + "relationship_type": "indicates", + "source_ref": "indicator--dc1f858e-894a-442c-bbd7-ebbae872d20a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f8a85f57-1892-4db2-ac42-9bb6c45c81c3", + "created": "2023-07-28T12:14:36.292755Z", + "modified": "2023-07-28T12:14:36.292755Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='getsignalapps.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.292755Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--935101c5-7c71-4074-ae57-9e132fbded85", + "created": "2023-07-28T12:14:36.292987Z", + "modified": "2023-07-28T12:14:36.292987Z", + "relationship_type": "indicates", + "source_ref": "indicator--f8a85f57-1892-4db2-ac42-9bb6c45c81c3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e659b3fa-32b2-4e79-869d-4b68ed1226a1", + "created": "2023-07-28T12:14:36.293064Z", + "modified": "2023-07-28T12:14:36.293064Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='symoty.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.293064Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d2a9db3d-44a0-4890-9c92-bbcd69f2e11a", + "created": "2023-07-28T12:14:36.293296Z", + "modified": "2023-07-28T12:14:36.293296Z", + "relationship_type": "indicates", + "source_ref": "indicator--e659b3fa-32b2-4e79-869d-4b68ed1226a1", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--68ad8085-2f43-4f99-88a0-bb293a3c6164", + "created": "2023-07-28T12:14:36.293371Z", + "modified": "2023-07-28T12:14:36.293371Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='api-telecommunication.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.293371Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a80117f7-5ff8-416b-b97c-a15ca1d1a6be", + "created": "2023-07-28T12:14:36.293603Z", + "modified": "2023-07-28T12:14:36.293603Z", + "relationship_type": "indicates", + "source_ref": "indicator--68ad8085-2f43-4f99-88a0-bb293a3c6164", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a6f4174b-7882-4ffd-87d8-7a48f35a2618", + "created": "2023-07-28T12:14:36.293678Z", + "modified": "2023-07-28T12:14:36.293678Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtube.gr.live']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.293678Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da068b1e-836c-4d30-ad20-420d74caff45", + "created": "2023-07-28T12:14:36.293903Z", + "modified": "2023-07-28T12:14:36.293903Z", + "relationship_type": "indicates", + "source_ref": "indicator--a6f4174b-7882-4ffd-87d8-7a48f35a2618", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2b77659b-5e84-4346-b596-23de5b505628", + "created": "2023-07-28T12:14:36.293975Z", + "modified": "2023-07-28T12:14:36.293975Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='landingpg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.293975Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--06498df6-8d7c-409c-9bfe-d7c34cf45093", + "created": "2023-07-28T12:14:36.294265Z", + "modified": "2023-07-28T12:14:36.294265Z", + "relationship_type": "indicates", + "source_ref": "indicator--2b77659b-5e84-4346-b596-23de5b505628", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3252f6cb-aa16-42f3-b430-b70db721b59b", + "created": "2023-07-28T12:14:36.294339Z", + "modified": "2023-07-28T12:14:36.294339Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bmw.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.294339Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--29eab1d9-3ee7-4611-a4fa-3f2fed314d32", + "created": "2023-07-28T12:14:36.294564Z", + "modified": "2023-07-28T12:14:36.294564Z", + "relationship_type": "indicates", + "source_ref": "indicator--3252f6cb-aa16-42f3-b430-b70db721b59b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4a0b6dea-5735-4d3a-88c8-abdcc931d0e5", + "created": "2023-07-28T12:14:36.294636Z", + "modified": "2023-07-28T12:14:36.294636Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pdfviewer.app']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.294636Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--41be0a60-f0d0-4f19-a248-d5a13e691c16", + "created": "2023-07-28T12:14:36.29487Z", + "modified": "2023-07-28T12:14:36.29487Z", + "relationship_type": "indicates", + "source_ref": "indicator--4a0b6dea-5735-4d3a-88c8-abdcc931d0e5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--334541c1-edd8-49a9-8737-4e32391bf50a", + "created": "2023-07-28T12:14:36.294945Z", + "modified": "2023-07-28T12:14:36.294945Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='llinkedin.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.294945Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5fdda9e5-e086-4b45-a2f9-e8c8db2aa330", + "created": "2023-07-28T12:14:36.295174Z", + "modified": "2023-07-28T12:14:36.295174Z", + "relationship_type": "indicates", + "source_ref": "indicator--334541c1-edd8-49a9-8737-4e32391bf50a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--10bed662-34b1-488c-b689-b56d5bac73e4", + "created": "2023-07-28T12:14:36.295246Z", + "modified": "2023-07-28T12:14:36.295246Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ewish.cards']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.295246Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e77fd84f-f6ef-4719-9d90-18398fdd0802", + "created": "2023-07-28T12:14:36.295468Z", + "modified": "2023-07-28T12:14:36.295468Z", + "relationship_type": "indicates", + "source_ref": "indicator--10bed662-34b1-488c-b689-b56d5bac73e4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--57de7826-2b77-4b66-9592-205828bdb8f2", + "created": "2023-07-28T12:14:36.29554Z", + "modified": "2023-07-28T12:14:36.29554Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='flash.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.29554Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6c5c42e0-de5d-46c0-a871-89a983fbea91", + "created": "2023-07-28T12:14:36.295762Z", + "modified": "2023-07-28T12:14:36.295762Z", + "relationship_type": "indicates", + "source_ref": "indicator--57de7826-2b77-4b66-9592-205828bdb8f2", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--60daa438-e401-4320-ab94-96e9e34f6fe4", + "created": "2023-07-28T12:14:36.295834Z", + "modified": "2023-07-28T12:14:36.295834Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='inews.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.295834Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0046dc9e-5498-45e7-88dd-a40c6ab2f411", + "created": "2023-07-28T12:14:36.296054Z", + "modified": "2023-07-28T12:14:36.296054Z", + "relationship_type": "indicates", + "source_ref": "indicator--60daa438-e401-4320-ab94-96e9e34f6fe4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c092c43c-9a06-45b5-8d0d-c4bcd458f397", + "created": "2023-07-28T12:14:36.296127Z", + "modified": "2023-07-28T12:14:36.296127Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='weathernewz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.296127Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7f6377d1-da9a-40d6-9f54-91256650ac2b", + "created": "2023-07-28T12:14:36.296347Z", + "modified": "2023-07-28T12:14:36.296347Z", + "relationship_type": "indicates", + "source_ref": "indicator--c092c43c-9a06-45b5-8d0d-c4bcd458f397", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e883b2a6-ea14-47ce-ad54-70b76d5aa2c3", + "created": "2023-07-28T12:14:36.296419Z", + "modified": "2023-07-28T12:14:36.296419Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fireup.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.296419Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4add1fc5-0920-4e53-95e5-980298b76324", + "created": "2023-07-28T12:14:36.296641Z", + "modified": "2023-07-28T12:14:36.296641Z", + "relationship_type": "indicates", + "source_ref": "indicator--e883b2a6-ea14-47ce-ad54-70b76d5aa2c3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dff1fd08-c0c3-44ec-a315-97248c04cd29", + "created": "2023-07-28T12:14:36.296712Z", + "modified": "2023-07-28T12:14:36.296712Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='speedygonzales.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.296712Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bab1bbbd-701a-4833-a3cc-0cd08e439b78", + "created": "2023-07-28T12:14:36.296936Z", + "modified": "2023-07-28T12:14:36.296936Z", + "relationship_type": "indicates", + "source_ref": "indicator--dff1fd08-c0c3-44ec-a315-97248c04cd29", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c73cd934-e60a-40fe-85bc-6f64d2fafaee", + "created": "2023-07-28T12:14:36.297007Z", + "modified": "2023-07-28T12:14:36.297007Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='omeega.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.297007Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--efb79fd2-9e36-42f2-a415-bb023c9979bd", + "created": "2023-07-28T12:14:36.297298Z", + "modified": "2023-07-28T12:14:36.297298Z", + "relationship_type": "indicates", + "source_ref": "indicator--c73cd934-e60a-40fe-85bc-6f64d2fafaee", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e0ed7a2d-6d30-4eec-8b27-9ccacf673d71", + "created": "2023-07-28T12:14:36.297375Z", + "modified": "2023-07-28T12:14:36.297375Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bi.tly.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.297375Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e7b7f03d-9877-4c91-a5d8-cf961805a7cf", + "created": "2023-07-28T12:14:36.297597Z", + "modified": "2023-07-28T12:14:36.297597Z", + "relationship_type": "indicates", + "source_ref": "indicator--e0ed7a2d-6d30-4eec-8b27-9ccacf673d71", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--56744573-1090-4f08-8a38-ceeb77af40f0", + "created": "2023-07-28T12:14:36.297669Z", + "modified": "2023-07-28T12:14:36.297669Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pronews.gr.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.297669Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e0c7c57e-e162-4492-8540-126e12b9fdbb", + "created": "2023-07-28T12:14:36.29789Z", + "modified": "2023-07-28T12:14:36.29789Z", + "relationship_type": "indicates", + "source_ref": "indicator--56744573-1090-4f08-8a38-ceeb77af40f0", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3be6f6df-37d5-4340-88a5-3333b331264e", + "created": "2023-07-28T12:14:36.297962Z", + "modified": "2023-07-28T12:14:36.297962Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mobnetlink2.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.297962Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5e81e493-4b95-42ee-bb15-08ae1c98d024", + "created": "2023-07-28T12:14:36.298184Z", + "modified": "2023-07-28T12:14:36.298184Z", + "relationship_type": "indicates", + "source_ref": "indicator--3be6f6df-37d5-4340-88a5-3333b331264e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8c783721-62b0-4d6a-b036-c73f6fe27f40", + "created": "2023-07-28T12:14:36.298265Z", + "modified": "2023-07-28T12:14:36.298265Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='download4you.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.298265Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--92b73028-b7d0-4f6f-9afb-41f9691df369", + "created": "2023-07-28T12:14:36.298501Z", + "modified": "2023-07-28T12:14:36.298501Z", + "relationship_type": "indicates", + "source_ref": "indicator--8c783721-62b0-4d6a-b036-c73f6fe27f40", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--160cd582-7743-40fa-ba77-5293bca30068", + "created": "2023-07-28T12:14:36.298579Z", + "modified": "2023-07-28T12:14:36.298579Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='link-m.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.298579Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0b9898bb-c347-46d1-b58e-64f6c82f29ca", + "created": "2023-07-28T12:14:36.2988Z", + "modified": "2023-07-28T12:14:36.2988Z", + "relationship_type": "indicates", + "source_ref": "indicator--160cd582-7743-40fa-ba77-5293bca30068", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0d238017-1cca-4b87-81f6-9335b493bd7a", + "created": "2023-07-28T12:14:36.298871Z", + "modified": "2023-07-28T12:14:36.298871Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='prmopromo.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.298871Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b62a6470-e8a7-42d8-b0e3-8fd4f543448b", + "created": "2023-07-28T12:14:36.299097Z", + "modified": "2023-07-28T12:14:36.299097Z", + "relationship_type": "indicates", + "source_ref": "indicator--0d238017-1cca-4b87-81f6-9335b493bd7a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7229dcc5-0177-46ae-b8e0-02d5fc02a3e5", + "created": "2023-07-28T12:14:36.299169Z", + "modified": "2023-07-28T12:14:36.299169Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='networkenterprise.net']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.299169Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da31b08a-6bba-4ab4-96f9-c753160bd945", + "created": "2023-07-28T12:14:36.299395Z", + "modified": "2023-07-28T12:14:36.299395Z", + "relationship_type": "indicates", + "source_ref": "indicator--7229dcc5-0177-46ae-b8e0-02d5fc02a3e5", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fbb40a13-08fc-4067-b6b8-1caa247b3bd4", + "created": "2023-07-28T12:14:36.299466Z", + "modified": "2023-07-28T12:14:36.299466Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='livingwithbadkidny.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.299466Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4dc04ec6-f158-4204-bcb9-b226517a8c2d", + "created": "2023-07-28T12:14:36.299691Z", + "modified": "2023-07-28T12:14:36.299691Z", + "relationship_type": "indicates", + "source_ref": "indicator--fbb40a13-08fc-4067-b6b8-1caa247b3bd4", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dcb83c0e-e6d7-47e1-b42f-d6dff3e46225", + "created": "2023-07-28T12:14:36.299762Z", + "modified": "2023-07-28T12:14:36.299762Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vodafonegypt.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.299762Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f1591687-35d3-47c4-aa75-8f5c9246c621", + "created": "2023-07-28T12:14:36.300052Z", + "modified": "2023-07-28T12:14:36.300052Z", + "relationship_type": "indicates", + "source_ref": "indicator--dcb83c0e-e6d7-47e1-b42f-d6dff3e46225", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d54dcb10-e9b8-432d-8653-929af95e91f1", + "created": "2023-07-28T12:14:36.300126Z", + "modified": "2023-07-28T12:14:36.300126Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='niceonase.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.300126Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5fed14cc-5c38-409a-9b80-1f997ad2c56f", + "created": "2023-07-28T12:14:36.300348Z", + "modified": "2023-07-28T12:14:36.300348Z", + "relationship_type": "indicates", + "source_ref": "indicator--d54dcb10-e9b8-432d-8653-929af95e91f1", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--87f1c326-74ee-491e-9af5-674169b69df3", + "created": "2023-07-28T12:14:36.30042Z", + "modified": "2023-07-28T12:14:36.30042Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='otaupdatesios.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.30042Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4e615740-19fb-4923-9414-e817b07742d8", + "created": "2023-07-28T12:14:36.300643Z", + "modified": "2023-07-28T12:14:36.300643Z", + "relationship_type": "indicates", + "source_ref": "indicator--87f1c326-74ee-491e-9af5-674169b69df3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9528f0ba-b18e-4f60-8096-3ae538a1ebce", + "created": "2023-07-28T12:14:36.300714Z", + "modified": "2023-07-28T12:14:36.300714Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cloudtimesync.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.300714Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--28a8ebcb-03c3-4582-991b-fc77e200b750", + "created": "2023-07-28T12:14:36.300937Z", + "modified": "2023-07-28T12:14:36.300937Z", + "relationship_type": "indicates", + "source_ref": "indicator--9528f0ba-b18e-4f60-8096-3ae538a1ebce", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9b49fbb4-f33d-46ab-bdb3-13e774191a0e", + "created": "2023-07-28T12:14:36.30101Z", + "modified": "2023-07-28T12:14:36.30101Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='iibt.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.30101Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--05c3a665-b12c-4289-baaf-a73a28cdc8cf", + "created": "2023-07-28T12:14:36.301233Z", + "modified": "2023-07-28T12:14:36.301233Z", + "relationship_type": "indicates", + "source_ref": "indicator--9b49fbb4-f33d-46ab-bdb3-13e774191a0e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ffce8ce-5744-4ede-aad4-6a8dafa21c14", + "created": "2023-07-28T12:14:36.301304Z", + "modified": "2023-07-28T12:14:36.301304Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sniper.pet']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.301304Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--83441a26-6504-4b45-91c9-abb4bb9fe72f", + "created": "2023-07-28T12:14:36.301524Z", + "modified": "2023-07-28T12:14:36.301524Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ffce8ce-5744-4ede-aad4-6a8dafa21c14", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dc74a547-9433-44f7-98e6-7b8cd6daba4d", + "created": "2023-07-28T12:14:36.301596Z", + "modified": "2023-07-28T12:14:36.301596Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='youtubesyncapi.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.301596Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--774e7beb-8bcd-4873-915b-b4923e484410", + "created": "2023-07-28T12:14:36.301824Z", + "modified": "2023-07-28T12:14:36.301824Z", + "relationship_type": "indicates", + "source_ref": "indicator--dc74a547-9433-44f7-98e6-7b8cd6daba4d", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8e55a362-75e7-484f-8df4-b910b5a1b18b", + "created": "2023-07-28T12:14:36.301895Z", + "modified": "2023-07-28T12:14:36.301895Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='webaffise.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.301895Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--73a1897e-b713-498b-8689-57d7f0d9084c", + "created": "2023-07-28T12:14:36.302117Z", + "modified": "2023-07-28T12:14:36.302117Z", + "relationship_type": "indicates", + "source_ref": "indicator--8e55a362-75e7-484f-8df4-b910b5a1b18b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1ae6acbd-50d4-4135-b017-10cdf36f416f", + "created": "2023-07-28T12:14:36.302189Z", + "modified": "2023-07-28T12:14:36.302189Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bityl.me']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.302189Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--33a8069c-99c3-4c0d-9414-677f75a818ae", + "created": "2023-07-28T12:14:36.302413Z", + "modified": "2023-07-28T12:14:36.302413Z", + "relationship_type": "indicates", + "source_ref": "indicator--1ae6acbd-50d4-4135-b017-10cdf36f416f", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2054600e-365f-46d8-af16-e8add17240b9", + "created": "2023-07-28T12:14:36.302487Z", + "modified": "2023-07-28T12:14:36.302487Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='chatwithme.store']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.302487Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f83eff4d-0221-4002-b8dc-d782f21aff18", + "created": "2023-07-28T12:14:36.302708Z", + "modified": "2023-07-28T12:14:36.302708Z", + "relationship_type": "indicates", + "source_ref": "indicator--2054600e-365f-46d8-af16-e8add17240b9", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--81e22af2-c4c7-450c-b5ce-78fa40527d6b", + "created": "2023-07-28T12:14:36.302784Z", + "modified": "2023-07-28T12:14:36.302784Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/data/local/tmp/wd/fs.db']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.302784Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7e257853-ff3a-41c3-9ff7-6da57eb5a960", + "created": "2023-07-28T12:14:36.303349Z", + "modified": "2023-07-28T12:14:36.303349Z", + "relationship_type": "indicates", + "source_ref": "indicator--81e22af2-c4c7-450c-b5ce-78fa40527d6b", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d93f9227-87d2-4bea-98a6-084c093e40d3", + "created": "2023-07-28T12:14:36.303426Z", + "modified": "2023-07-28T12:14:36.303426Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/takePhoto']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.303426Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2c6963f4-cd8b-4f64-9641-d86ff66f12e2", + "created": "2023-07-28T12:14:36.303691Z", + "modified": "2023-07-28T12:14:36.303691Z", + "relationship_type": "indicates", + "source_ref": "indicator--d93f9227-87d2-4bea-98a6-084c093e40d3", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f3a6160f-bc38-4ada-bd79-1d7165c5ae0e", + "created": "2023-07-28T12:14:36.303769Z", + "modified": "2023-07-28T12:14:36.303769Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/com.apple.WebKit.Networking']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.303769Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ba39f895-a642-4563-82f8-4d2b230c08bb", + "created": "2023-07-28T12:14:36.304074Z", + "modified": "2023-07-28T12:14:36.304074Z", + "relationship_type": "indicates", + "source_ref": "indicator--f3a6160f-bc38-4ada-bd79-1d7165c5ae0e", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cbe618dc-0e1a-42c2-8a3c-53b419a608bd", + "created": "2023-07-28T12:14:36.304148Z", + "modified": "2023-07-28T12:14:36.304148Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/hooker']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.304148Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2ca2efec-6b38-466d-9fb0-c3b8c258223d", + "created": "2023-07-28T12:14:36.304372Z", + "modified": "2023-07-28T12:14:36.304372Z", + "relationship_type": "indicates", + "source_ref": "indicator--cbe618dc-0e1a-42c2-8a3c-53b419a608bd", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d56aff56-813f-4a71-921a-cb7bddd42e68", + "created": "2023-07-28T12:14:36.304445Z", + "modified": "2023-07-28T12:14:36.304445Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/data/local/tmp/wd/']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.304445Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--55aff5a0-725b-4461-9784-14df402817bf", + "created": "2023-07-28T12:14:36.304666Z", + "modified": "2023-07-28T12:14:36.304666Z", + "relationship_type": "indicates", + "source_ref": "indicator--d56aff56-813f-4a71-921a-cb7bddd42e68", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e64157f5-8660-4898-8c4c-b7bce1ce18fe", + "created": "2023-07-28T12:14:36.30474Z", + "modified": "2023-07-28T12:14:36.30474Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/UserEventAgent']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.30474Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--96ed1926-15d9-47cf-86d9-bcbef35b7e31", + "created": "2023-07-28T12:14:36.305043Z", + "modified": "2023-07-28T12:14:36.305043Z", + "relationship_type": "indicates", + "source_ref": "indicator--e64157f5-8660-4898-8c4c-b7bce1ce18fe", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fc0e1183-a59d-4ea3-bc76-b44b7bc3ee6a", + "created": "2023-07-28T12:14:36.305119Z", + "modified": "2023-07-28T12:14:36.305119Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[configuration-profile:id='76DAB334-7E17-475D-A5D6-0794EB5818A5']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2023-07-28T12:14:36.305119Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--14d5faab-d76c-4293-9e92-6f4da18466f2", + "created": "2023-07-28T12:14:36.305667Z", + "modified": "2023-07-28T12:14:36.305667Z", + "relationship_type": "indicates", + "source_ref": "indicator--fc0e1183-a59d-4ea3-bc76-b44b7bc3ee6a", + "target_ref": "malware--d33c9e88-4727-4645-bdb5-fe90f4b1102b" + } + ] +} \ No newline at end of file diff --git a/tests/common/test_indicators.py b/tests/common/test_indicators.py index fc186ccba..7f386dec5 100644 --- a/tests/common/test_indicators.py +++ b/tests/common/test_indicators.py @@ -7,26 +7,86 @@ import os from mvt.common.indicators import Indicators +from ..utils import get_artifact_folder class TestIndicators: def test_parse_stix2(self, indicator_file): ind = Indicators(log=logging) ind.load_indicators_files([indicator_file], load_default=False) - assert ind.ioc_collections[0]["count"] == 5 + assert len(ind.ioc_collections) == 1 + assert ind.ioc_collections[0]["count"] == 8 assert len(ind.ioc_collections[0]["domains"]) == 1 assert len(ind.ioc_collections[0]["emails"]) == 1 assert len(ind.ioc_collections[0]["file_names"]) == 1 assert len(ind.ioc_collections[0]["processes"]) == 1 assert len(ind.ioc_collections[0]["android_property_names"]) == 1 + assert len(ind.ioc_collections[0]["files_sha256"]) == 1 + assert len(ind.ioc_collections[0]["files_sha1"]) == 1 + assert len(ind.ioc_collections[0]["urls"]) == 1 - def test_check_domain(self, indicator_file): + def test_parse_stix2_amnesty(self): + """ + STIX2 file from + https://github.com/AmnestyTech/investigations/blob/master/2021-12-16_cytrox/cytrox.stix2 + """ + ind = Indicators(log=logging) + file = os.path.join(get_artifact_folder(), "stix2", "cytrox.stix2") + ind.load_indicators_files([file], load_default=False) + assert len(ind.ioc_collections) == 1 + assert ind.ioc_collections[0]["count"] == 343 + assert len(ind.ioc_collections[0]["domains"]) == 336 + assert len(ind.ioc_collections[0]["emails"]) == 0 + assert len(ind.ioc_collections[0]["file_names"]) == 0 + assert len(ind.ioc_collections[0]["file_paths"]) == 6 + assert len(ind.ioc_collections[0]["ios_profile_ids"]) == 1 + assert len(ind.ioc_collections[0]["processes"]) == 0 + assert len(ind.ioc_collections[0]["android_property_names"]) == 0 + assert len(ind.ioc_collections[0]["urls"]) == 0 + + def test_parse_stix2_otx(self): + """ + STIX2 file from OTX Pulse + https://otx.alienvault.com/pulse/638cd3ee5e5f019f84f9e0ea + """ + ind = Indicators(log=logging) + file = os.path.join( + get_artifact_folder(), "stix2", "638cd3ee5e5f019f84f9e0ea.json" + ) + ind.load_indicators_files([file], load_default=False) + assert len(ind.ioc_collections) == 1 + assert ind.ioc_collections[0]["count"] == 69 + assert len(ind.ioc_collections[0]["domains"]) == 15 + assert len(ind.ioc_collections[0]["emails"]) == 0 + assert len(ind.ioc_collections[0]["file_names"]) == 0 + assert len(ind.ioc_collections[0]["processes"]) == 0 + assert len(ind.ioc_collections[0]["android_property_names"]) == 0 + assert len(ind.ioc_collections[0]["urls"]) == 54 + + def test_check_url(self, indicator_file): + ind = Indicators(log=logging) + ind.load_indicators_files([indicator_file], load_default=False) + assert ind.check_url(42) is None + assert ind.check_url("http://example.com/thisisbad") + assert ind.check_url("http://example.com/thisisgood") is None + assert ind.check_url("https://www.example.org/foobar") + assert ind.check_url("http://example.org:8080/toto") + assert ind.check_url("https://github.com") is None + assert ind.check_url("https://example.com/") is None + + def test_check_file_hash(self, indicator_file): ind = Indicators(log=logging) ind.load_indicators_files([indicator_file], load_default=False) - assert ind.check_domain(42) is None - assert ind.check_domain("https://www.example.org/foobar") - assert ind.check_domain("http://example.org:8080/toto") - assert ind.check_domain("https://github.com") is None + assert ( + ind.check_file_hash( + "003764fd74bf13cff9bf1ddd870cbf593b23e2b584ba4465114023870ea6fbef" + ) + is None + ) + assert ind.check_file_hash( + "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6" + ) + assert ind.check_file_hash("da0611a300a9ce9aa7a09d1212f203fca5856794") def test_check_android_property(self, indicator_file): ind = Indicators(log=logging) @@ -38,4 +98,4 @@ def test_env_stix(self, indicator_file): os.environ["MVT_STIX2"] = indicator_file ind = Indicators(log=logging) ind.load_indicators_files([], load_default=False) - assert ind.total_ioc_count == 5 + assert ind.total_ioc_count == 8 From 14c71a8b6128a30dfa2fa67a63286b755b4e8496 Mon Sep 17 00:00:00 2001 From: tek Date: Fri, 23 Aug 2024 16:03:09 +0200 Subject: [PATCH 2/2] Adds documentation on STIX2 support in MVT --- docs/iocs.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/iocs.md b/docs/iocs.md index 6a2ed4a71..5bdb8a609 100644 --- a/docs/iocs.md +++ b/docs/iocs.md @@ -34,6 +34,13 @@ It is also possible to load STIX2 files automatically from the environment varia export MVT_STIX2="/home/user/IOC1.stix2:/home/user/IOC2.stix2" ``` +## STIX2 Support + +So far MVT implements only a subset of [STIX2 specifications](https://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html): + +* It only supports checks for one value (such as `[domain-name:value='DOMAIN']`) and not boolean expressions over multiple comparisons +* It only supports the following types: `domain-name:value`, `process:name`, `email-addr:value`, `file:name`, `file:path`, `file:hashes.md5`, `file:hashes.sha1`, `file:hashes.sha256`, `app:id`, `configuration-profile:id`, `android-property:name`, `url:value` (but each type will only be checked by a module if it is relevant to the type of data obtained) + ## Known repositories of STIX2 IOCs - The [Amnesty International investigations repository](https://github.com/AmnestyTech/investigations) contains STIX-formatted IOCs for: @@ -46,3 +53,6 @@ export MVT_STIX2="/home/user/IOC1.stix2:/home/user/IOC2.stix2" You can automaticallly download the latest public indicator files with the command `mvt-ios download-iocs` or `mvt-android download-iocs`. These commands download the list of indicators from the [mvt-indicators](https://github.com/mvt-project/mvt-indicators/blob/main/indicators.yaml) repository and store them in the [appdir](https://pypi.org/project/appdirs/) folder. They are then loaded automatically by MVT. Please [open an issue](https://github.com/mvt-project/mvt/issues/) to suggest new sources of STIX-formatted IOCs. + + +