diff --git a/2026-03-03_coruna_cryptowaters/README.md b/2026-03-03_coruna_cryptowaters/README.md new file mode 100644 index 0000000..dd4affb --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/README.md @@ -0,0 +1,19 @@ +# Coruna / CryptoWaters Indicators of Compromise + +This repository contains network and device indicators of compromise (IoCs) related to the Coruna exploit kit, PLASMAGRID implant, and the CryptoWaters campaign targeting iOS devices and cryptocurrency wallet applications. These indicators were compiled from multiple reports including: + +* [Campaigns exploiting Signal, Line, and Google Chrome to target devices in multiple countries](https://blog.google/threat-analysis-group/campaigns-exploiting-signal-line-and-google-chrome/) by Google Threat Analysis Group (TAG) +* [CryptoWaters: iVerify Discovers New iOS Threat Targeting Crypto Wallets](https://iverify.io/blog/cryptowaters) by iVerify + +The campaign has been attributed to two clusters tracked by Google TAG as UNC6353 and UNC6691. The Coruna exploit kit delivers a post-exploitation implant known as PLASMAGRID, which targets cryptocurrency wallet applications on iOS devices. + +The STIX2 file can be used with the [Mobile Verification Toolkit](https://github.com/mvt-project/mvt) to look for potential signs of compromise on iPhones. + +It includes the following files: + +* `coruna.stix2`: [STIX2](https://oasis-open.github.io/cti-documentation/stix/intro.html) file containing all indicators +* `domains.txt`: list of PLASMAGRID C2 domains and Coruna exploit kit delivery domains +* `sha256.txt`: SHA-256 hashes of the PLASMAGRID implant and its cryptocurrency wallet targeting modules +* `file_paths.txt`: iOS filesystem paths for implant artifacts +* `file_names.txt`: filenames associated with implant artifacts on iOS +* `generate_stix.py`: script to regenerate the STIX2 file from the text indicator files diff --git a/2026-03-03_coruna_cryptowaters/coruna.stix2 b/2026-03-03_coruna_cryptowaters/coruna.stix2 new file mode 100644 index 0000000..d7a8c2b --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/coruna.stix2 @@ -0,0 +1,5200 @@ +{ + "type": "bundle", + "id": "bundle--c72af34f-2e69-47e4-8291-a6743a267e02", + "objects": [ + { + "type": "malware", + "spec_version": "2.1", + "id": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b", + "created": "2026-03-15T13:01:20.334921Z", + "modified": "2026-03-15T13:01:20.334921Z", + "name": "Coruna", + "description": "IOCs for the Coruna exploit kit, PLASMAGRID implant, and CryptoWaters campaign targeting iOS devices and cryptocurrency wallet apps. Attributed to UNC6353 and UNC6691.", + "is_family": false + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f48f3070-7f02-428c-b69c-001038896001", + "created": "2026-03-15T13:01:20.335242Z", + "modified": "2026-03-15T13:01:20.335242Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='abw3wzr59io82se.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.335242Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e9b91c81-a6f6-400c-9257-09250fd7d6d6", + "created": "2026-03-15T13:01:20.341071Z", + "modified": "2026-03-15T13:01:20.341071Z", + "relationship_type": "indicates", + "source_ref": "indicator--f48f3070-7f02-428c-b69c-001038896001", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dfe503cc-20d7-4679-a21a-2b4fede531f3", + "created": "2026-03-15T13:01:20.341935Z", + "modified": "2026-03-15T13:01:20.341935Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='7fun.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.341935Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ba7b2508-7acb-4aa5-a82e-94151427cda6", + "created": "2026-03-15T13:01:20.342774Z", + "modified": "2026-03-15T13:01:20.342774Z", + "relationship_type": "indicates", + "source_ref": "indicator--dfe503cc-20d7-4679-a21a-2b4fede531f3", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6cde61ea-22e7-4aa4-8479-6995a18b39fd", + "created": "2026-03-15T13:01:20.342997Z", + "modified": "2026-03-15T13:01:20.342997Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='goanalytics.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.342997Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c35b0e2c-5283-4464-934c-cac2e7656ab7", + "created": "2026-03-15T13:01:20.343621Z", + "modified": "2026-03-15T13:01:20.343621Z", + "relationship_type": "indicates", + "source_ref": "indicator--6cde61ea-22e7-4aa4-8479-6995a18b39fd", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--955740fc-c89d-43d3-a83e-4534608cb5d7", + "created": "2026-03-15T13:01:20.343877Z", + "modified": "2026-03-15T13:01:20.343877Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pflfkewv5g23mag.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.343877Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--497eb4be-ec8f-4c76-9867-1a7bd637a392", + "created": "2026-03-15T13:01:20.3446Z", + "modified": "2026-03-15T13:01:20.3446Z", + "relationship_type": "indicates", + "source_ref": "indicator--955740fc-c89d-43d3-a83e-4534608cb5d7", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5b4d72ea-5226-4937-833c-5d7e15e97a94", + "created": "2026-03-15T13:01:20.344819Z", + "modified": "2026-03-15T13:01:20.344819Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='5dr9adwy7i4ndkx.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.344819Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4a89f382-2506-49c6-bd50-ffccd9a89e20", + "created": "2026-03-15T13:01:20.345504Z", + "modified": "2026-03-15T13:01:20.345504Z", + "relationship_type": "indicates", + "source_ref": "indicator--5b4d72ea-5226-4937-833c-5d7e15e97a94", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6c18fddf-c4a3-4f25-9c11-54e2ccb5274c", + "created": "2026-03-15T13:01:20.345698Z", + "modified": "2026-03-15T13:01:20.345698Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='0zhlpgnh9op23uu.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.345698Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f0b7dda2-c2f3-425a-a239-c52defebab20", + "created": "2026-03-15T13:01:20.346225Z", + "modified": "2026-03-15T13:01:20.346225Z", + "relationship_type": "indicates", + "source_ref": "indicator--6c18fddf-c4a3-4f25-9c11-54e2ccb5274c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a121e179-d76a-4aff-9c95-25804d661a75", + "created": "2026-03-15T13:01:20.346431Z", + "modified": "2026-03-15T13:01:20.346431Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tubeluck.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.346431Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d0c5970c-a888-4f30-b334-9e1fc699f974", + "created": "2026-03-15T13:01:20.346925Z", + "modified": "2026-03-15T13:01:20.346925Z", + "relationship_type": "indicates", + "source_ref": "indicator--a121e179-d76a-4aff-9c95-25804d661a75", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a11001ed-944e-43bf-a3d9-35941850377d", + "created": "2026-03-15T13:01:20.347106Z", + "modified": "2026-03-15T13:01:20.347106Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fxrhcnfwxes90q.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.347106Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b126de79-dd66-4dad-8d34-b3f7386e1111", + "created": "2026-03-15T13:01:20.347674Z", + "modified": "2026-03-15T13:01:20.347674Z", + "relationship_type": "indicates", + "source_ref": "indicator--a11001ed-944e-43bf-a3d9-35941850377d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bc109224-45c3-4e69-83bc-7ceb13e95fde", + "created": "2026-03-15T13:01:20.34786Z", + "modified": "2026-03-15T13:01:20.34786Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xc824fji4wkhib2.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.34786Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a21fe05f-602f-44d3-aa88-b293e67417cd", + "created": "2026-03-15T13:01:20.348358Z", + "modified": "2026-03-15T13:01:20.348358Z", + "relationship_type": "indicates", + "source_ref": "indicator--bc109224-45c3-4e69-83bc-7ceb13e95fde", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5d837f99-8530-4082-9e21-87b76b99647f", + "created": "2026-03-15T13:01:20.348577Z", + "modified": "2026-03-15T13:01:20.348577Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='668ddf.cc']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.348577Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4de2a6dc-34af-4913-bdea-bb1a324ca528", + "created": "2026-03-15T13:01:20.349283Z", + "modified": "2026-03-15T13:01:20.349283Z", + "relationship_type": "indicates", + "source_ref": "indicator--5d837f99-8530-4082-9e21-87b76b99647f", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b5009441-2797-4e29-ac9f-f571f45e7862", + "created": "2026-03-15T13:01:20.3495Z", + "modified": "2026-03-15T13:01:20.3495Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='3urschyiqwb7y7o.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.3495Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3f2aa881-3eb6-4a5f-8f56-363649898b13", + "created": "2026-03-15T13:01:20.350Z", + "modified": "2026-03-15T13:01:20.350Z", + "relationship_type": "indicates", + "source_ref": "indicator--b5009441-2797-4e29-ac9f-f571f45e7862", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c223ef44-1a37-4672-bfda-8e7c931291ff", + "created": "2026-03-15T13:01:20.350175Z", + "modified": "2026-03-15T13:01:20.350175Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='1idhfxkoylkt49i.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.350175Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2d05d1a6-d91e-4354-9431-48f2e161339e", + "created": "2026-03-15T13:01:20.350662Z", + "modified": "2026-03-15T13:01:20.350662Z", + "relationship_type": "indicates", + "source_ref": "indicator--c223ef44-1a37-4672-bfda-8e7c931291ff", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a14b8bdf-22e4-49bb-8d1e-43fdba3f8eb6", + "created": "2026-03-15T13:01:20.350874Z", + "modified": "2026-03-15T13:01:20.350874Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2hcsb7l539mxxc7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.350874Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a2824e1e-4a8b-49bf-a550-0419176d932c", + "created": "2026-03-15T13:01:20.351627Z", + "modified": "2026-03-15T13:01:20.351627Z", + "relationship_type": "indicates", + "source_ref": "indicator--a14b8bdf-22e4-49bb-8d1e-43fdba3f8eb6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ae800174-0c61-4709-b8de-4e0981548cf0", + "created": "2026-03-15T13:01:20.351853Z", + "modified": "2026-03-15T13:01:20.351853Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='oljxbg4phuv51ql.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.351853Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--885500cb-e1e9-4dbf-83d3-337528234ea0", + "created": "2026-03-15T13:01:20.352541Z", + "modified": "2026-03-15T13:01:20.352541Z", + "relationship_type": "indicates", + "source_ref": "indicator--ae800174-0c61-4709-b8de-4e0981548cf0", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ea877b12-a6cc-4fbc-b6cc-aa24c80a1794", + "created": "2026-03-15T13:01:20.352747Z", + "modified": "2026-03-15T13:01:20.352747Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vizpwtdjlluhucu.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.352747Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0dff3e02-fb82-4b89-90d9-81320fe6a08f", + "created": "2026-03-15T13:01:20.353236Z", + "modified": "2026-03-15T13:01:20.353236Z", + "relationship_type": "indicates", + "source_ref": "indicator--ea877b12-a6cc-4fbc-b6cc-aa24c80a1794", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7678a530-02f4-4947-a113-ca26ad152edb", + "created": "2026-03-15T13:01:20.353447Z", + "modified": "2026-03-15T13:01:20.353447Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2d3zd2qa1i08756.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.353447Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c8569c17-fcbf-42f1-a5b8-5917b11d142b", + "created": "2026-03-15T13:01:20.353878Z", + "modified": "2026-03-15T13:01:20.353878Z", + "relationship_type": "indicates", + "source_ref": "indicator--7678a530-02f4-4947-a113-ca26ad152edb", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7065c54b-b6cd-4998-b341-0b817105a3ab", + "created": "2026-03-15T13:01:20.354064Z", + "modified": "2026-03-15T13:01:20.354064Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='y4w.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.354064Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a69766d6-c61b-4730-b8c5-40ba0d14f5cd", + "created": "2026-03-15T13:01:20.354563Z", + "modified": "2026-03-15T13:01:20.354563Z", + "relationship_type": "indicates", + "source_ref": "indicator--7065c54b-b6cd-4998-b341-0b817105a3ab", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--309ba9f9-2323-41f1-97b1-636333d2986d", + "created": "2026-03-15T13:01:20.354745Z", + "modified": "2026-03-15T13:01:20.354745Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='9hl73l96udxp8dz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.354745Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9cc358a1-5292-46e5-bede-5f8253e1da2d", + "created": "2026-03-15T13:01:20.355225Z", + "modified": "2026-03-15T13:01:20.355225Z", + "relationship_type": "indicates", + "source_ref": "indicator--309ba9f9-2323-41f1-97b1-636333d2986d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--53ff1786-7fbc-45b7-b9b2-69bd6cd45df0", + "created": "2026-03-15T13:01:20.355419Z", + "modified": "2026-03-15T13:01:20.355419Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='appstoreconn.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.355419Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7c51a433-1406-4edb-92f0-7260b209d7f3", + "created": "2026-03-15T13:01:20.355826Z", + "modified": "2026-03-15T13:01:20.355826Z", + "relationship_type": "indicates", + "source_ref": "indicator--53ff1786-7fbc-45b7-b9b2-69bd6cd45df0", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--79831a95-3679-44ed-b3c0-7d86b9251276", + "created": "2026-03-15T13:01:20.355997Z", + "modified": "2026-03-15T13:01:20.355997Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xmmfrkq9oat1daq.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.355997Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3a4ad73f-5c14-42e2-8ecc-7944faec05d5", + "created": "2026-03-15T13:01:20.356442Z", + "modified": "2026-03-15T13:01:20.356442Z", + "relationship_type": "indicates", + "source_ref": "indicator--79831a95-3679-44ed-b3c0-7d86b9251276", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0fbabdd6-2185-4381-95c4-e57f6933c063", + "created": "2026-03-15T13:01:20.356629Z", + "modified": "2026-03-15T13:01:20.356629Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='alnjjsdbsgzza7y.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.356629Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dc0ac76d-dc10-4822-9c76-f3e6647434f2", + "created": "2026-03-15T13:01:20.35707Z", + "modified": "2026-03-15T13:01:20.35707Z", + "relationship_type": "indicates", + "source_ref": "indicator--0fbabdd6-2185-4381-95c4-e57f6933c063", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--099a687d-233a-4c64-80ca-9222dbd962e5", + "created": "2026-03-15T13:01:20.357255Z", + "modified": "2026-03-15T13:01:20.357255Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ios.teegrom.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.357255Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d2cb2513-2df6-494a-80e4-3461ac5ba5cb", + "created": "2026-03-15T13:01:20.357768Z", + "modified": "2026-03-15T13:01:20.357768Z", + "relationship_type": "indicates", + "source_ref": "indicator--099a687d-233a-4c64-80ca-9222dbd962e5", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a726f96f-2183-461b-a8fb-785fcbd7a465", + "created": "2026-03-15T13:01:20.357937Z", + "modified": "2026-03-15T13:01:20.357937Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nr48mjgvgcjgklc.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.357937Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ff314f43-1c28-46d3-bd13-00a98f12e163", + "created": "2026-03-15T13:01:20.35855Z", + "modified": "2026-03-15T13:01:20.35855Z", + "relationship_type": "indicates", + "source_ref": "indicator--a726f96f-2183-461b-a8fb-785fcbd7a465", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cbf491b5-1522-4a8e-8900-eaf74e2fab98", + "created": "2026-03-15T13:01:20.35874Z", + "modified": "2026-03-15T13:01:20.35874Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2isrlfna7sc7lf8.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.35874Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1f63afb8-feeb-4d4a-8a79-6fa42da5a89a", + "created": "2026-03-15T13:01:20.359176Z", + "modified": "2026-03-15T13:01:20.359176Z", + "relationship_type": "indicates", + "source_ref": "indicator--cbf491b5-1522-4a8e-8900-eaf74e2fab98", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--16b068ce-dc89-4531-88c5-bc3dc3947ab4", + "created": "2026-03-15T13:01:20.359354Z", + "modified": "2026-03-15T13:01:20.359354Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dv51kcinorhi2aj.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.359354Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--48cf88ec-ea40-43a9-b1cc-446defff1d50", + "created": "2026-03-15T13:01:20.359831Z", + "modified": "2026-03-15T13:01:20.359831Z", + "relationship_type": "indicates", + "source_ref": "indicator--16b068ce-dc89-4531-88c5-bc3dc3947ab4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5a0ae2ea-af7e-4d3f-b15b-8a64da76e998", + "created": "2026-03-15T13:01:20.359995Z", + "modified": "2026-03-15T13:01:20.359995Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kanav.blog']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.359995Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cc7db149-fc49-482c-9b01-c041fd29d1c2", + "created": "2026-03-15T13:01:20.360495Z", + "modified": "2026-03-15T13:01:20.360495Z", + "relationship_type": "indicates", + "source_ref": "indicator--5a0ae2ea-af7e-4d3f-b15b-8a64da76e998", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--11222cd8-6ad0-4571-a41c-475141062c39", + "created": "2026-03-15T13:01:20.360669Z", + "modified": "2026-03-15T13:01:20.360669Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xlvmfod3upi2ic5.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.360669Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--70a72a3b-9f44-4349-89ed-f4701901e9d2", + "created": "2026-03-15T13:01:20.361073Z", + "modified": "2026-03-15T13:01:20.361073Z", + "relationship_type": "indicates", + "source_ref": "indicator--11222cd8-6ad0-4571-a41c-475141062c39", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--347899fc-c030-42a6-b2b0-24faf30ee6ae", + "created": "2026-03-15T13:01:20.361233Z", + "modified": "2026-03-15T13:01:20.361233Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='q25b6rps0y8qe2f.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.361233Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a5425598-a347-42c1-9fc4-aa65caa41ca4", + "created": "2026-03-15T13:01:20.361712Z", + "modified": "2026-03-15T13:01:20.361712Z", + "relationship_type": "indicates", + "source_ref": "indicator--347899fc-c030-42a6-b2b0-24faf30ee6ae", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--132b51d5-0fee-41f0-bfc6-ed277e5582e4", + "created": "2026-03-15T13:01:20.361888Z", + "modified": "2026-03-15T13:01:20.361888Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='a1ku2qvyyo09c9l.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.361888Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b9de208e-7e79-4987-a91f-5340ac79987a", + "created": "2026-03-15T13:01:20.362278Z", + "modified": "2026-03-15T13:01:20.362278Z", + "relationship_type": "indicates", + "source_ref": "indicator--132b51d5-0fee-41f0-bfc6-ed277e5582e4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e7098669-18d6-4159-ac4d-71a35f758aef", + "created": "2026-03-15T13:01:20.362468Z", + "modified": "2026-03-15T13:01:20.362468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='rlau616jc7a7f7i.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.362468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0e5fb5d3-59f8-4c1b-8958-e42dafe3545d", + "created": "2026-03-15T13:01:20.362915Z", + "modified": "2026-03-15T13:01:20.362915Z", + "relationship_type": "indicates", + "source_ref": "indicator--e7098669-18d6-4159-ac4d-71a35f758aef", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f3c6bb5b-839c-4fe1-bfd6-2cacb4f88726", + "created": "2026-03-15T13:01:20.363094Z", + "modified": "2026-03-15T13:01:20.363094Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='snrysedijwbkwin.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.363094Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--83d747d2-5d8b-4d92-9822-89c86c49a5b9", + "created": "2026-03-15T13:01:20.363568Z", + "modified": "2026-03-15T13:01:20.363568Z", + "relationship_type": "indicates", + "source_ref": "indicator--f3c6bb5b-839c-4fe1-bfd6-2cacb4f88726", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--591b2738-464a-4a73-b1bc-37ec38349713", + "created": "2026-03-15T13:01:20.363738Z", + "modified": "2026-03-15T13:01:20.363738Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fzz81wv0c5l60j6.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.363738Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--78828296-2292-42d3-b7de-bda76c04ae4c", + "created": "2026-03-15T13:01:20.364275Z", + "modified": "2026-03-15T13:01:20.364275Z", + "relationship_type": "indicates", + "source_ref": "indicator--591b2738-464a-4a73-b1bc-37ec38349713", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f82d4cb9-acae-417d-aae1-6ffa057d89ca", + "created": "2026-03-15T13:01:20.364482Z", + "modified": "2026-03-15T13:01:20.364482Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xittgveqaufogve.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.364482Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--615b1649-c508-49fb-9caa-17e9a9937a4b", + "created": "2026-03-15T13:01:20.364926Z", + "modified": "2026-03-15T13:01:20.364926Z", + "relationship_type": "indicates", + "source_ref": "indicator--f82d4cb9-acae-417d-aae1-6ffa057d89ca", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2adc0c4f-ab44-4e47-a320-943e19a24b7e", + "created": "2026-03-15T13:01:20.365087Z", + "modified": "2026-03-15T13:01:20.365087Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='868qhkirb5l2n0i.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.365087Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--12eef37f-1c4f-47f9-9b5b-ee3d4b8bd040", + "created": "2026-03-15T13:01:20.365548Z", + "modified": "2026-03-15T13:01:20.365548Z", + "relationship_type": "indicates", + "source_ref": "indicator--2adc0c4f-ab44-4e47-a320-943e19a24b7e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f65e6481-93a8-4da3-9eb1-904c0e773d79", + "created": "2026-03-15T13:01:20.365727Z", + "modified": "2026-03-15T13:01:20.365727Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='7ff.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.365727Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6a401139-302c-4c5d-aa73-a47fc886d47b", + "created": "2026-03-15T13:01:20.366119Z", + "modified": "2026-03-15T13:01:20.366119Z", + "relationship_type": "indicates", + "source_ref": "indicator--f65e6481-93a8-4da3-9eb1-904c0e773d79", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--72fa44f2-8913-454d-ba1d-aaedc6b3b9ac", + "created": "2026-03-15T13:01:20.366277Z", + "modified": "2026-03-15T13:01:20.366277Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yva538ay3mz7008.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.366277Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ebdcbb43-4777-44c5-8a5b-1aeff1c7f982", + "created": "2026-03-15T13:01:20.366711Z", + "modified": "2026-03-15T13:01:20.366711Z", + "relationship_type": "indicates", + "source_ref": "indicator--72fa44f2-8913-454d-ba1d-aaedc6b3b9ac", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--afe19186-a229-4c30-808d-ce0a5c074f9f", + "created": "2026-03-15T13:01:20.366892Z", + "modified": "2026-03-15T13:01:20.366892Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='777bingos.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.366892Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ad5efca1-9b6e-4a68-bfda-c4beb882713d", + "created": "2026-03-15T13:01:20.367284Z", + "modified": "2026-03-15T13:01:20.367284Z", + "relationship_type": "indicates", + "source_ref": "indicator--afe19186-a229-4c30-808d-ce0a5c074f9f", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7fa957aa-038f-4b2f-a1a0-0b412df8b156", + "created": "2026-03-15T13:01:20.367468Z", + "modified": "2026-03-15T13:01:20.367468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='b38w09ecdejfqsf.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.367468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e0b89baa-105b-47b8-b139-cae6818df12b", + "created": "2026-03-15T13:01:20.367925Z", + "modified": "2026-03-15T13:01:20.367925Z", + "relationship_type": "indicates", + "source_ref": "indicator--7fa957aa-038f-4b2f-a1a0-0b412df8b156", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4676b708-14f3-47d3-96ab-7badfc901b38", + "created": "2026-03-15T13:01:20.368126Z", + "modified": "2026-03-15T13:01:20.368126Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='h4k.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.368126Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0f7686e7-74e9-40b9-a04b-26f2274fc848", + "created": "2026-03-15T13:01:20.368599Z", + "modified": "2026-03-15T13:01:20.368599Z", + "relationship_type": "indicates", + "source_ref": "indicator--4676b708-14f3-47d3-96ab-7badfc901b38", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a881408a-1374-4298-bb8c-40f0245636e5", + "created": "2026-03-15T13:01:20.368799Z", + "modified": "2026-03-15T13:01:20.368799Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xfal48cf0ies7ew.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.368799Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--67f9a032-4a6c-4295-b2e8-b1291686e981", + "created": "2026-03-15T13:01:20.369235Z", + "modified": "2026-03-15T13:01:20.369235Z", + "relationship_type": "indicates", + "source_ref": "indicator--a881408a-1374-4298-bb8c-40f0245636e5", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e5574d16-33f5-4231-a9f4-543433cb8b19", + "created": "2026-03-15T13:01:20.369451Z", + "modified": "2026-03-15T13:01:20.369451Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='4u.game']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.369451Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9e1218c8-0bed-4a5f-9c44-f62941c4c9d3", + "created": "2026-03-15T13:01:20.370032Z", + "modified": "2026-03-15T13:01:20.370032Z", + "relationship_type": "indicates", + "source_ref": "indicator--e5574d16-33f5-4231-a9f4-543433cb8b19", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--01de3412-d956-44cb-83f8-33b7730a452a", + "created": "2026-03-15T13:01:20.370232Z", + "modified": "2026-03-15T13:01:20.370232Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='57asjxkgrdwkirg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.370232Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--090bc9e5-9d05-4656-8f5a-f8646a97ce75", + "created": "2026-03-15T13:01:20.370691Z", + "modified": "2026-03-15T13:01:20.370691Z", + "relationship_type": "indicates", + "source_ref": "indicator--01de3412-d956-44cb-83f8-33b7730a452a", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a893fbe0-b2bc-4380-981f-b7246d6bc97e", + "created": "2026-03-15T13:01:20.370863Z", + "modified": "2026-03-15T13:01:20.370863Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='are7nuagy9a68uf.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.370863Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--22ad8ec9-6b15-424f-a87c-9a530cfb554a", + "created": "2026-03-15T13:01:20.371268Z", + "modified": "2026-03-15T13:01:20.371268Z", + "relationship_type": "indicates", + "source_ref": "indicator--a893fbe0-b2bc-4380-981f-b7246d6bc97e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0c3a5e50-f121-4fb9-9f67-7661c13d92a3", + "created": "2026-03-15T13:01:20.371468Z", + "modified": "2026-03-15T13:01:20.371468Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='77bingos.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.371468Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--48fa21a8-4ad7-4cb1-89a8-9f001e799335", + "created": "2026-03-15T13:01:20.371881Z", + "modified": "2026-03-15T13:01:20.371881Z", + "relationship_type": "indicates", + "source_ref": "indicator--0c3a5e50-f121-4fb9-9f67-7661c13d92a3", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--033c4805-e96c-4479-a7c3-01167c3489ac", + "created": "2026-03-15T13:01:20.372052Z", + "modified": "2026-03-15T13:01:20.372052Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='i.binaner.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.372052Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dc00685f-e1f5-4210-b154-b8a58e545edd", + "created": "2026-03-15T13:01:20.37248Z", + "modified": "2026-03-15T13:01:20.37248Z", + "relationship_type": "indicates", + "source_ref": "indicator--033c4805-e96c-4479-a7c3-01167c3489ac", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7ba94960-6e1d-459a-b674-7f399f966182", + "created": "2026-03-15T13:01:20.372647Z", + "modified": "2026-03-15T13:01:20.372647Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ddus17.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.372647Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1ccea4e7-ebfb-4ea2-84eb-495bca97db54", + "created": "2026-03-15T13:01:20.37304Z", + "modified": "2026-03-15T13:01:20.37304Z", + "relationship_type": "indicates", + "source_ref": "indicator--7ba94960-6e1d-459a-b674-7f399f966182", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--222f4223-9538-4577-b41a-eb73d71bedfc", + "created": "2026-03-15T13:01:20.373199Z", + "modified": "2026-03-15T13:01:20.373199Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ccpqqe9rtz00s24.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.373199Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--255ffaad-d960-4274-9a2d-931b85c7ab32", + "created": "2026-03-15T13:01:20.373715Z", + "modified": "2026-03-15T13:01:20.373715Z", + "relationship_type": "indicates", + "source_ref": "indicator--222f4223-9538-4577-b41a-eb73d71bedfc", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e4da0aa2-68d1-4e63-b25d-9dd674e25a79", + "created": "2026-03-15T13:01:20.373897Z", + "modified": "2026-03-15T13:01:20.373897Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='6vmbk72t82wmbsu.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.373897Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8d038ae6-bf21-42b5-9c30-c055a4b30db3", + "created": "2026-03-15T13:01:20.374316Z", + "modified": "2026-03-15T13:01:20.374316Z", + "relationship_type": "indicates", + "source_ref": "indicator--e4da0aa2-68d1-4e63-b25d-9dd674e25a79", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ab41d98-87c3-4072-819b-12382b049de2", + "created": "2026-03-15T13:01:20.374493Z", + "modified": "2026-03-15T13:01:20.374493Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='btrank.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.374493Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5a12dee8-8991-49f6-99f8-6b3ebdec7667", + "created": "2026-03-15T13:01:20.374895Z", + "modified": "2026-03-15T13:01:20.374895Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ab41d98-87c3-4072-819b-12382b049de2", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a1caf914-68cb-433e-a641-7c6a2eb866d6", + "created": "2026-03-15T13:01:20.375073Z", + "modified": "2026-03-15T13:01:20.375073Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='n9cfcqvl0ihcn3a.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.375073Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c6232a14-847a-4fbd-bfc4-8a5a7a20d0d8", + "created": "2026-03-15T13:01:20.375632Z", + "modified": "2026-03-15T13:01:20.375632Z", + "relationship_type": "indicates", + "source_ref": "indicator--a1caf914-68cb-433e-a641-7c6a2eb866d6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6e7ea571-281c-4977-9c58-954b3173a0df", + "created": "2026-03-15T13:01:20.375824Z", + "modified": "2026-03-15T13:01:20.375824Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='oqb2oaq7d1vtb4s.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.375824Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--26830fa2-443f-4cb9-9018-1c56621aa3f4", + "created": "2026-03-15T13:01:20.376246Z", + "modified": "2026-03-15T13:01:20.376246Z", + "relationship_type": "indicates", + "source_ref": "indicator--6e7ea571-281c-4977-9c58-954b3173a0df", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ff42d9a9-ede5-4e05-8041-391cf5b3b1a1", + "created": "2026-03-15T13:01:20.376439Z", + "modified": "2026-03-15T13:01:20.376439Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fdiw0xw1o9r6zk3.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.376439Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bf09a40e-77a8-4024-837d-d3ef632a9c46", + "created": "2026-03-15T13:01:20.376861Z", + "modified": "2026-03-15T13:01:20.376861Z", + "relationship_type": "indicates", + "source_ref": "indicator--ff42d9a9-ede5-4e05-8041-391cf5b3b1a1", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--89ce9a23-9a15-48e6-b9ad-6f8d1c57798d", + "created": "2026-03-15T13:01:20.377027Z", + "modified": "2026-03-15T13:01:20.377027Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sj9ioz3a7y89cy7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.377027Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6067e770-dd31-4d58-83ac-05121ba3221f", + "created": "2026-03-15T13:01:20.377439Z", + "modified": "2026-03-15T13:01:20.377439Z", + "relationship_type": "indicates", + "source_ref": "indicator--89ce9a23-9a15-48e6-b9ad-6f8d1c57798d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--accdc682-c457-4447-9379-1f096f4490b7", + "created": "2026-03-15T13:01:20.377592Z", + "modified": "2026-03-15T13:01:20.377592Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cd6s6960b29iuzo.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.377592Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--efb0c97f-4dc5-4748-aa27-c66350fb607f", + "created": "2026-03-15T13:01:20.377995Z", + "modified": "2026-03-15T13:01:20.377995Z", + "relationship_type": "indicates", + "source_ref": "indicator--accdc682-c457-4447-9379-1f096f4490b7", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c3a04b15-be28-4455-9f43-1b71cb37a894", + "created": "2026-03-15T13:01:20.378156Z", + "modified": "2026-03-15T13:01:20.378156Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='axs7x0ad629ggpf.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.378156Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0194c442-1044-4121-a862-33bb28d85436", + "created": "2026-03-15T13:01:20.378556Z", + "modified": "2026-03-15T13:01:20.378556Z", + "relationship_type": "indicates", + "source_ref": "indicator--c3a04b15-be28-4455-9f43-1b71cb37a894", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--48070fcc-33c6-4149-a9b6-7f92a3a35182", + "created": "2026-03-15T13:01:20.378747Z", + "modified": "2026-03-15T13:01:20.378747Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2zaaali0ptn06q9.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.378747Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d1012617-209a-4b12-b824-6e0fba9e60e4", + "created": "2026-03-15T13:01:20.379204Z", + "modified": "2026-03-15T13:01:20.379204Z", + "relationship_type": "indicates", + "source_ref": "indicator--48070fcc-33c6-4149-a9b6-7f92a3a35182", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--07fbef1c-d81a-4acf-b8dc-890d354e3406", + "created": "2026-03-15T13:01:20.379379Z", + "modified": "2026-03-15T13:01:20.379379Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hmpfdh7p8n6i5zr.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.379379Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c3223769-0873-4c6d-a5b4-238463680a85", + "created": "2026-03-15T13:01:20.379826Z", + "modified": "2026-03-15T13:01:20.379826Z", + "relationship_type": "indicates", + "source_ref": "indicator--07fbef1c-d81a-4acf-b8dc-890d354e3406", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2428b590-437a-4a64-8511-5c90598a9e59", + "created": "2026-03-15T13:01:20.380081Z", + "modified": "2026-03-15T13:01:20.380081Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='gdvynopz3pa0tik.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.380081Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a5460a87-5e8a-4c8a-bb83-29b57d57a928", + "created": "2026-03-15T13:01:20.380536Z", + "modified": "2026-03-15T13:01:20.380536Z", + "relationship_type": "indicates", + "source_ref": "indicator--2428b590-437a-4a64-8511-5c90598a9e59", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--caee69d3-5dcb-4757-b826-bf71cc73bafa", + "created": "2026-03-15T13:01:20.380705Z", + "modified": "2026-03-15T13:01:20.380705Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cdn.uacounter.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.380705Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--981a8aa6-75a8-4f07-8d98-d46b3800fb91", + "created": "2026-03-15T13:01:20.381905Z", + "modified": "2026-03-15T13:01:20.381905Z", + "relationship_type": "indicates", + "source_ref": "indicator--caee69d3-5dcb-4757-b826-bf71cc73bafa", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6231b59e-4e92-4686-af8f-bd10aade71f6", + "created": "2026-03-15T13:01:20.382164Z", + "modified": "2026-03-15T13:01:20.382164Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='amewkw0nfd11qpr.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.382164Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--003dd4a5-2e3b-44e6-bc59-ce3fa3f68595", + "created": "2026-03-15T13:01:20.382629Z", + "modified": "2026-03-15T13:01:20.382629Z", + "relationship_type": "indicates", + "source_ref": "indicator--6231b59e-4e92-4686-af8f-bd10aade71f6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a11ffb30-997d-47b4-922f-3293516dd788", + "created": "2026-03-15T13:01:20.382816Z", + "modified": "2026-03-15T13:01:20.382816Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='seven7.to']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.382816Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a506bea8-b9a2-4786-a66b-23b2a0fba090", + "created": "2026-03-15T13:01:20.383268Z", + "modified": "2026-03-15T13:01:20.383268Z", + "relationship_type": "indicates", + "source_ref": "indicator--a11ffb30-997d-47b4-922f-3293516dd788", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0fbe51b4-4054-450c-92b7-e143e292db2e", + "created": "2026-03-15T13:01:20.383481Z", + "modified": "2026-03-15T13:01:20.383481Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pepeairdrop01.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.383481Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--420e9287-7012-494f-b962-5559bc55b105", + "created": "2026-03-15T13:01:20.3839Z", + "modified": "2026-03-15T13:01:20.3839Z", + "relationship_type": "indicates", + "source_ref": "indicator--0fbe51b4-4054-450c-92b7-e143e292db2e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--14df878b-046e-465b-9145-d2d740b8a0ee", + "created": "2026-03-15T13:01:20.384074Z", + "modified": "2026-03-15T13:01:20.384074Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='o08h5rhu2lu1x0q.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.384074Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a9a92aaf-66ff-44b3-bcb0-587f5c60f6c8", + "created": "2026-03-15T13:01:20.384528Z", + "modified": "2026-03-15T13:01:20.384528Z", + "relationship_type": "indicates", + "source_ref": "indicator--14df878b-046e-465b-9145-d2d740b8a0ee", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2e213735-a425-447f-90d3-284d11e2303f", + "created": "2026-03-15T13:01:20.384702Z", + "modified": "2026-03-15T13:01:20.384702Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='b27.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.384702Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4c306b98-2ec5-40ee-a3a0-3705a3df86cb", + "created": "2026-03-15T13:01:20.385102Z", + "modified": "2026-03-15T13:01:20.385102Z", + "relationship_type": "indicates", + "source_ref": "indicator--2e213735-a425-447f-90d3-284d11e2303f", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0f171418-8a2b-48bf-8ea4-5de877c80eb4", + "created": "2026-03-15T13:01:20.385255Z", + "modified": "2026-03-15T13:01:20.385255Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='t7c.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.385255Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9e7100bf-46de-4cd1-b866-1b44428a3b74", + "created": "2026-03-15T13:01:20.385675Z", + "modified": "2026-03-15T13:01:20.385675Z", + "relationship_type": "indicates", + "source_ref": "indicator--0f171418-8a2b-48bf-8ea4-5de877c80eb4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9f0cd05b-ce49-46c7-843d-0eceeb2b1bd2", + "created": "2026-03-15T13:01:20.385876Z", + "modified": "2026-03-15T13:01:20.385876Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hui4tbh9uv9x4yi.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.385876Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--604b12c1-7d63-462a-89db-8d9bc4e121d5", + "created": "2026-03-15T13:01:20.386291Z", + "modified": "2026-03-15T13:01:20.386291Z", + "relationship_type": "indicates", + "source_ref": "indicator--9f0cd05b-ce49-46c7-843d-0eceeb2b1bd2", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2cc2b3cd-44c8-4b53-a46c-8ac3d22cffef", + "created": "2026-03-15T13:01:20.386502Z", + "modified": "2026-03-15T13:01:20.386502Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='gqjs3ra34lyuvzb.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.386502Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--770a0062-26b5-48f2-a51f-27ef499d5381", + "created": "2026-03-15T13:01:20.386919Z", + "modified": "2026-03-15T13:01:20.386919Z", + "relationship_type": "indicates", + "source_ref": "indicator--2cc2b3cd-44c8-4b53-a46c-8ac3d22cffef", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--023850c0-fcea-45bd-a20f-ddd9bc40e8e1", + "created": "2026-03-15T13:01:20.38709Z", + "modified": "2026-03-15T13:01:20.38709Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xjslbdt9jdijn15.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.38709Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9d5a9826-45fb-4467-984a-27311afac67b", + "created": "2026-03-15T13:01:20.387661Z", + "modified": "2026-03-15T13:01:20.387661Z", + "relationship_type": "indicates", + "source_ref": "indicator--023850c0-fcea-45bd-a20f-ddd9bc40e8e1", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--95a69b66-5644-481e-8fe0-48694bddf60d", + "created": "2026-03-15T13:01:20.387853Z", + "modified": "2026-03-15T13:01:20.387853Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='roy2tlop2u.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.387853Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4ca2316a-6355-4a71-8136-331cfa9bb2d4", + "created": "2026-03-15T13:01:20.388258Z", + "modified": "2026-03-15T13:01:20.388258Z", + "relationship_type": "indicates", + "source_ref": "indicator--95a69b66-5644-481e-8fe0-48694bddf60d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--634c1e39-a627-4382-bf00-800b4317762e", + "created": "2026-03-15T13:01:20.388454Z", + "modified": "2026-03-15T13:01:20.388454Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ufli5en5arh9c7b.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.388454Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--96b0597f-a41b-4a64-8663-92dc88fe3cae", + "created": "2026-03-15T13:01:20.388954Z", + "modified": "2026-03-15T13:01:20.388954Z", + "relationship_type": "indicates", + "source_ref": "indicator--634c1e39-a627-4382-bf00-800b4317762e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--792eeb07-9b2c-491e-b2a6-3ad2ba006749", + "created": "2026-03-15T13:01:20.389153Z", + "modified": "2026-03-15T13:01:20.389153Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='kyaadeow5dldqu9.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.389153Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--83ee2f5c-84cb-462b-92f7-31a36f585080", + "created": "2026-03-15T13:01:20.389591Z", + "modified": "2026-03-15T13:01:20.389591Z", + "relationship_type": "indicates", + "source_ref": "indicator--792eeb07-9b2c-491e-b2a6-3ad2ba006749", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--10f72f61-8938-4d80-8e87-0ba21dc2a6ac", + "created": "2026-03-15T13:01:20.389776Z", + "modified": "2026-03-15T13:01:20.389776Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='m.pc6.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.389776Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ba31d4b3-1069-4252-a217-df42f263dc14", + "created": "2026-03-15T13:01:20.390256Z", + "modified": "2026-03-15T13:01:20.390256Z", + "relationship_type": "indicates", + "source_ref": "indicator--10f72f61-8938-4d80-8e87-0ba21dc2a6ac", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--64b9c651-c37f-4ad5-b5db-c6879ada58b3", + "created": "2026-03-15T13:01:20.390456Z", + "modified": "2026-03-15T13:01:20.390456Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='14sy5i89hxoqvvz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.390456Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--dac82038-d819-4add-998f-24c6f668e54d", + "created": "2026-03-15T13:01:20.390881Z", + "modified": "2026-03-15T13:01:20.390881Z", + "relationship_type": "indicates", + "source_ref": "indicator--64b9c651-c37f-4ad5-b5db-c6879ada58b3", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d34de516-bca0-45ed-be62-fa2b32b158b8", + "created": "2026-03-15T13:01:20.391054Z", + "modified": "2026-03-15T13:01:20.391054Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='e00l4axt0yf7m2k.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.391054Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--fb905561-ad47-4293-8e94-ca938351b5e6", + "created": "2026-03-15T13:01:20.391551Z", + "modified": "2026-03-15T13:01:20.391551Z", + "relationship_type": "indicates", + "source_ref": "indicator--d34de516-bca0-45ed-be62-fa2b32b158b8", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7f96b33a-5425-4573-9077-97c290388f0d", + "created": "2026-03-15T13:01:20.391738Z", + "modified": "2026-03-15T13:01:20.391738Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='l7coq3s7mosgetz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.391738Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4507db3b-06c4-42b1-a67c-045acab7bd80", + "created": "2026-03-15T13:01:20.392225Z", + "modified": "2026-03-15T13:01:20.392225Z", + "relationship_type": "indicates", + "source_ref": "indicator--7f96b33a-5425-4573-9077-97c290388f0d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e11c68dc-236b-4efd-bff3-af270e11fe2f", + "created": "2026-03-15T13:01:20.392421Z", + "modified": "2026-03-15T13:01:20.392421Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='wlf6n6bml3ng89q.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.392421Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--71925ea5-0f6f-4e20-af0d-53cd84eb6a07", + "created": "2026-03-15T13:01:20.392887Z", + "modified": "2026-03-15T13:01:20.392887Z", + "relationship_type": "indicates", + "source_ref": "indicator--e11c68dc-236b-4efd-bff3-af270e11fe2f", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a544921c-5a8b-40cc-a6dc-5fbcaecfb49c", + "created": "2026-03-15T13:01:20.393089Z", + "modified": "2026-03-15T13:01:20.393089Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cc0mvv7661lymjb.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.393089Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--04c639bf-85a1-4611-8e15-cc16fbdec5d0", + "created": "2026-03-15T13:01:20.393646Z", + "modified": "2026-03-15T13:01:20.393646Z", + "relationship_type": "indicates", + "source_ref": "indicator--a544921c-5a8b-40cc-a6dc-5fbcaecfb49c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6a26c3e2-e3d9-4f02-a20a-1b7dd9782dab", + "created": "2026-03-15T13:01:20.393829Z", + "modified": "2026-03-15T13:01:20.393829Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lsnngjyu9x6vcg0.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.393829Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--31b60cea-e8ec-4c09-8898-b15069495bf5", + "created": "2026-03-15T13:01:20.394286Z", + "modified": "2026-03-15T13:01:20.394286Z", + "relationship_type": "indicates", + "source_ref": "indicator--6a26c3e2-e3d9-4f02-a20a-1b7dd9782dab", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--03816fa3-b388-48cc-a7f6-f7b7eb96f573", + "created": "2026-03-15T13:01:20.394497Z", + "modified": "2026-03-15T13:01:20.394497Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='8kc3bu969yz7f9t.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.394497Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--eced39cb-ae4e-46f5-b5bc-0a295dac1081", + "created": "2026-03-15T13:01:20.394913Z", + "modified": "2026-03-15T13:01:20.394913Z", + "relationship_type": "indicates", + "source_ref": "indicator--03816fa3-b388-48cc-a7f6-f7b7eb96f573", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3e7b91a4-31d6-4a00-909a-b1ad82bf3d71", + "created": "2026-03-15T13:01:20.395111Z", + "modified": "2026-03-15T13:01:20.395111Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ibrzwbxsn6rgyai.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.395111Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a931db2c-e2f1-4865-8a6c-60de976cd458", + "created": "2026-03-15T13:01:20.395571Z", + "modified": "2026-03-15T13:01:20.395571Z", + "relationship_type": "indicates", + "source_ref": "indicator--3e7b91a4-31d6-4a00-909a-b1ad82bf3d71", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--98f515e5-bf4d-437c-b5a2-8978335f86b1", + "created": "2026-03-15T13:01:20.395748Z", + "modified": "2026-03-15T13:01:20.395748Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='goodcryptocurrency.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.395748Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--04161dba-27ba-4327-b9c9-be404be4118f", + "created": "2026-03-15T13:01:20.396161Z", + "modified": "2026-03-15T13:01:20.396161Z", + "relationship_type": "indicates", + "source_ref": "indicator--98f515e5-bf4d-437c-b5a2-8978335f86b1", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f0d29be6-59ff-449c-9c56-feda16b74489", + "created": "2026-03-15T13:01:20.396339Z", + "modified": "2026-03-15T13:01:20.396339Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='eebiov4uh9lk8i4.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.396339Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--92697dbf-ba62-46b3-adf5-1b0fc9a29131", + "created": "2026-03-15T13:01:20.396761Z", + "modified": "2026-03-15T13:01:20.396761Z", + "relationship_type": "indicates", + "source_ref": "indicator--f0d29be6-59ff-449c-9c56-feda16b74489", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ee52b417-8e01-479b-a312-cbacdfa7fc91", + "created": "2026-03-15T13:01:20.396927Z", + "modified": "2026-03-15T13:01:20.396927Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mvqpy8leaale0tx.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.396927Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bb1961b7-ce12-4a33-8642-dbc7a56117c2", + "created": "2026-03-15T13:01:20.397317Z", + "modified": "2026-03-15T13:01:20.397317Z", + "relationship_type": "indicates", + "source_ref": "indicator--ee52b417-8e01-479b-a312-cbacdfa7fc91", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cddca1a9-1ac9-46e2-bb4b-b6e41b2e11ac", + "created": "2026-03-15T13:01:20.397518Z", + "modified": "2026-03-15T13:01:20.397518Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='h1yvb0pd9gl9422.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.397518Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--be950cee-5602-4145-88ef-67c4f7669ca2", + "created": "2026-03-15T13:01:20.397916Z", + "modified": "2026-03-15T13:01:20.397916Z", + "relationship_type": "indicates", + "source_ref": "indicator--cddca1a9-1ac9-46e2-bb4b-b6e41b2e11ac", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--828542f4-43f3-48d1-a706-da853269ba23", + "created": "2026-03-15T13:01:20.398084Z", + "modified": "2026-03-15T13:01:20.398084Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='n49.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.398084Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a9d3508e-57a5-4bc7-b6c3-3168590dd962", + "created": "2026-03-15T13:01:20.398514Z", + "modified": "2026-03-15T13:01:20.398514Z", + "relationship_type": "indicates", + "source_ref": "indicator--828542f4-43f3-48d1-a706-da853269ba23", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--116d7257-ed99-47e8-ad4a-b4b8495f827c", + "created": "2026-03-15T13:01:20.398674Z", + "modified": "2026-03-15T13:01:20.398674Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vvri8ocl4t3k8n6.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.398674Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--82874db9-749a-4ee0-8ae5-d4d00a102090", + "created": "2026-03-15T13:01:20.399186Z", + "modified": "2026-03-15T13:01:20.399186Z", + "relationship_type": "indicates", + "source_ref": "indicator--116d7257-ed99-47e8-ad4a-b4b8495f827c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4ac723be-e471-4433-bdab-54af52687a4d", + "created": "2026-03-15T13:01:20.399389Z", + "modified": "2026-03-15T13:01:20.399389Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mxbc-v2.tjbjdod.cn']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.399389Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--aaaad696-d843-4614-a852-550b114c3c48", + "created": "2026-03-15T13:01:20.399901Z", + "modified": "2026-03-15T13:01:20.399901Z", + "relationship_type": "indicates", + "source_ref": "indicator--4ac723be-e471-4433-bdab-54af52687a4d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--21086079-9a3a-419c-ab84-c629afa7ae9d", + "created": "2026-03-15T13:01:20.400075Z", + "modified": "2026-03-15T13:01:20.400075Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2i93m6puuqrmbzu.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.400075Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--46a3bd96-ca4d-428e-a401-a3ba3143525b", + "created": "2026-03-15T13:01:20.400501Z", + "modified": "2026-03-15T13:01:20.400501Z", + "relationship_type": "indicates", + "source_ref": "indicator--21086079-9a3a-419c-ab84-c629afa7ae9d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e06a25c1-27c5-45cc-8a5d-ae467b45ea2d", + "created": "2026-03-15T13:01:20.400698Z", + "modified": "2026-03-15T13:01:20.400698Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='aidm8it5hf1jmtj.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.400698Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8f2099a1-8222-4992-8d01-4b34dea82d0b", + "created": "2026-03-15T13:01:20.401115Z", + "modified": "2026-03-15T13:01:20.401115Z", + "relationship_type": "indicates", + "source_ref": "indicator--e06a25c1-27c5-45cc-8a5d-ae467b45ea2d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ac8e4479-ffab-4d2f-bbc8-4fc782662a29", + "created": "2026-03-15T13:01:20.401281Z", + "modified": "2026-03-15T13:01:20.401281Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lk4x6x2ejxaw2br.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.401281Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f7398b7b-cea5-4c4f-b9de-a8168978fcb1", + "created": "2026-03-15T13:01:20.401757Z", + "modified": "2026-03-15T13:01:20.401757Z", + "relationship_type": "indicates", + "source_ref": "indicator--ac8e4479-ffab-4d2f-bbc8-4fc782662a29", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d170a545-c78a-4626-a0f0-d349527a40d9", + "created": "2026-03-15T13:01:20.401933Z", + "modified": "2026-03-15T13:01:20.401933Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dd9l7e6ghme8pbk.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.401933Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--01171020-d388-4756-8168-6460c5151df9", + "created": "2026-03-15T13:01:20.402383Z", + "modified": "2026-03-15T13:01:20.402383Z", + "relationship_type": "indicates", + "source_ref": "indicator--d170a545-c78a-4626-a0f0-d349527a40d9", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6789cbeb-5261-49b3-a039-7ebd96cae8c0", + "created": "2026-03-15T13:01:20.402562Z", + "modified": "2026-03-15T13:01:20.402562Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='f0qxj4brxkcwtar.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.402562Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1f2d769f-0eea-449b-af3b-f911d37f6383", + "created": "2026-03-15T13:01:20.402992Z", + "modified": "2026-03-15T13:01:20.402992Z", + "relationship_type": "indicates", + "source_ref": "indicator--6789cbeb-5261-49b3-a039-7ebd96cae8c0", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9ee12015-7531-4bfa-901f-f9ae354bdd69", + "created": "2026-03-15T13:01:20.403161Z", + "modified": "2026-03-15T13:01:20.403161Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cwt92c4w1u0f70s.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.403161Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--fa6ff5d6-6e16-446b-a79d-9da0a016bb76", + "created": "2026-03-15T13:01:20.403592Z", + "modified": "2026-03-15T13:01:20.403592Z", + "relationship_type": "indicates", + "source_ref": "indicator--9ee12015-7531-4bfa-901f-f9ae354bdd69", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1935a072-6e02-41d9-a7d1-2b3e5d4b2565", + "created": "2026-03-15T13:01:20.403769Z", + "modified": "2026-03-15T13:01:20.403769Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bestcryptocurrency.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.403769Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9749405d-969d-4fa8-a721-d9f584617e2b", + "created": "2026-03-15T13:01:20.404224Z", + "modified": "2026-03-15T13:01:20.404224Z", + "relationship_type": "indicates", + "source_ref": "indicator--1935a072-6e02-41d9-a7d1-2b3e5d4b2565", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2e634dc3-b567-4ac1-8c97-fdd9ff6da1a8", + "created": "2026-03-15T13:01:20.40442Z", + "modified": "2026-03-15T13:01:20.40442Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='jw732utrrcvqwbp.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.40442Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--42f22d1e-9cdf-42c9-9b54-3ddc585822c7", + "created": "2026-03-15T13:01:20.405026Z", + "modified": "2026-03-15T13:01:20.405026Z", + "relationship_type": "indicates", + "source_ref": "indicator--2e634dc3-b567-4ac1-8c97-fdd9ff6da1a8", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9aed8973-e14d-464c-9360-de24c0061fdf", + "created": "2026-03-15T13:01:20.405232Z", + "modified": "2026-03-15T13:01:20.405232Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fbn98qo7hk35w0t.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.405232Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cad5eb07-0437-4202-b1e8-6fad17fdd578", + "created": "2026-03-15T13:01:20.405668Z", + "modified": "2026-03-15T13:01:20.405668Z", + "relationship_type": "indicates", + "source_ref": "indicator--9aed8973-e14d-464c-9360-de24c0061fdf", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7f9dcd43-ef65-4a63-bb31-6762f9053314", + "created": "2026-03-15T13:01:20.405834Z", + "modified": "2026-03-15T13:01:20.405834Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='z2c4fbfnp1pm68b.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.405834Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--35a59179-d47e-4422-b7fd-f118a1342158", + "created": "2026-03-15T13:01:20.406311Z", + "modified": "2026-03-15T13:01:20.406311Z", + "relationship_type": "indicates", + "source_ref": "indicator--7f9dcd43-ef65-4a63-bb31-6762f9053314", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--941cbc94-bf33-4ef8-b3bc-f1ee3d8910eb", + "created": "2026-03-15T13:01:20.406523Z", + "modified": "2026-03-15T13:01:20.406523Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='24e661zz9j4tcr7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.406523Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a4b0b900-8891-4bc0-8408-72cdffe6656a", + "created": "2026-03-15T13:01:20.406972Z", + "modified": "2026-03-15T13:01:20.406972Z", + "relationship_type": "indicates", + "source_ref": "indicator--941cbc94-bf33-4ef8-b3bc-f1ee3d8910eb", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ecd23141-508f-4c08-b919-2eb104ac9d3b", + "created": "2026-03-15T13:01:20.40716Z", + "modified": "2026-03-15T13:01:20.40716Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mjdqw.cn']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.40716Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b4d6a30f-8c1a-467f-a08b-0651e7c92526", + "created": "2026-03-15T13:01:20.407599Z", + "modified": "2026-03-15T13:01:20.407599Z", + "relationship_type": "indicates", + "source_ref": "indicator--ecd23141-508f-4c08-b919-2eb104ac9d3b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ee99625b-0acb-4ad6-95ad-f1d9305e5fe3", + "created": "2026-03-15T13:01:20.407789Z", + "modified": "2026-03-15T13:01:20.407789Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='medobv5dkjl2bm0.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.407789Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--81fb10f6-48dd-4850-bd7f-a9d6b33c2348", + "created": "2026-03-15T13:01:20.408198Z", + "modified": "2026-03-15T13:01:20.408198Z", + "relationship_type": "indicates", + "source_ref": "indicator--ee99625b-0acb-4ad6-95ad-f1d9305e5fe3", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--28d78ce6-91bf-429d-9f6b-311737d3ef74", + "created": "2026-03-15T13:01:20.408388Z", + "modified": "2026-03-15T13:01:20.408388Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bingo777.now']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.408388Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--61c4ac14-2499-4108-8679-602fd540c078", + "created": "2026-03-15T13:01:20.408778Z", + "modified": "2026-03-15T13:01:20.408778Z", + "relationship_type": "indicates", + "source_ref": "indicator--28d78ce6-91bf-429d-9f6b-311737d3ef74", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7d4974ee-222e-4577-86b8-3be8de248bf9", + "created": "2026-03-15T13:01:20.408948Z", + "modified": "2026-03-15T13:01:20.408948Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='7uspin.us']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.408948Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--19f7b034-de62-4786-876c-87e43b8884ee", + "created": "2026-03-15T13:01:20.409369Z", + "modified": "2026-03-15T13:01:20.409369Z", + "relationship_type": "indicates", + "source_ref": "indicator--7d4974ee-222e-4577-86b8-3be8de248bf9", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3bcdd858-0883-4b0c-b041-c38fa4c40357", + "created": "2026-03-15T13:01:20.40958Z", + "modified": "2026-03-15T13:01:20.40958Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='tcqk4shuq6vosa2.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.40958Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--32f715c6-11ea-463a-94de-6d91ff8a92af", + "created": "2026-03-15T13:01:20.410006Z", + "modified": "2026-03-15T13:01:20.410006Z", + "relationship_type": "indicates", + "source_ref": "indicator--3bcdd858-0883-4b0c-b041-c38fa4c40357", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--044dff7f-c667-463a-bfb9-01ae3483ea72", + "created": "2026-03-15T13:01:20.410172Z", + "modified": "2026-03-15T13:01:20.410172Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pbp5j308edop478.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.410172Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1b62ecc0-be1e-4c12-8217-aadb086dfbc6", + "created": "2026-03-15T13:01:20.410757Z", + "modified": "2026-03-15T13:01:20.410757Z", + "relationship_type": "indicates", + "source_ref": "indicator--044dff7f-c667-463a-bfb9-01ae3483ea72", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8dcf6aba-7124-4114-bb81-247a33012264", + "created": "2026-03-15T13:01:20.410948Z", + "modified": "2026-03-15T13:01:20.410948Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ewllhwxz16atjlx.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.410948Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--02fce901-5d3a-483d-b035-8c66d4cae48f", + "created": "2026-03-15T13:01:20.411373Z", + "modified": "2026-03-15T13:01:20.411373Z", + "relationship_type": "indicates", + "source_ref": "indicator--8dcf6aba-7124-4114-bb81-247a33012264", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4c11bac5-6215-493e-8331-ccf55d9cf8ea", + "created": "2026-03-15T13:01:20.411554Z", + "modified": "2026-03-15T13:01:20.411554Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='spin7.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.411554Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3c17fce8-7f14-4fd9-aade-a586c961ebe1", + "created": "2026-03-15T13:01:20.411984Z", + "modified": "2026-03-15T13:01:20.411984Z", + "relationship_type": "indicates", + "source_ref": "indicator--4c11bac5-6215-493e-8331-ccf55d9cf8ea", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d1f1692b-83e8-4c80-8f26-2ea225cfc36d", + "created": "2026-03-15T13:01:20.412151Z", + "modified": "2026-03-15T13:01:20.412151Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='0qx9g8ary2fzc5a.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.412151Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--05e0969d-55b0-4a64-aada-6829a7a4004d", + "created": "2026-03-15T13:01:20.412554Z", + "modified": "2026-03-15T13:01:20.412554Z", + "relationship_type": "indicates", + "source_ref": "indicator--d1f1692b-83e8-4c80-8f26-2ea225cfc36d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--79599416-e9b8-436d-bb9d-53dc67068f55", + "created": "2026-03-15T13:01:20.412726Z", + "modified": "2026-03-15T13:01:20.412726Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='liquorfight.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.412726Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2e52d398-681b-4f41-ba4e-efbb3db3e243", + "created": "2026-03-15T13:01:20.413121Z", + "modified": "2026-03-15T13:01:20.413121Z", + "relationship_type": "indicates", + "source_ref": "indicator--79599416-e9b8-436d-bb9d-53dc67068f55", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--cabceb71-079e-4d07-aae4-c91a8febd5cb", + "created": "2026-03-15T13:01:20.413317Z", + "modified": "2026-03-15T13:01:20.413317Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yve6eagcq7wcokf.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.413317Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b740372a-e833-4882-8d4a-d837e066ab36", + "created": "2026-03-15T13:01:20.413941Z", + "modified": "2026-03-15T13:01:20.413941Z", + "relationship_type": "indicates", + "source_ref": "indicator--cabceb71-079e-4d07-aae4-c91a8febd5cb", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--93caabd6-2710-4987-b05b-60032fcdf651", + "created": "2026-03-15T13:01:20.414194Z", + "modified": "2026-03-15T13:01:20.414194Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='zcjdlb5ubkhy41u.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.414194Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a7c87f0a-7021-4328-b018-525917706b43", + "created": "2026-03-15T13:01:20.414677Z", + "modified": "2026-03-15T13:01:20.414677Z", + "relationship_type": "indicates", + "source_ref": "indicator--93caabd6-2710-4987-b05b-60032fcdf651", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7709ba14-a83e-4978-b4a3-7ca1efacd947", + "created": "2026-03-15T13:01:20.414861Z", + "modified": "2026-03-15T13:01:20.414861Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='eg2bjo5x5r8yjb5.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.414861Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b35f5df9-31fb-4523-a7e4-79b39aeb8985", + "created": "2026-03-15T13:01:20.415252Z", + "modified": "2026-03-15T13:01:20.415252Z", + "relationship_type": "indicates", + "source_ref": "indicator--7709ba14-a83e-4978-b4a3-7ca1efacd947", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6cb8df52-7cfb-465d-9afd-00740f33fe60", + "created": "2026-03-15T13:01:20.415442Z", + "modified": "2026-03-15T13:01:20.415442Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='b96r89p5bnuwbc7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.415442Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--353321b9-a0ff-4415-941c-9f25b8b63b7e", + "created": "2026-03-15T13:01:20.415841Z", + "modified": "2026-03-15T13:01:20.415841Z", + "relationship_type": "indicates", + "source_ref": "indicator--6cb8df52-7cfb-465d-9afd-00740f33fe60", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--17a4264f-600e-4844-84cb-81f18e9ddc32", + "created": "2026-03-15T13:01:20.416007Z", + "modified": "2026-03-15T13:01:20.416007Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ar2ojsx340jksmg.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.416007Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--520ca956-0a16-4f5c-bc49-eb580de1a1d0", + "created": "2026-03-15T13:01:20.416561Z", + "modified": "2026-03-15T13:01:20.416561Z", + "relationship_type": "indicates", + "source_ref": "indicator--17a4264f-600e-4844-84cb-81f18e9ddc32", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6cc76df7-38bb-4776-aacb-98ff38e577a2", + "created": "2026-03-15T13:01:20.416737Z", + "modified": "2026-03-15T13:01:20.416737Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fgr1w2gnsdvsb.xyz/x']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.416737Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6b60d9b1-368e-4e8f-bd2f-f020d3eb1239", + "created": "2026-03-15T13:01:20.417185Z", + "modified": "2026-03-15T13:01:20.417185Z", + "relationship_type": "indicates", + "source_ref": "indicator--6cc76df7-38bb-4776-aacb-98ff38e577a2", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3cbb1cda-3547-4416-b2e7-a2c7471c1a81", + "created": "2026-03-15T13:01:20.41736Z", + "modified": "2026-03-15T13:01:20.41736Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='c5t8kptatr57n7y.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.41736Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--60c68b91-26d4-40d9-8f54-a06bc39ac6f8", + "created": "2026-03-15T13:01:20.417751Z", + "modified": "2026-03-15T13:01:20.417751Z", + "relationship_type": "indicates", + "source_ref": "indicator--3cbb1cda-3547-4416-b2e7-a2c7471c1a81", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--dd97dea3-c0f3-46ab-b0a4-006387ef7bed", + "created": "2026-03-15T13:01:20.417917Z", + "modified": "2026-03-15T13:01:20.417917Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='x6kcdjgagpl05z9.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.417917Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--fa5ae8c2-51d8-4bb8-a0c8-1da278b1caa3", + "created": "2026-03-15T13:01:20.418313Z", + "modified": "2026-03-15T13:01:20.418313Z", + "relationship_type": "indicates", + "source_ref": "indicator--dd97dea3-c0f3-46ab-b0a4-006387ef7bed", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--41210b21-6ef1-4332-92bd-3204dad0fe91", + "created": "2026-03-15T13:01:20.418475Z", + "modified": "2026-03-15T13:01:20.418475Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='it7cp49qehrj85j.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.418475Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b1a5ca83-f039-465c-b495-bed582af651c", + "created": "2026-03-15T13:01:20.418876Z", + "modified": "2026-03-15T13:01:20.418876Z", + "relationship_type": "indicates", + "source_ref": "indicator--41210b21-6ef1-4332-92bd-3204dad0fe91", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--54c5dcaa-0abb-45a3-b7ee-684653d4c248", + "created": "2026-03-15T13:01:20.419036Z", + "modified": "2026-03-15T13:01:20.419036Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='26a.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.419036Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a78e1435-a3ce-49ad-998d-2e3d87663869", + "created": "2026-03-15T13:01:20.419423Z", + "modified": "2026-03-15T13:01:20.419423Z", + "relationship_type": "indicates", + "source_ref": "indicator--54c5dcaa-0abb-45a3-b7ee-684653d4c248", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--26797fbd-8d11-4b3b-b057-44bb85c2fd29", + "created": "2026-03-15T13:01:20.419577Z", + "modified": "2026-03-15T13:01:20.419577Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fxp34lig1xtahno.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.419577Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--de485398-4a96-44ad-90c4-5da59e45a58e", + "created": "2026-03-15T13:01:20.419959Z", + "modified": "2026-03-15T13:01:20.419959Z", + "relationship_type": "indicates", + "source_ref": "indicator--26797fbd-8d11-4b3b-b057-44bb85c2fd29", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a0a5792c-5028-48b2-b118-3a0dbbcae53c", + "created": "2026-03-15T13:01:20.420127Z", + "modified": "2026-03-15T13:01:20.420127Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='7p.game']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.420127Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7c8262a4-5c4e-4914-96a6-d8a87c4b121f", + "created": "2026-03-15T13:01:20.434712Z", + "modified": "2026-03-15T13:01:20.434712Z", + "relationship_type": "indicates", + "source_ref": "indicator--a0a5792c-5028-48b2-b118-3a0dbbcae53c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--81f101f7-0aa3-4daf-81e3-14e9a40d73fe", + "created": "2026-03-15T13:01:20.435013Z", + "modified": "2026-03-15T13:01:20.435013Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='m5pfh9jwsj090e8.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.435013Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0b77e52f-91b6-4578-af43-d78943969844", + "created": "2026-03-15T13:01:20.43569Z", + "modified": "2026-03-15T13:01:20.43569Z", + "relationship_type": "indicates", + "source_ref": "indicator--81f101f7-0aa3-4daf-81e3-14e9a40d73fe", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ec44ef6d-6518-4dbc-b2d1-729380861d85", + "created": "2026-03-15T13:01:20.435944Z", + "modified": "2026-03-15T13:01:20.435944Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='0zsz6hq2adbfcgn.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.435944Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--78afd6b1-474a-42d8-9d4f-591c0fe206d6", + "created": "2026-03-15T13:01:20.436756Z", + "modified": "2026-03-15T13:01:20.436756Z", + "relationship_type": "indicates", + "source_ref": "indicator--ec44ef6d-6518-4dbc-b2d1-729380861d85", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c7aa89bf-10e6-4de7-b190-2e38baffd2ee", + "created": "2026-03-15T13:01:20.437031Z", + "modified": "2026-03-15T13:01:20.437031Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='s6a7faijhiddeb8.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.437031Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c747fea0-4317-4ac4-9ff1-cffa1c7a146a", + "created": "2026-03-15T13:01:20.437677Z", + "modified": "2026-03-15T13:01:20.437677Z", + "relationship_type": "indicates", + "source_ref": "indicator--c7aa89bf-10e6-4de7-b190-2e38baffd2ee", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--48ef12d9-b449-4928-9ab2-fbdb6d81ae67", + "created": "2026-03-15T13:01:20.437924Z", + "modified": "2026-03-15T13:01:20.437924Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dbgopaxl.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.437924Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--03499a35-90db-487c-bbe9-2203a68fe409", + "created": "2026-03-15T13:01:20.438518Z", + "modified": "2026-03-15T13:01:20.438518Z", + "relationship_type": "indicates", + "source_ref": "indicator--48ef12d9-b449-4928-9ab2-fbdb6d81ae67", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--37801610-1e3f-444b-bf11-1c7fba142e9b", + "created": "2026-03-15T13:01:20.438759Z", + "modified": "2026-03-15T13:01:20.438759Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vun5plmaxydremk.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.438759Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6ca43ca2-0bf9-4fee-b426-a8a3145e6c28", + "created": "2026-03-15T13:01:20.439363Z", + "modified": "2026-03-15T13:01:20.439363Z", + "relationship_type": "indicates", + "source_ref": "indicator--37801610-1e3f-444b-bf11-1c7fba142e9b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f1fd60e4-f665-4f54-b011-c8837be75aa6", + "created": "2026-03-15T13:01:20.439593Z", + "modified": "2026-03-15T13:01:20.439593Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='erjthj4k3aqz04x.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.439593Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c511f68c-7515-460b-a497-d6d67e5ccb58", + "created": "2026-03-15T13:01:20.440025Z", + "modified": "2026-03-15T13:01:20.440025Z", + "relationship_type": "indicates", + "source_ref": "indicator--f1fd60e4-f665-4f54-b011-c8837be75aa6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7853e932-e489-4ac1-8a11-70e4b2e7f64a", + "created": "2026-03-15T13:01:20.4402Z", + "modified": "2026-03-15T13:01:20.4402Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ol67el6pxg03ad7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.4402Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--60f475f8-d8b5-40a1-96ab-1f648b83ca49", + "created": "2026-03-15T13:01:20.440618Z", + "modified": "2026-03-15T13:01:20.440618Z", + "relationship_type": "indicates", + "source_ref": "indicator--7853e932-e489-4ac1-8a11-70e4b2e7f64a", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d36d7a2d-be7b-4beb-b28b-ebe98caa48ec", + "created": "2026-03-15T13:01:20.440805Z", + "modified": "2026-03-15T13:01:20.440805Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='binancealliancesintro.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.440805Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c38407e5-0a80-4d09-bcf3-455eae900258", + "created": "2026-03-15T13:01:20.441213Z", + "modified": "2026-03-15T13:01:20.441213Z", + "relationship_type": "indicates", + "source_ref": "indicator--d36d7a2d-be7b-4beb-b28b-ebe98caa48ec", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4bd7368d-205b-4502-9804-80753f1c61ca", + "created": "2026-03-15T13:01:20.441378Z", + "modified": "2026-03-15T13:01:20.441378Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='shnqt4e97bc17l6.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.441378Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--367aa067-0e41-4c70-be07-81337041964a", + "created": "2026-03-15T13:01:20.441772Z", + "modified": "2026-03-15T13:01:20.441772Z", + "relationship_type": "indicates", + "source_ref": "indicator--4bd7368d-205b-4502-9804-80753f1c61ca", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e4e1f845-ba74-4d5d-b9dc-339c9643e203", + "created": "2026-03-15T13:01:20.441937Z", + "modified": "2026-03-15T13:01:20.441937Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='98a.online']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.441937Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--82bc8dc5-4d1f-481e-bb9d-4b80fc6fd0b1", + "created": "2026-03-15T13:01:20.442374Z", + "modified": "2026-03-15T13:01:20.442374Z", + "relationship_type": "indicates", + "source_ref": "indicator--e4e1f845-ba74-4d5d-b9dc-339c9643e203", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bbb36265-0af8-46bb-8bbf-93dc9dac5333", + "created": "2026-03-15T13:01:20.44255Z", + "modified": "2026-03-15T13:01:20.44255Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='k88q386znxmk4f3.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.44255Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d7b8ec4b-a225-448f-af82-6eed2814d9b1", + "created": "2026-03-15T13:01:20.443067Z", + "modified": "2026-03-15T13:01:20.443067Z", + "relationship_type": "indicates", + "source_ref": "indicator--bbb36265-0af8-46bb-8bbf-93dc9dac5333", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d505ab4c-c36d-4241-a2db-ebfb3edcd386", + "created": "2026-03-15T13:01:20.443244Z", + "modified": "2026-03-15T13:01:20.443244Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sf2bisx5nhdkygn3l.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.443244Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f53a188a-73fd-4440-b527-4d8547a72435", + "created": "2026-03-15T13:01:20.4437Z", + "modified": "2026-03-15T13:01:20.4437Z", + "relationship_type": "indicates", + "source_ref": "indicator--d505ab4c-c36d-4241-a2db-ebfb3edcd386", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bd0378e5-560d-4322-b7f8-b270cdcd4ef1", + "created": "2026-03-15T13:01:20.443873Z", + "modified": "2026-03-15T13:01:20.443873Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='3d4jp3f81m8fzh7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.443873Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3db5af0e-0489-4d17-b559-794c3ff4e40a", + "created": "2026-03-15T13:01:20.444273Z", + "modified": "2026-03-15T13:01:20.444273Z", + "relationship_type": "indicates", + "source_ref": "indicator--bd0378e5-560d-4322-b7f8-b270cdcd4ef1", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0b5bf46c-c49d-4feb-9cfe-7ad8d58ad44b", + "created": "2026-03-15T13:01:20.444446Z", + "modified": "2026-03-15T13:01:20.444446Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yoe31t9k75av6qp.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.444446Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0419dbc9-c691-44a2-8eca-2e87162d047d", + "created": "2026-03-15T13:01:20.444871Z", + "modified": "2026-03-15T13:01:20.444871Z", + "relationship_type": "indicates", + "source_ref": "indicator--0b5bf46c-c49d-4feb-9cfe-7ad8d58ad44b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--de779a76-789e-4d39-81c6-4cf44f789a8c", + "created": "2026-03-15T13:01:20.445036Z", + "modified": "2026-03-15T13:01:20.445036Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hegjjypf3lzc3qn.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.445036Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cc900d27-cc35-4f11-9e8d-1c7e0cd0e621", + "created": "2026-03-15T13:01:20.445447Z", + "modified": "2026-03-15T13:01:20.445447Z", + "relationship_type": "indicates", + "source_ref": "indicator--de779a76-789e-4d39-81c6-4cf44f789a8c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8d41ae0b-b19f-4767-bd21-b301da2a2f42", + "created": "2026-03-15T13:01:20.445601Z", + "modified": "2026-03-15T13:01:20.445601Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cphrz39s5qm4t1y.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.445601Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--83c1d4a8-9c34-4d33-92d3-d59121742218", + "created": "2026-03-15T13:01:20.445998Z", + "modified": "2026-03-15T13:01:20.445998Z", + "relationship_type": "indicates", + "source_ref": "indicator--8d41ae0b-b19f-4767-bd21-b301da2a2f42", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6ec34b0d-1b9b-4c74-8c86-f2bdebc2fc49", + "created": "2026-03-15T13:01:20.446161Z", + "modified": "2026-03-15T13:01:20.446161Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='vu28ylznt0izc3w.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.446161Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d8c53c62-7b7c-4184-9a49-8d09ca562169", + "created": "2026-03-15T13:01:20.44656Z", + "modified": "2026-03-15T13:01:20.44656Z", + "relationship_type": "indicates", + "source_ref": "indicator--6ec34b0d-1b9b-4c74-8c86-f2bdebc2fc49", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4d0f318d-fd5d-482a-888b-95ea72aa6765", + "created": "2026-03-15T13:01:20.446723Z", + "modified": "2026-03-15T13:01:20.446723Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='lddx3z2d72aa8i6.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.446723Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bb3b410e-f6f6-444b-9b81-a468263d1a24", + "created": "2026-03-15T13:01:20.447123Z", + "modified": "2026-03-15T13:01:20.447123Z", + "relationship_type": "indicates", + "source_ref": "indicator--4d0f318d-fd5d-482a-888b-95ea72aa6765", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--912487d0-8a4d-4e3c-b1f5-f6520e8498c4", + "created": "2026-03-15T13:01:20.447286Z", + "modified": "2026-03-15T13:01:20.447286Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='hfteigt3kt0sf3z.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.447286Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--32a3333e-574b-4625-929f-264a186a70e4", + "created": "2026-03-15T13:01:20.447677Z", + "modified": "2026-03-15T13:01:20.447677Z", + "relationship_type": "indicates", + "source_ref": "indicator--912487d0-8a4d-4e3c-b1f5-f6520e8498c4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5e881e20-c294-4566-9af7-8ce8c71cd65b", + "created": "2026-03-15T13:01:20.447836Z", + "modified": "2026-03-15T13:01:20.447836Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='7w9mfrk9r6xrx6a.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.447836Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--be66aa3e-e41f-44b5-a474-a4ef3b973303", + "created": "2026-03-15T13:01:20.448368Z", + "modified": "2026-03-15T13:01:20.448368Z", + "relationship_type": "indicates", + "source_ref": "indicator--5e881e20-c294-4566-9af7-8ce8c71cd65b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--11899864-14f8-4b34-b701-c31ebd6df586", + "created": "2026-03-15T13:01:20.448564Z", + "modified": "2026-03-15T13:01:20.448564Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='4ka4437sf5ns05x.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.448564Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5bc251be-aabb-496c-a960-ed8b1a5afb5b", + "created": "2026-03-15T13:01:20.448981Z", + "modified": "2026-03-15T13:01:20.448981Z", + "relationship_type": "indicates", + "source_ref": "indicator--11899864-14f8-4b34-b701-c31ebd6df586", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bd1ee372-efc7-4931-be38-658449f6d8dc", + "created": "2026-03-15T13:01:20.449148Z", + "modified": "2026-03-15T13:01:20.449148Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='znjf3yk1x4yyht7.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.449148Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4ca6108a-b5e3-4635-bb1e-92fced5963a3", + "created": "2026-03-15T13:01:20.449551Z", + "modified": "2026-03-15T13:01:20.449551Z", + "relationship_type": "indicates", + "source_ref": "indicator--bd1ee372-efc7-4931-be38-658449f6d8dc", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--55903b18-4ab3-4c08-bc5e-84df2633a4db", + "created": "2026-03-15T13:01:20.449724Z", + "modified": "2026-03-15T13:01:20.449724Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='g18uw6zaiqeprj1.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.449724Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a1acae2e-67db-4e0f-a118-25947bcbb872", + "created": "2026-03-15T13:01:20.450152Z", + "modified": "2026-03-15T13:01:20.450152Z", + "relationship_type": "indicates", + "source_ref": "indicator--55903b18-4ab3-4c08-bc5e-84df2633a4db", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--fa4f68a1-df03-470d-9fb8-6cf83ac3506e", + "created": "2026-03-15T13:01:20.45032Z", + "modified": "2026-03-15T13:01:20.45032Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='2s3b3rknfqtwwpo.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.45032Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--67f5f880-98e6-49cf-826a-988b246ea996", + "created": "2026-03-15T13:01:20.450734Z", + "modified": "2026-03-15T13:01:20.450734Z", + "relationship_type": "indicates", + "source_ref": "indicator--fa4f68a1-df03-470d-9fb8-6cf83ac3506e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--36c26f22-82ed-4989-98e9-5e7f0805bfca", + "created": "2026-03-15T13:01:20.45091Z", + "modified": "2026-03-15T13:01:20.45091Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pen0axt0u476duw.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.45091Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ab0f9d80-c08e-4c69-9131-1bab992ab39f", + "created": "2026-03-15T13:01:20.451315Z", + "modified": "2026-03-15T13:01:20.451315Z", + "relationship_type": "indicates", + "source_ref": "indicator--36c26f22-82ed-4989-98e9-5e7f0805bfca", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--65152779-650d-491d-ac29-4a65097d6f67", + "created": "2026-03-15T13:01:20.451482Z", + "modified": "2026-03-15T13:01:20.451482Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='nk3kuxai4q3hn7k.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.451482Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b62bf455-752d-4f3f-af5e-03cd727876f4", + "created": "2026-03-15T13:01:20.451891Z", + "modified": "2026-03-15T13:01:20.451891Z", + "relationship_type": "indicates", + "source_ref": "indicator--65152779-650d-491d-ac29-4a65097d6f67", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e6568afe-8a28-4478-98af-2b918ad4a20e", + "created": "2026-03-15T13:01:20.452059Z", + "modified": "2026-03-15T13:01:20.452059Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='mkkku.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.452059Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--baff1b23-f1f3-4147-89b5-389414059368", + "created": "2026-03-15T13:01:20.452453Z", + "modified": "2026-03-15T13:01:20.452453Z", + "relationship_type": "indicates", + "source_ref": "indicator--e6568afe-8a28-4478-98af-2b918ad4a20e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c6133b63-9975-4689-a662-f27e3bbb9061", + "created": "2026-03-15T13:01:20.452597Z", + "modified": "2026-03-15T13:01:20.452597Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='seven7.vip']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.452597Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a7f7b6e2-bdb9-42b2-a740-6e83b93c7643", + "created": "2026-03-15T13:01:20.452967Z", + "modified": "2026-03-15T13:01:20.452967Z", + "relationship_type": "indicates", + "source_ref": "indicator--c6133b63-9975-4689-a662-f27e3bbb9061", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--23afc98b-7f8c-4450-83a5-2cf2eb517c22", + "created": "2026-03-15T13:01:20.45313Z", + "modified": "2026-03-15T13:01:20.45313Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='3v5w1km5gv.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.45313Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--595be4d6-cf8f-4523-819f-f5afbc1a9ad1", + "created": "2026-03-15T13:01:20.453718Z", + "modified": "2026-03-15T13:01:20.453718Z", + "relationship_type": "indicates", + "source_ref": "indicator--23afc98b-7f8c-4450-83a5-2cf2eb517c22", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2a7f9ff8-3697-4bb6-b0e8-424525fa906e", + "created": "2026-03-15T13:01:20.453938Z", + "modified": "2026-03-15T13:01:20.453938Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='uylbh9ab07zs0nr.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.453938Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bbae45af-3236-4fc2-b47a-04ad512827f1", + "created": "2026-03-15T13:01:20.454362Z", + "modified": "2026-03-15T13:01:20.454362Z", + "relationship_type": "indicates", + "source_ref": "indicator--2a7f9ff8-3697-4bb6-b0e8-424525fa906e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5248e266-e608-47b0-80f8-bdddc308af31", + "created": "2026-03-15T13:01:20.454528Z", + "modified": "2026-03-15T13:01:20.454528Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='8ejr7ea5jx13vbp.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.454528Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d44e8167-a952-4a31-96ce-0b7cbdb193f3", + "created": "2026-03-15T13:01:20.454937Z", + "modified": "2026-03-15T13:01:20.454937Z", + "relationship_type": "indicates", + "source_ref": "indicator--5248e266-e608-47b0-80f8-bdddc308af31", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bbb55e90-6a39-41f6-a372-098cd23f1f08", + "created": "2026-03-15T13:01:20.455103Z", + "modified": "2026-03-15T13:01:20.455103Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='5h47uppyl1wplzj.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.455103Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--1142ae1a-f3e7-4cc2-8cc8-315396813164", + "created": "2026-03-15T13:01:20.4555Z", + "modified": "2026-03-15T13:01:20.4555Z", + "relationship_type": "indicates", + "source_ref": "indicator--bbb55e90-6a39-41f6-a372-098cd23f1f08", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9c360e49-5999-4db0-b73f-e5ae05c9bd0b", + "created": "2026-03-15T13:01:20.455664Z", + "modified": "2026-03-15T13:01:20.455664Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='4kgame.us']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.455664Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--3dd6bb67-08ed-4b37-92a7-755a878979e5", + "created": "2026-03-15T13:01:20.456059Z", + "modified": "2026-03-15T13:01:20.456059Z", + "relationship_type": "indicates", + "source_ref": "indicator--9c360e49-5999-4db0-b73f-e5ae05c9bd0b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--64cdb129-8642-4bf3-b3cc-9c85bcf17e2d", + "created": "2026-03-15T13:01:20.456224Z", + "modified": "2026-03-15T13:01:20.456224Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='8fn4957c5g986jp.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.456224Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--8f5622e9-e546-4763-b45b-640736e4d534", + "created": "2026-03-15T13:01:20.456625Z", + "modified": "2026-03-15T13:01:20.456625Z", + "relationship_type": "indicates", + "source_ref": "indicator--64cdb129-8642-4bf3-b3cc-9c85bcf17e2d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c8f3dee6-ff70-4463-aca4-d70b1dde463b", + "created": "2026-03-15T13:01:20.456788Z", + "modified": "2026-03-15T13:01:20.456788Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cryptocurrencyworld.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.456788Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7d99541c-aca0-4d73-8caf-84d2cd1eaff7", + "created": "2026-03-15T13:01:20.457188Z", + "modified": "2026-03-15T13:01:20.457188Z", + "relationship_type": "indicates", + "source_ref": "indicator--c8f3dee6-ff70-4463-aca4-d70b1dde463b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--20d8999c-6470-435a-a3f7-9cc872491cbd", + "created": "2026-03-15T13:01:20.457352Z", + "modified": "2026-03-15T13:01:20.457352Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='gafa4z8n22l5z2d.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.457352Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--2ccca49e-b181-4f3d-a079-c2bb578a172f", + "created": "2026-03-15T13:01:20.457731Z", + "modified": "2026-03-15T13:01:20.457731Z", + "relationship_type": "indicates", + "source_ref": "indicator--20d8999c-6470-435a-a3f7-9cc872491cbd", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--811ea5bb-0da1-477f-9f9f-d414a7e29c58", + "created": "2026-03-15T13:01:20.45789Z", + "modified": "2026-03-15T13:01:20.45789Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='qkcun3zog9k03gm.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.45789Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c03c8236-b8e0-451f-8b6d-8fa3e4d94be5", + "created": "2026-03-15T13:01:20.458291Z", + "modified": "2026-03-15T13:01:20.458291Z", + "relationship_type": "indicates", + "source_ref": "indicator--811ea5bb-0da1-477f-9f9f-d414a7e29c58", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f7907f85-3aa0-45c7-aafd-f2a5db8991b2", + "created": "2026-03-15T13:01:20.458463Z", + "modified": "2026-03-15T13:01:20.458463Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='noasu0d4szv6e0a.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.458463Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b205fa4b-c1de-4550-81ea-997e62e568a6", + "created": "2026-03-15T13:01:20.458983Z", + "modified": "2026-03-15T13:01:20.458983Z", + "relationship_type": "indicates", + "source_ref": "indicator--f7907f85-3aa0-45c7-aafd-f2a5db8991b2", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ddb1bf9a-b3f6-4e23-becb-a21215f5bd51", + "created": "2026-03-15T13:01:20.45917Z", + "modified": "2026-03-15T13:01:20.45917Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='92a3qke4at4fwmz.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.45917Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4183b5b5-fb9f-4168-8a15-b41539a3e76f", + "created": "2026-03-15T13:01:20.45959Z", + "modified": "2026-03-15T13:01:20.45959Z", + "relationship_type": "indicates", + "source_ref": "indicator--ddb1bf9a-b3f6-4e23-becb-a21215f5bd51", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a1b361a5-f4b5-4904-90e2-40f45d82e6b6", + "created": "2026-03-15T13:01:20.459763Z", + "modified": "2026-03-15T13:01:20.459763Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='bh6jnmi21q2qs7n.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.459763Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cc7b9a0f-d721-4a2a-95b8-04970f74fdb5", + "created": "2026-03-15T13:01:20.460195Z", + "modified": "2026-03-15T13:01:20.460195Z", + "relationship_type": "indicates", + "source_ref": "indicator--a1b361a5-f4b5-4904-90e2-40f45d82e6b6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--c760065a-d8a7-486d-8c56-05a5ce3ff9a7", + "created": "2026-03-15T13:01:20.46039Z", + "modified": "2026-03-15T13:01:20.46039Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dkuu0e7n5jsyakv.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.46039Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a5962b39-8354-4c59-9293-138889a760c3", + "created": "2026-03-15T13:01:20.460782Z", + "modified": "2026-03-15T13:01:20.460782Z", + "relationship_type": "indicates", + "source_ref": "indicator--c760065a-d8a7-486d-8c56-05a5ce3ff9a7", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7e0043f9-fd94-4a2e-a321-cd0eed25fa50", + "created": "2026-03-15T13:01:20.460942Z", + "modified": "2026-03-15T13:01:20.460942Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='6zvjeulzaw5c0mv.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.460942Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b3324393-2c94-46a6-97a9-bc2fb39e9ab4", + "created": "2026-03-15T13:01:20.461335Z", + "modified": "2026-03-15T13:01:20.461335Z", + "relationship_type": "indicates", + "source_ref": "indicator--7e0043f9-fd94-4a2e-a321-cd0eed25fa50", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--300ee9e4-1606-41e6-b3bc-461544eee6ac", + "created": "2026-03-15T13:01:20.461502Z", + "modified": "2026-03-15T13:01:20.461502Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='xr5n4fl9rt5lxsd.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.461502Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--02bd30ec-7eb5-439c-a1ec-95cfb59bec3b", + "created": "2026-03-15T13:01:20.461883Z", + "modified": "2026-03-15T13:01:20.461883Z", + "relationship_type": "indicates", + "source_ref": "indicator--300ee9e4-1606-41e6-b3bc-461544eee6ac", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ca8cfc26-bdd1-4737-ab07-0901434b375a", + "created": "2026-03-15T13:01:20.462045Z", + "modified": "2026-03-15T13:01:20.462045Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='cy8.top']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.462045Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da973dce-3826-40bc-8310-788d373fc958", + "created": "2026-03-15T13:01:20.462445Z", + "modified": "2026-03-15T13:01:20.462445Z", + "relationship_type": "indicates", + "source_ref": "indicator--ca8cfc26-bdd1-4737-ab07-0901434b375a", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2e077510-e6c8-47b4-9a40-2a5fa8895314", + "created": "2026-03-15T13:01:20.462602Z", + "modified": "2026-03-15T13:01:20.462602Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='fs7ag8pics8ra9n.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.462602Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ac72c759-f8b3-4633-80a5-ed03634b9c06", + "created": "2026-03-15T13:01:20.462975Z", + "modified": "2026-03-15T13:01:20.462975Z", + "relationship_type": "indicates", + "source_ref": "indicator--2e077510-e6c8-47b4-9a40-2a5fa8895314", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--71cb00e6-c1a2-47a1-af8e-322a8e02a14d", + "created": "2026-03-15T13:01:20.463137Z", + "modified": "2026-03-15T13:01:20.463137Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='pdzrz46tdskodhj.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.463137Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5360451e-fe41-45bc-b9c2-8051017b50a4", + "created": "2026-03-15T13:01:20.46354Z", + "modified": "2026-03-15T13:01:20.46354Z", + "relationship_type": "indicates", + "source_ref": "indicator--71cb00e6-c1a2-47a1-af8e-322a8e02a14d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--03dfde16-fe4c-4856-befe-e2a86982d614", + "created": "2026-03-15T13:01:20.46371Z", + "modified": "2026-03-15T13:01:20.46371Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='yvgy29glwf72qnl.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.46371Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--520837d2-6099-44dc-bdd5-e57638c9d159", + "created": "2026-03-15T13:01:20.464497Z", + "modified": "2026-03-15T13:01:20.464497Z", + "relationship_type": "indicates", + "source_ref": "indicator--03dfde16-fe4c-4856-befe-e2a86982d614", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--943d5d23-4af4-4707-ac44-06154689d559", + "created": "2026-03-15T13:01:20.464695Z", + "modified": "2026-03-15T13:01:20.464695Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='uawwydy3qas6ykv.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.464695Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e4b9ebe5-84f4-43d9-8b8f-9501bd9db4f8", + "created": "2026-03-15T13:01:20.465137Z", + "modified": "2026-03-15T13:01:20.465137Z", + "relationship_type": "indicates", + "source_ref": "indicator--943d5d23-4af4-4707-ac44-06154689d559", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--28f2f86e-e8b9-44f5-b10d-18204d14c517", + "created": "2026-03-15T13:01:20.465306Z", + "modified": "2026-03-15T13:01:20.465306Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ai-scorepredict.com']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.465306Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--da73dd91-75cf-43fb-93df-1ed6e6cba39c", + "created": "2026-03-15T13:01:20.465728Z", + "modified": "2026-03-15T13:01:20.465728Z", + "relationship_type": "indicates", + "source_ref": "indicator--28f2f86e-e8b9-44f5-b10d-18204d14c517", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--b406075a-cd53-42cc-9de2-45be387c6b07", + "created": "2026-03-15T13:01:20.465898Z", + "modified": "2026-03-15T13:01:20.465898Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='74un9sf4iaidr9j.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.465898Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--021a64dc-8709-4b54-bdd4-16e5a7785bf3", + "created": "2026-03-15T13:01:20.466298Z", + "modified": "2026-03-15T13:01:20.466298Z", + "relationship_type": "indicates", + "source_ref": "indicator--b406075a-cd53-42cc-9de2-45be387c6b07", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--78c688ee-e5f1-4230-8f5b-92cf08a3aac0", + "created": "2026-03-15T13:01:20.466487Z", + "modified": "2026-03-15T13:01:20.466487Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='sm8qpfmv0ldodpj.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.466487Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f4b7d288-dee8-4a00-84ac-2d851abfd2af", + "created": "2026-03-15T13:01:20.466884Z", + "modified": "2026-03-15T13:01:20.466884Z", + "relationship_type": "indicates", + "source_ref": "indicator--78c688ee-e5f1-4230-8f5b-92cf08a3aac0", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--578f16fc-9018-42cb-b65d-afa96addf83a", + "created": "2026-03-15T13:01:20.467045Z", + "modified": "2026-03-15T13:01:20.467045Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='as75qetdi25wvgu.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.467045Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--7353d196-ea94-4790-bb7e-64f5be367c4d", + "created": "2026-03-15T13:01:20.467449Z", + "modified": "2026-03-15T13:01:20.467449Z", + "relationship_type": "indicates", + "source_ref": "indicator--578f16fc-9018-42cb-b65d-afa96addf83a", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f127ad66-dfbc-40e5-aafa-490708b26245", + "created": "2026-03-15T13:01:20.467616Z", + "modified": "2026-03-15T13:01:20.467616Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='dud1otgja7rnwan.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.467616Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0940b3c0-674f-4424-8568-dc61d84dcc8c", + "created": "2026-03-15T13:01:20.468002Z", + "modified": "2026-03-15T13:01:20.468002Z", + "relationship_type": "indicates", + "source_ref": "indicator--f127ad66-dfbc-40e5-aafa-490708b26245", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ef43bf6a-13cf-4a98-9545-8159675cd664", + "created": "2026-03-15T13:01:20.468161Z", + "modified": "2026-03-15T13:01:20.468161Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='ztvnhmhm4zj95w3.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.468161Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4ed3520e-b048-4187-9698-1106d5efebeb", + "created": "2026-03-15T13:01:20.468548Z", + "modified": "2026-03-15T13:01:20.468548Z", + "relationship_type": "indicates", + "source_ref": "indicator--ef43bf6a-13cf-4a98-9545-8159675cd664", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6f155dd7-29d6-400b-892e-f326f6cae1f8", + "created": "2026-03-15T13:01:20.468709Z", + "modified": "2026-03-15T13:01:20.468709Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='v2gmupm7o4zihc3.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.468709Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5a62560f-f33e-4d69-a5d6-6ed043a8b29c", + "created": "2026-03-15T13:01:20.469092Z", + "modified": "2026-03-15T13:01:20.469092Z", + "relationship_type": "indicates", + "source_ref": "indicator--6f155dd7-29d6-400b-892e-f326f6cae1f8", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--97c35f4b-90de-4126-a107-ab172d7f01d9", + "created": "2026-03-15T13:01:20.469242Z", + "modified": "2026-03-15T13:01:20.469242Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='k96.icu']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.469242Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a061df8f-9d28-4e14-93c0-ce92c2a83797", + "created": "2026-03-15T13:01:20.469757Z", + "modified": "2026-03-15T13:01:20.469757Z", + "relationship_type": "indicates", + "source_ref": "indicator--97c35f4b-90de-4126-a107-ab172d7f01d9", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d6ae5a79-187a-4e1c-93d8-566c690688c4", + "created": "2026-03-15T13:01:20.469932Z", + "modified": "2026-03-15T13:01:20.469932Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[domain-name:value='642qipcdkhr8two.xyz']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.469932Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c1ba0798-255e-43b7-ab34-ed530c8f6318", + "created": "2026-03-15T13:01:20.470368Z", + "modified": "2026-03-15T13:01:20.470368Z", + "relationship_type": "indicates", + "source_ref": "indicator--d6ae5a79-187a-4e1c-93d8-566c690688c4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--457bdb1a-2225-4638-bdac-0d2f901a8c33", + "created": "2026-03-15T13:01:20.470545Z", + "modified": "2026-03-15T13:01:20.470545Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='05b5e4070b3b8a130b12ea96c5526b4615fcae121bb802b1a10c3a7a70f39901']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.470545Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b51197de-0429-4c9a-ad75-25d14ffeda91", + "created": "2026-03-15T13:01:20.472447Z", + "modified": "2026-03-15T13:01:20.472447Z", + "relationship_type": "indicates", + "source_ref": "indicator--457bdb1a-2225-4638-bdac-0d2f901a8c33", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ada9b808-8c93-4164-841a-362a9a9f83d1", + "created": "2026-03-15T13:01:20.472662Z", + "modified": "2026-03-15T13:01:20.472662Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='d517c3868c5e7808202f53fa78d827a308d94500ae9051db0a62e11f7852e802']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.472662Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--bb13d07f-c39e-41dd-9324-4ab83f0440ac", + "created": "2026-03-15T13:01:20.473185Z", + "modified": "2026-03-15T13:01:20.473185Z", + "relationship_type": "indicates", + "source_ref": "indicator--ada9b808-8c93-4164-841a-362a9a9f83d1", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--6897d27b-dbce-432d-9f2a-6cab4cf6c6a4", + "created": "2026-03-15T13:01:20.47338Z", + "modified": "2026-03-15T13:01:20.47338Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='0dff17e3aa12c4928273c70a2e0a6fff25d3e43c0d1b71056abad34a22b03495']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.47338Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5d0a613f-c0a4-4747-b380-9ac26959a9cb", + "created": "2026-03-15T13:01:20.473862Z", + "modified": "2026-03-15T13:01:20.473862Z", + "relationship_type": "indicates", + "source_ref": "indicator--6897d27b-dbce-432d-9f2a-6cab4cf6c6a4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--19f29b7b-d47d-47e5-9272-29c5b62c40b6", + "created": "2026-03-15T13:01:20.474038Z", + "modified": "2026-03-15T13:01:20.474038Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='4dc255504a6c3ea8714ccdc95cc04138dc6c92130887274c8582b4a96ebab4a8']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.474038Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a2b85832-041b-4cf6-a527-7e9eda1a2788", + "created": "2026-03-15T13:01:20.474528Z", + "modified": "2026-03-15T13:01:20.474528Z", + "relationship_type": "indicates", + "source_ref": "indicator--19f29b7b-d47d-47e5-9272-29c5b62c40b6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--71e2252b-744c-47dd-a2f0-ba7a77366fd7", + "created": "2026-03-15T13:01:20.474692Z", + "modified": "2026-03-15T13:01:20.474692Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='42cc02cecd65f22a3658354c5a5efa6a6ec3d716c7fbbcd12df1d1b077d2591b']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.474692Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cb19aae2-2bbd-4ee8-a2f2-7bca4a44a2c8", + "created": "2026-03-15T13:01:20.475162Z", + "modified": "2026-03-15T13:01:20.475162Z", + "relationship_type": "indicates", + "source_ref": "indicator--71e2252b-744c-47dd-a2f0-ba7a77366fd7", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--68b6d347-8675-4c4c-8a2c-e29fe494d073", + "created": "2026-03-15T13:01:20.475322Z", + "modified": "2026-03-15T13:01:20.475322Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='499f6b1e012d9bc947eea8e23635dfe6464cd7c9d99eb11d5874bd7b613297b1']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.475322Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--e4872d40-bab8-4667-9aa5-a701b42d512c", + "created": "2026-03-15T13:01:20.475921Z", + "modified": "2026-03-15T13:01:20.475921Z", + "relationship_type": "indicates", + "source_ref": "indicator--68b6d347-8675-4c4c-8a2c-e29fe494d073", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bdef2452-e243-4296-bb06-7a4ae01f333c", + "created": "2026-03-15T13:01:20.476115Z", + "modified": "2026-03-15T13:01:20.476115Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='023e5fb71923cfa2088b9a48ad8566ff7ac92a99630add0629a5edf4679888de']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.476115Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ed1a261b-00f4-4be0-beb4-26566eaa96ee", + "created": "2026-03-15T13:01:20.476615Z", + "modified": "2026-03-15T13:01:20.476615Z", + "relationship_type": "indicates", + "source_ref": "indicator--bdef2452-e243-4296-bb06-7a4ae01f333c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5aa254e2-a564-433a-9f05-97c7a8254867", + "created": "2026-03-15T13:01:20.476776Z", + "modified": "2026-03-15T13:01:20.476776Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='be28b40df919d3fa87ed49e51135a719bd0616c9ac346ea5f20095cb78031ed9']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.476776Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5b6e1974-5475-4a5b-8ed6-dc035bb7d412", + "created": "2026-03-15T13:01:20.477229Z", + "modified": "2026-03-15T13:01:20.477229Z", + "relationship_type": "indicates", + "source_ref": "indicator--5aa254e2-a564-433a-9f05-97c7a8254867", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9eb68c0b-ac41-4205-bdae-7342f55268ad", + "created": "2026-03-15T13:01:20.477417Z", + "modified": "2026-03-15T13:01:20.477417Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='721b46b43b7084b98e51ab00606f08a6ccd30b23bef5e542088f0b5706a8f780']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.477417Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d5d2aaf5-1aac-4abc-906a-a810133ec6c4", + "created": "2026-03-15T13:01:20.477879Z", + "modified": "2026-03-15T13:01:20.477879Z", + "relationship_type": "indicates", + "source_ref": "indicator--9eb68c0b-ac41-4205-bdae-7342f55268ad", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--a1dcb428-f6fd-4067-a170-fe3cd2fd8328", + "created": "2026-03-15T13:01:20.478048Z", + "modified": "2026-03-15T13:01:20.478048Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='2a9d21ca07244932939c6c58699448f2147992c1f49cd3bc7d067bd92cb54f3a']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.478048Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ee1839b3-3be4-4907-865b-099abaf7db4b", + "created": "2026-03-15T13:01:20.478529Z", + "modified": "2026-03-15T13:01:20.478529Z", + "relationship_type": "indicates", + "source_ref": "indicator--a1dcb428-f6fd-4067-a170-fe3cd2fd8328", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4693c73d-aa38-4181-81cc-8c64c43fdb1c", + "created": "2026-03-15T13:01:20.478699Z", + "modified": "2026-03-15T13:01:20.478699Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='3c297829353778857edfeaed3ceeeca1bf8b60534f1979f7d442a0b03c56e541']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.478699Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--5244b872-01a0-4c0e-a9e0-0fead1641a71", + "created": "2026-03-15T13:01:20.479169Z", + "modified": "2026-03-15T13:01:20.479169Z", + "relationship_type": "indicates", + "source_ref": "indicator--4693c73d-aa38-4181-81cc-8c64c43fdb1c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ca5a50cd-68cd-4c22-9b0e-bdcb739a0f0b", + "created": "2026-03-15T13:01:20.479325Z", + "modified": "2026-03-15T13:01:20.479325Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='4dfcf5a71e5a8f27f748ac7fd7760dec0099ce338722215b4a5862b60c5b2bfd']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.479325Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0dc81fed-b7db-4f1d-ace2-615b4ed5e7c2", + "created": "2026-03-15T13:01:20.479807Z", + "modified": "2026-03-15T13:01:20.479807Z", + "relationship_type": "indicates", + "source_ref": "indicator--ca5a50cd-68cd-4c22-9b0e-bdcb739a0f0b", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--f83657c6-a6cd-4a80-81ca-ea64607c5a07", + "created": "2026-03-15T13:01:20.479978Z", + "modified": "2026-03-15T13:01:20.479978Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='10bd8f2f8bb9595664bb9160fbc4136f1d796cb5705c551f7ab8b9b1e658085c']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.479978Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--77f3387e-53e2-4846-888f-e55f9adc331a", + "created": "2026-03-15T13:01:20.480498Z", + "modified": "2026-03-15T13:01:20.480498Z", + "relationship_type": "indicates", + "source_ref": "indicator--f83657c6-a6cd-4a80-81ca-ea64607c5a07", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--12951e35-ff0e-46f1-a4dd-9c11da3fbecf", + "created": "2026-03-15T13:01:20.480694Z", + "modified": "2026-03-15T13:01:20.480694Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='18394fcc096344e0730e49a0098970b1c53c137f679cff5c7ff8902e651cd8a3']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.480694Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ee85e4eb-aa75-4b28-bdf2-1a7860c619c0", + "created": "2026-03-15T13:01:20.481177Z", + "modified": "2026-03-15T13:01:20.481177Z", + "relationship_type": "indicates", + "source_ref": "indicator--12951e35-ff0e-46f1-a4dd-9c11da3fbecf", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9205eef9-6736-415b-9835-9a934819514c", + "created": "2026-03-15T13:01:20.481357Z", + "modified": "2026-03-15T13:01:20.481357Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='d371e3bed18ee355438b166bbf3bdaf2e7c6a3af8931181b9649020553b07e7a']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.481357Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--6cbfb579-81db-4d0b-9e91-5f8013bcb2d5", + "created": "2026-03-15T13:01:20.481956Z", + "modified": "2026-03-15T13:01:20.481956Z", + "relationship_type": "indicates", + "source_ref": "indicator--9205eef9-6736-415b-9835-9a934819514c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--514d27cf-b449-4cfd-b8fb-7ea3045cc4be", + "created": "2026-03-15T13:01:20.482141Z", + "modified": "2026-03-15T13:01:20.482141Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='91d44c1f62fd863556aac0190cbef3b46abc4cbe880f80c580a1d258f0484c30']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.482141Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d3aaf0c5-ea3e-46f3-83c0-6413a610cf09", + "created": "2026-03-15T13:01:20.482618Z", + "modified": "2026-03-15T13:01:20.482618Z", + "relationship_type": "indicates", + "source_ref": "indicator--514d27cf-b449-4cfd-b8fb-7ea3045cc4be", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e7869ce3-2a97-4f84-8a76-90a0c5fa359c", + "created": "2026-03-15T13:01:20.48278Z", + "modified": "2026-03-15T13:01:20.48278Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='6eafd742f58db21fbaf5fd7636e6653446df04b4a5c9bca9104e5dfad34f547c']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.48278Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a9a936a3-2c33-41de-bb3c-1c657c6105fb", + "created": "2026-03-15T13:01:20.48325Z", + "modified": "2026-03-15T13:01:20.48325Z", + "relationship_type": "indicates", + "source_ref": "indicator--e7869ce3-2a97-4f84-8a76-90a0c5fa359c", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2ea52460-1f68-4b6b-b1ed-e089ee29c76f", + "created": "2026-03-15T13:01:20.483421Z", + "modified": "2026-03-15T13:01:20.483421Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='25a9b004cf61fb251c8d4024a8c7383a86cb30f60aa7d59ca53ce9460fcfb7de']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.483421Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--25dbdbe3-c07d-4e87-bcf5-af82ec11a3bf", + "created": "2026-03-15T13:01:20.483868Z", + "modified": "2026-03-15T13:01:20.483868Z", + "relationship_type": "indicates", + "source_ref": "indicator--2ea52460-1f68-4b6b-b1ed-e089ee29c76f", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3e676b15-2119-4ae1-a400-83835d7d1aaa", + "created": "2026-03-15T13:01:20.484025Z", + "modified": "2026-03-15T13:01:20.484025Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='f218068ea943a511b230f2a99991f6d1fbc2ac0aec7c796b261e2a26744929ac']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.484025Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--9c98aaf7-2f94-41d4-9986-afbed2396511", + "created": "2026-03-15T13:01:20.484488Z", + "modified": "2026-03-15T13:01:20.484488Z", + "relationship_type": "indicates", + "source_ref": "indicator--3e676b15-2119-4ae1-a400-83835d7d1aaa", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7e30ba07-97fa-48df-b2f9-dbdb3e3e92ab", + "created": "2026-03-15T13:01:20.484644Z", + "modified": "2026-03-15T13:01:20.484644Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:hashes.'SHA-256'='1fb9dedf1de81d387eff4bd5e747f730dd03c440157a66f20fdb5e95f64318c0']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.484644Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--05855bfb-9f29-48af-b3f1-290e84cb2d8e", + "created": "2026-03-15T13:01:20.485112Z", + "modified": "2026-03-15T13:01:20.485112Z", + "relationship_type": "indicates", + "source_ref": "indicator--7e30ba07-97fa-48df-b2f9-dbdb3e3e92ab", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e9b3b1bc-8902-4260-9a53-014e05b2f74e", + "created": "2026-03-15T13:01:20.485275Z", + "modified": "2026-03-15T13:01:20.485275Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/relaunch']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.485275Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ada7d3f3-01ce-4067-87ed-6ab2292ecad8", + "created": "2026-03-15T13:01:20.485876Z", + "modified": "2026-03-15T13:01:20.485876Z", + "relationship_type": "indicates", + "source_ref": "indicator--e9b3b1bc-8902-4260-9a53-014e05b2f74e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--d7d328c3-ff03-4c77-95c3-7be2112648e6", + "created": "2026-03-15T13:01:20.486042Z", + "modified": "2026-03-15T13:01:20.486042Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='Library/Preferences/com.apple.photolibraryd.plist']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.486042Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ce79ddf4-10b7-4920-922d-6c653d4057d1", + "created": "2026-03-15T13:01:20.486558Z", + "modified": "2026-03-15T13:01:20.486558Z", + "relationship_type": "indicates", + "source_ref": "indicator--d7d328c3-ff03-4c77-95c3-7be2112648e6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--4b0c993d-76e9-4a6c-a937-3b84438095ae", + "created": "2026-03-15T13:01:20.486754Z", + "modified": "2026-03-15T13:01:20.486754Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/pl.core.lock']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.486754Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f52ede4c-dcfb-4ede-aac7-e50b4fa040f9", + "created": "2026-03-15T13:01:20.487166Z", + "modified": "2026-03-15T13:01:20.487166Z", + "relationship_type": "indicates", + "source_ref": "indicator--4b0c993d-76e9-4a6c-a937-3b84438095ae", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--e9514d54-1038-4d7b-bc5d-c71db198c2ae", + "created": "2026-03-15T13:01:20.487351Z", + "modified": "2026-03-15T13:01:20.487351Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/stop']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.487351Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--aab6fb87-d85f-4ca2-881c-1ad9de6d555b", + "created": "2026-03-15T13:01:20.487882Z", + "modified": "2026-03-15T13:01:20.487882Z", + "relationship_type": "indicates", + "source_ref": "indicator--e9514d54-1038-4d7b-bc5d-c71db198c2ae", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--3ec7a582-cb2e-486a-9061-891ce941c0c4", + "created": "2026-03-15T13:01:20.488069Z", + "modified": "2026-03-15T13:01:20.488069Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/uninstall']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.488069Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--d6c92bc2-51f9-4cea-95cd-aeb0d5198948", + "created": "2026-03-15T13:01:20.488489Z", + "modified": "2026-03-15T13:01:20.488489Z", + "relationship_type": "indicates", + "source_ref": "indicator--3ec7a582-cb2e-486a-9061-891ce941c0c4", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--1f302f32-f1f7-4047-bb15-31627231bdfc", + "created": "2026-03-15T13:01:20.488659Z", + "modified": "2026-03-15T13:01:20.488659Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/mobile/Library/Preferences/com.apple.photolibraryd.plist']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.488659Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cae7da7d-b9ed-4baf-b4aa-05a817430abb", + "created": "2026-03-15T13:01:20.489125Z", + "modified": "2026-03-15T13:01:20.489125Z", + "relationship_type": "indicates", + "source_ref": "indicator--1f302f32-f1f7-4047-bb15-31627231bdfc", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--7aa61861-0f19-4fe3-a7f4-4c75f56cca22", + "created": "2026-03-15T13:01:20.489288Z", + "modified": "2026-03-15T13:01:20.489288Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/upgrade.dylib']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.489288Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--25accf3d-2e86-453d-b67b-0d5e6c443d3e", + "created": "2026-03-15T13:01:20.489763Z", + "modified": "2026-03-15T13:01:20.489763Z", + "relationship_type": "indicates", + "source_ref": "indicator--7aa61861-0f19-4fe3-a7f4-4c75f56cca22", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--9f2482b4-98d2-424f-8fc5-0ed959cb426e", + "created": "2026-03-15T13:01:20.490Z", + "modified": "2026-03-15T13:01:20.490Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/root/Library/Caches/com.apple.WebKit.WebContent/blob_d6c1a21adb11f0ea023b9a35']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.49Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--cf90f311-25ad-453b-90b0-6ea0daa4b045", + "created": "2026-03-15T13:01:20.490995Z", + "modified": "2026-03-15T13:01:20.490995Z", + "relationship_type": "indicates", + "source_ref": "indicator--9f2482b4-98d2-424f-8fc5-0ed959cb426e", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ede226ea-4930-4974-af85-5f0b24920e53", + "created": "2026-03-15T13:01:20.491269Z", + "modified": "2026-03-15T13:01:20.491269Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/root/Library/Caches/com.apple.nsurlsessiond/fsCachedData0E1A3DC1C51C2D879DE016E56D3EECE8']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.491269Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--345f6511-3156-491b-a46a-bbaccdbf3c8e", + "created": "2026-03-15T13:01:20.492185Z", + "modified": "2026-03-15T13:01:20.492185Z", + "relationship_type": "indicates", + "source_ref": "indicator--ede226ea-4930-4974-af85-5f0b24920e53", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--77927af1-f674-4d5d-8ad5-7721090dc026", + "created": "2026-03-15T13:01:20.492464Z", + "modified": "2026-03-15T13:01:20.492464Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/tmp/pl.sp.exec.guard.lock']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.492464Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--4a92bfba-a57c-47fe-aac0-aee0662e651d", + "created": "2026-03-15T13:01:20.493101Z", + "modified": "2026-03-15T13:01:20.493101Z", + "relationship_type": "indicates", + "source_ref": "indicator--77927af1-f674-4d5d-8ad5-7721090dc026", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--57b1010f-4ccb-4b2b-afa4-1baef887672d", + "created": "2026-03-15T13:01:20.493317Z", + "modified": "2026-03-15T13:01:20.493317Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/mobile/Library/Caches/.com.apple.notes.cache.plist']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.493317Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ad5da7c0-7457-44a4-ae71-2f86fdd7a72d", + "created": "2026-03-15T13:01:20.493908Z", + "modified": "2026-03-15T13:01:20.493908Z", + "relationship_type": "indicates", + "source_ref": "indicator--57b1010f-4ccb-4b2b-afa4-1baef887672d", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--af77bd2f-0c2a-4902-b94e-2914f0cbf72a", + "created": "2026-03-15T13:01:20.494122Z", + "modified": "2026-03-15T13:01:20.494122Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:path='/private/var/mobile/Library/Caches/.com.apple.mobileassetd.cache']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.494122Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--c7831935-b1d1-420e-bc68-dd7471c5dc0f", + "created": "2026-03-15T13:01:20.494739Z", + "modified": "2026-03-15T13:01:20.494739Z", + "relationship_type": "indicates", + "source_ref": "indicator--af77bd2f-0c2a-4902-b94e-2914f0cbf72a", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--8284a9f1-45dd-4afc-9942-cb56c6698fe8", + "created": "2026-03-15T13:01:20.49504Z", + "modified": "2026-03-15T13:01:20.49504Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='pl.sp.exec.guard.lock']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.49504Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--a65fd664-1def-4dbe-8ac2-0703682639ef", + "created": "2026-03-15T13:01:20.49587Z", + "modified": "2026-03-15T13:01:20.49587Z", + "relationship_type": "indicates", + "source_ref": "indicator--8284a9f1-45dd-4afc-9942-cb56c6698fe8", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--0e8a23f4-b515-4021-ab0e-8c29ac566c75", + "created": "2026-03-15T13:01:20.496146Z", + "modified": "2026-03-15T13:01:20.496146Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='com.apple.photolibraryd.plist']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.496146Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--0ed2210c-d7d0-47cf-af2d-899ecef8d1bb", + "created": "2026-03-15T13:01:20.49662Z", + "modified": "2026-03-15T13:01:20.49662Z", + "relationship_type": "indicates", + "source_ref": "indicator--0e8a23f4-b515-4021-ab0e-8c29ac566c75", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--5364d49c-6658-476e-8d42-e227634a6c13", + "created": "2026-03-15T13:01:20.4968Z", + "modified": "2026-03-15T13:01:20.4968Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='fsCachedData0E1A3DC1C51C2D879DE016E56D3EECE8']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.4968Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--ac2e629b-d2de-433e-b21c-a6bae906bb93", + "created": "2026-03-15T13:01:20.497222Z", + "modified": "2026-03-15T13:01:20.497222Z", + "relationship_type": "indicates", + "source_ref": "indicator--5364d49c-6658-476e-8d42-e227634a6c13", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--28beed2a-7df6-4142-b758-cf757a6df1d6", + "created": "2026-03-15T13:01:20.497403Z", + "modified": "2026-03-15T13:01:20.497403Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='pl.core.lock']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.497403Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--61412817-4089-41b4-89c0-87333dee3cac", + "created": "2026-03-15T13:01:20.49782Z", + "modified": "2026-03-15T13:01:20.49782Z", + "relationship_type": "indicates", + "source_ref": "indicator--28beed2a-7df6-4142-b758-cf757a6df1d6", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--2222dd05-84f6-4530-be06-b3266d680d83", + "created": "2026-03-15T13:01:20.497999Z", + "modified": "2026-03-15T13:01:20.497999Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='.com.apple.notes.cache.plist']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.497999Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--f27671c0-5c46-483f-96bb-82c04f502c7c", + "created": "2026-03-15T13:01:20.498502Z", + "modified": "2026-03-15T13:01:20.498502Z", + "relationship_type": "indicates", + "source_ref": "indicator--2222dd05-84f6-4530-be06-b3266d680d83", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--bb09b282-547c-4a5a-91ea-a0c34878e649", + "created": "2026-03-15T13:01:20.498682Z", + "modified": "2026-03-15T13:01:20.498682Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='.com.apple.mobileassetd.cache']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.498682Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--10c5fe56-7f8a-4fb8-956f-758c61fa0863", + "created": "2026-03-15T13:01:20.499094Z", + "modified": "2026-03-15T13:01:20.499094Z", + "relationship_type": "indicates", + "source_ref": "indicator--bb09b282-547c-4a5a-91ea-a0c34878e649", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + }, + { + "type": "indicator", + "spec_version": "2.1", + "id": "indicator--ac8c06c6-6737-4712-aabf-38a3ab1def61", + "created": "2026-03-15T13:01:20.499286Z", + "modified": "2026-03-15T13:01:20.499286Z", + "indicator_types": [ + "malicious-activity" + ], + "pattern": "[file:name='blob_d6c1a21adb11f0ea023b9a35']", + "pattern_type": "stix", + "pattern_version": "2.1", + "valid_from": "2026-03-15T13:01:20.499286Z" + }, + { + "type": "relationship", + "spec_version": "2.1", + "id": "relationship--b9c052c7-f429-47c5-8bbd-469fd7121f92", + "created": "2026-03-15T13:01:20.499738Z", + "modified": "2026-03-15T13:01:20.499738Z", + "relationship_type": "indicates", + "source_ref": "indicator--ac8c06c6-6737-4712-aabf-38a3ab1def61", + "target_ref": "malware--e61dbe7b-c0c6-40b2-a516-00b7f157089b" + } + ] +} \ No newline at end of file diff --git a/2026-03-03_coruna_cryptowaters/domains.txt b/2026-03-03_coruna_cryptowaters/domains.txt new file mode 100644 index 0000000..65f8d1a --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/domains.txt @@ -0,0 +1,177 @@ +snrysedijwbkwin.xyz +uawwydy3qas6ykv.xyz +92a3qke4at4fwmz.xyz +wlf6n6bml3ng89q.xyz +fxp34lig1xtahno.xyz +vun5plmaxydremk.xyz +8ejr7ea5jx13vbp.xyz +fzz81wv0c5l60j6.xyz +znjf3yk1x4yyht7.xyz +2zaaali0ptn06q9.xyz +hegjjypf3lzc3qn.xyz +24e661zz9j4tcr7.xyz +868qhkirb5l2n0i.xyz +oqb2oaq7d1vtb4s.xyz +pdzrz46tdskodhj.xyz +a1ku2qvyyo09c9l.xyz +l7coq3s7mosgetz.xyz +erjthj4k3aqz04x.xyz +are7nuagy9a68uf.xyz +h1yvb0pd9gl9422.xyz +xlvmfod3upi2ic5.xyz +fbn98qo7hk35w0t.xyz +e00l4axt0yf7m2k.xyz +cphrz39s5qm4t1y.xyz +3d4jp3f81m8fzh7.xyz +nr48mjgvgcjgklc.xyz +s6a7faijhiddeb8.xyz +8kc3bu969yz7f9t.xyz +642qipcdkhr8two.xyz +5dr9adwy7i4ndkx.xyz +aidm8it5hf1jmtj.xyz +4ka4437sf5ns05x.xyz +5h47uppyl1wplzj.xyz +yva538ay3mz7008.xyz +axs7x0ad629ggpf.xyz +xr5n4fl9rt5lxsd.xyz +ufli5en5arh9c7b.xyz +n9cfcqvl0ihcn3a.xyz +0zhlpgnh9op23uu.xyz +0qx9g8ary2fzc5a.xyz +tcqk4shuq6vosa2.xyz +yve6eagcq7wcokf.xyz +b96r89p5bnuwbc7.xyz +oljxbg4phuv51ql.xyz +2isrlfna7sc7lf8.xyz +fdiw0xw1o9r6zk3.xyz +fs7ag8pics8ra9n.xyz +2hcsb7l539mxxc7.xyz +fgr1w2gnsdvsb.xyz/x +medobv5dkjl2bm0.xyz +yoe31t9k75av6qp.xyz +z2c4fbfnp1pm68b.xyz +sm8qpfmv0ldodpj.xyz +g18uw6zaiqeprj1.xyz +dkuu0e7n5jsyakv.xyz +74un9sf4iaidr9j.xyz +qkcun3zog9k03gm.xyz +q25b6rps0y8qe2f.xyz +eebiov4uh9lk8i4.xyz +lsnngjyu9x6vcg0.xyz +vu28ylznt0izc3w.xyz +abw3wzr59io82se.xyz +pbp5j308edop478.xyz +x6kcdjgagpl05z9.xyz +57asjxkgrdwkirg.xyz +alnjjsdbsgzza7y.xyz +it7cp49qehrj85j.xyz +9hl73l96udxp8dz.xyz +cc0mvv7661lymjb.xyz +shnqt4e97bc17l6.xyz +jw732utrrcvqwbp.xyz +c5t8kptatr57n7y.xyz +6vmbk72t82wmbsu.xyz +mxbc-v2.tjbjdod.cn +2i93m6puuqrmbzu.xyz +m5pfh9jwsj090e8.xyz +amewkw0nfd11qpr.xyz +ibrzwbxsn6rgyai.xyz +kyaadeow5dldqu9.xyz +0zsz6hq2adbfcgn.xyz +k88q386znxmk4f3.xyz +vizpwtdjlluhucu.xyz +as75qetdi25wvgu.xyz +bh6jnmi21q2qs7n.xyz +dv51kcinorhi2aj.xyz +ewllhwxz16atjlx.xyz +noasu0d4szv6e0a.xyz +pflfkewv5g23mag.xyz +hmpfdh7p8n6i5zr.xyz +14sy5i89hxoqvvz.xyz +7w9mfrk9r6xrx6a.xyz +1idhfxkoylkt49i.xyz +xc824fji4wkhib2.xyz +2d3zd2qa1i08756.xyz +mvqpy8leaale0tx.xyz +ccpqqe9rtz00s24.xyz +nk3kuxai4q3hn7k.xyz +uylbh9ab07zs0nr.xyz +cwt92c4w1u0f70s.xyz +ar2ojsx340jksmg.xyz +gafa4z8n22l5z2d.xyz +f0qxj4brxkcwtar.xyz +3urschyiqwb7y7o.xyz +cd6s6960b29iuzo.xyz +dud1otgja7rnwan.xyz +vvri8ocl4t3k8n6.xyz +rlau616jc7a7f7i.xyz +ol67el6pxg03ad7.xyz +6zvjeulzaw5c0mv.xyz +ztvnhmhm4zj95w3.xyz +v2gmupm7o4zihc3.xyz +pen0axt0u476duw.xyz +hfteigt3kt0sf3z.xyz +xfal48cf0ies7ew.xyz +yvgy29glwf72qnl.xyz +lk4x6x2ejxaw2br.xyz +2s3b3rknfqtwwpo.xyz +xjslbdt9jdijn15.xyz +hui4tbh9uv9x4yi.xyz +xittgveqaufogve.xyz +xmmfrkq9oat1daq.xyz +gdvynopz3pa0tik.xyz +o08h5rhu2lu1x0q.xyz +zcjdlb5ubkhy41u.xyz +8fn4957c5g986jp.xyz +sf2bisx5nhdkygn3l.xyz +roy2tlop2u.xyz +gqjs3ra34lyuvzb.xyz +eg2bjo5x5r8yjb5.xyz +b38w09ecdejfqsf.xyz +cdn.uacounter.com +ai-scorepredict.com +m.pc6.com +ddus17.com +goodcryptocurrency.top +pepeairdrop01.com +668ddf.cc +ios.teegrom.top +i.binaner.com +sj9ioz3a7y89cy7.xyz +mkkku.com +dbgopaxl.com +tubeluck.com +cryptocurrencyworld.top +mjdqw.cn +4u.game +26a.online +binancealliancesintro.com +b27.icu +h4k.icu +seven7.vip +y4w.icu +7ff.online +cy8.top +7uspin.us +seven7.to +4kgame.us +7p.game +appstoreconn.com +k96.icu +7fun.icu +n49.top +98a.online +spin7.icu +t7c.icu +lddx3z2d72aa8i6.xyz +liquorfight.com +goanalytics.xyz +77bingos.com +bingo777.now +777bingos.xyz +btrank.top +dd9l7e6ghme8pbk.xyz +fxrhcnfwxes90q.xyz +kanav.blog +3v5w1km5gv.xyz +bestcryptocurrency.top diff --git a/2026-03-03_coruna_cryptowaters/file_names.txt b/2026-03-03_coruna_cryptowaters/file_names.txt new file mode 100644 index 0000000..cc5107c --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/file_names.txt @@ -0,0 +1,7 @@ +pl.core.lock +.com.apple.mobileassetd.cache +pl.sp.exec.guard.lock +.com.apple.notes.cache.plist +fsCachedData0E1A3DC1C51C2D879DE016E56D3EECE8 +blob_d6c1a21adb11f0ea023b9a35 +com.apple.photolibraryd.plist diff --git a/2026-03-03_coruna_cryptowaters/file_paths.txt b/2026-03-03_coruna_cryptowaters/file_paths.txt new file mode 100644 index 0000000..8c85528 --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/file_paths.txt @@ -0,0 +1,12 @@ +/private/var/tmp/pl.core.lock +/private/var/tmp/relaunch +/private/var/root/Library/Caches/com.apple.nsurlsessiond/fsCachedData0E1A3DC1C51C2D879DE016E56D3EECE8 +/private/var/root/Library/Caches/com.apple.WebKit.WebContent/blob_d6c1a21adb11f0ea023b9a35 +/private/var/mobile/Library/Caches/.com.apple.mobileassetd.cache +/private/var/mobile/Library/Preferences/com.apple.photolibraryd.plist +/private/var/mobile/Library/Caches/.com.apple.notes.cache.plist +/private/var/tmp/upgrade.dylib +/private/var/tmp/uninstall +/private/var/tmp/stop +/private/var/tmp/pl.sp.exec.guard.lock +Library/Preferences/com.apple.photolibraryd.plist diff --git a/2026-03-03_coruna_cryptowaters/generate_stix.py b/2026-03-03_coruna_cryptowaters/generate_stix.py new file mode 100644 index 0000000..5b96f79 --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/generate_stix.py @@ -0,0 +1,75 @@ +import sys +import os +from stix2.v21 import (Indicator, Malware, Relationship, Bundle) + + +if __name__ == "__main__": + stix_name = "coruna.stix2" + if os.path.isfile(stix_name): + os.remove(stix_name) + + with open("domains.txt") as f: + domains = list(set([a.strip() for a in f.read().split() if a.strip()])) + + with open("sha256.txt") as f: + hashes = list(set([a.strip() for a in f.read().split() if a.strip()])) + + with open("file_paths.txt") as f: + filepaths = list(set([a.strip() for a in f.read().splitlines() if a.strip()])) + + with open("file_names.txt") as f: + filenames = list(set([a.strip() for a in f.read().splitlines() if a.strip()])) + + res = [] + malware = Malware( + name="Coruna", + is_family=False, + description="IOCs for the Coruna exploit kit, PLASMAGRID implant, " + "and CryptoWaters campaign targeting iOS devices and cryptocurrency " + "wallet apps. Attributed to UNC6353 and UNC6691." + ) + res.append(malware) + + for d in domains: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[domain-name:value='{}']".format(d), + pattern_type="stix" + ) + res.append(i) + res.append(Relationship(i, 'indicates', malware)) + + for h in hashes: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[file:hashes.'SHA-256'='{}']".format(h), + pattern_type="stix" + ) + res.append(i) + res.append(Relationship(i, 'indicates', malware)) + + for fp in filepaths: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[file:path='{}']".format(fp), + pattern_type="stix" + ) + res.append(i) + res.append(Relationship(i, 'indicates', malware)) + + for fn in filenames: + i = Indicator( + indicator_types=["malicious-activity"], + pattern="[file:name='{}']".format(fn), + pattern_type="stix" + ) + res.append(i) + res.append(Relationship(i, 'indicates', malware)) + + bundle = Bundle(objects=res) + with open(stix_name, "w+") as f: + f.write(bundle.serialize(indent=4)) + print("{} file created with {} indicators".format( + stix_name, + len(domains) + len(hashes) + len(filepaths) + len(filenames) + )) diff --git a/2026-03-03_coruna_cryptowaters/indicators_yaml_entry.txt b/2026-03-03_coruna_cryptowaters/indicators_yaml_entry.txt new file mode 100644 index 0000000..0157435 --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/indicators_yaml_entry.txt @@ -0,0 +1,14 @@ + - + type: github + name: Coruna / CryptoWaters Indicators of Compromise + sources: + - Google + - iVerify + references: + - https://blog.google/threat-analysis-group/campaigns-exploiting-signal-line-and-google-chrome/ + - https://iverify.io/blog/cryptowaters + github: + owner: mvt-project + repo: mvt-indicators + branch: main + path: coruna_cryptowaters/coruna.stix2 diff --git a/2026-03-03_coruna_cryptowaters/sha256.txt b/2026-03-03_coruna_cryptowaters/sha256.txt new file mode 100644 index 0000000..a9dc0af --- /dev/null +++ b/2026-03-03_coruna_cryptowaters/sha256.txt @@ -0,0 +1,20 @@ +2a9d21ca07244932939c6c58699448f2147992c1f49cd3bc7d067bd92cb54f3a +18394fcc096344e0730e49a0098970b1c53c137f679cff5c7ff8902e651cd8a3 +6eafd742f58db21fbaf5fd7636e6653446df04b4a5c9bca9104e5dfad34f547c +42cc02cecd65f22a3658354c5a5efa6a6ec3d716c7fbbcd12df1d1b077d2591b +0dff17e3aa12c4928273c70a2e0a6fff25d3e43c0d1b71056abad34a22b03495 +05b5e4070b3b8a130b12ea96c5526b4615fcae121bb802b1a10c3a7a70f39901 +10bd8f2f8bb9595664bb9160fbc4136f1d796cb5705c551f7ab8b9b1e658085c +91d44c1f62fd863556aac0190cbef3b46abc4cbe880f80c580a1d258f0484c30 +721b46b43b7084b98e51ab00606f08a6ccd30b23bef5e542088f0b5706a8f780 +25a9b004cf61fb251c8d4024a8c7383a86cb30f60aa7d59ca53ce9460fcfb7de +be28b40df919d3fa87ed49e51135a719bd0616c9ac346ea5f20095cb78031ed9 +3c297829353778857edfeaed3ceeeca1bf8b60534f1979f7d442a0b03c56e541 +499f6b1e012d9bc947eea8e23635dfe6464cd7c9d99eb11d5874bd7b613297b1 +d517c3868c5e7808202f53fa78d827a308d94500ae9051db0a62e11f7852e802 +4dfcf5a71e5a8f27f748ac7fd7760dec0099ce338722215b4a5862b60c5b2bfd +d371e3bed18ee355438b166bbf3bdaf2e7c6a3af8931181b9649020553b07e7a +023e5fb71923cfa2088b9a48ad8566ff7ac92a99630add0629a5edf4679888de +f218068ea943a511b230f2a99991f6d1fbc2ac0aec7c796b261e2a26744929ac +1fb9dedf1de81d387eff4bd5e747f730dd03c440157a66f20fdb5e95f64318c0 +4dc255504a6c3ea8714ccdc95cc04138dc6c92130887274c8582b4a96ebab4a8