adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/34493f6d-9441-45df-9cb4-4de473709081.json

3705 lines
998 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--34493f6d-9441-45df-9cb4-4de473709081",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T08:28:31.000Z",
"modified": "2022-07-05T08:28:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--34493f6d-9441-45df-9cb4-4de473709081",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T08:28:31.000Z",
"modified": "2022-07-05T08:28:31.000Z",
"name": "#StopRansomware: MedusaLocker",
"published": "2022-10-25T10:48:19Z",
"object_refs": [
"indicator--c98115ff-fa16-480b-aab5-94f7cd6feff6",
"indicator--33ed009d-9cb3-4b98-bb68-7976b1df1536",
"indicator--53d9f2be-dbfa-419c-a553-b80006c9cd7d",
"indicator--4961d7c9-4669-4556-afad-396a98d1af0e",
"indicator--4ab3b41b-4f44-40b3-b84c-c48bbadd4903",
"indicator--ad855082-779a-4638-8cf9-724471b140ed",
"indicator--6a6f0613-1284-4db4-bf63-353ff8bbeb15",
"indicator--5c19f454-be75-4f6f-874d-edc17931b5c5",
"indicator--bb793a7e-dc86-432b-9e98-145fff226ad9",
"indicator--a1f968f7-e29a-4b36-86fd-3740c71db919",
"indicator--bdb9b095-3dee-441f-bd0a-2bb8555b8f4f",
"indicator--0c778edb-d952-4e48-a55a-049893447286",
"indicator--0d39bcfa-b8e0-4850-b77f-ca7836958da3",
"indicator--64359805-055e-470e-9c03-e00e5786bbe2",
"indicator--d0dca853-a828-4480-bf23-24b96f2f90d2",
"indicator--d3204522-0b24-452e-8a3a-439533c4db9b",
"indicator--ab44f789-8464-4a35-92c8-6714c5f7cd19",
"indicator--cd58ff7e-c862-4808-83f3-5d6f66d48e93",
"indicator--a2d7f1a4-b93b-4e3a-810a-21f3b47695be",
"indicator--5c524b5d-f40b-4fb1-a603-cf0ee4fc9dd6",
"indicator--5bb830fd-d9ad-4d2b-a926-e097275b1d70",
"indicator--2c79df75-48ac-4995-86cf-46ca7d1d74c3",
"indicator--1c3de5f3-6aa7-4cf9-a930-3cb7eeee7add",
"indicator--7bfcf076-b946-4025-8d7f-632abcd6ed6c",
"indicator--06e0d3f6-a98e-48ca-af2d-b75a662b3349",
"indicator--704c6093-9063-491f-b4b5-aeae05e0db73",
"indicator--17ba8ed1-7980-4102-9ba6-c655372e9dab",
"indicator--8c00e93e-a932-475c-a44b-671dce7e6b7d",
"indicator--d0dd0337-6aa7-4049-acd6-85ef3dcfb6ec",
"indicator--d4c83f23-97d1-469c-b1c6-562024839838",
"indicator--44d6e0e5-0f3b-4a14-b540-d6f64d3d2647",
"indicator--15c2fcd2-629d-41b1-99c7-4245b238a1ba",
"indicator--e4570362-af05-4e6d-8588-e7be5fc5e39b",
"indicator--67af9843-261f-480e-8014-ac89ef9e07ed",
"indicator--5b9cfc17-f64b-4e34-bc44-1feb780276bf",
"indicator--c5ea899f-5e09-41e1-aae2-c30d1a68fed9",
"indicator--54c105da-bbcb-485a-95d1-9bf22d74be7a",
"indicator--f6aafb4e-1942-465b-bf0e-51e714232845",
"indicator--b35fe755-07e9-42d1-a946-26575f5e3e27",
"indicator--3db0cf25-9be5-43c6-a306-22b3b6744d7a",
"indicator--f1bf7d56-2167-492b-838d-6df4bd37e906",
"indicator--bb5a7749-c41f-44ad-b86f-fb383f010431",
"indicator--5cbe5c53-c6f0-436a-ad95-528db471c389",
"indicator--98ecee0e-92b0-4a74-a866-4a74624c8c00",
"indicator--3a879352-8790-4003-b493-968e74eb192b",
"indicator--45ce0956-c866-437e-916f-9ff4d2279c36",
"indicator--60c94b70-6aea-4481-ab03-0610ff8c6725",
"indicator--ae497c03-1c0a-4b6d-a374-469598af2628",
"indicator--07cca850-556f-44c2-a350-0a5ed617f8df",
"indicator--bdb2556f-698d-481c-a3a9-9acd3f929ff9",
"indicator--41558b31-6d45-4343-9ee4-9f6d034c7e52",
"indicator--0a7f65fc-36c3-4d97-ab82-0c4122e3e849",
"indicator--7b4d8106-1954-45a0-9d7d-02d3d7d32eac",
"indicator--79a0d62d-8b08-4744-8bf9-173c0dc8d2b7",
"indicator--712dfb1a-88d1-483b-ad51-e37944f05b25",
"indicator--22e9b19d-eb86-4191-9466-326966fc4ea1",
"indicator--345b4871-3ac0-4200-ae81-37aa75fce5a8",
"indicator--ff5b02aa-05b5-4c9d-9234-3b6aedb45993",
"indicator--06708900-d105-4965-b3b1-2fde8eb7c00a",
"indicator--adad2178-b001-41c7-9d8d-665338466ba1",
"indicator--e3f397f9-cf27-4506-a0b9-e2825170001e",
"indicator--134be71f-e062-4f19-9763-0aad30721923",
"indicator--0a7b100d-0abc-4101-a889-d3c96f296aa2",
"indicator--1eb5f7c3-c0de-440e-af42-a233a729b2dd",
"indicator--bfd0d9d5-aa65-43b8-b9d5-131182ae9b72",
"indicator--e3376d83-4f5a-4554-8e11-aa23fcdf7b1a",
"indicator--58c9bf08-3713-4cb5-8b83-8a779c21798a",
"indicator--888a0a2c-88dd-4b4b-a81e-8a13bb55924a",
"indicator--479e8bcd-e531-4f93-9848-527e2d5daff2",
"indicator--693aadcb-a601-461e-b510-614b25c68101",
"indicator--67c75f8e-5402-4265-9ff5-511f04bb7663",
"indicator--12355d43-008c-4ad5-9fe3-f666f4c34e7e",
"indicator--e86178a8-e72f-4972-b577-06dbb8756067",
"indicator--68caeb24-1abb-4d17-af6c-d0d4fc357a14",
"indicator--f87c84d1-87de-4194-832e-59252c1b6aac",
"indicator--cf5764cc-526c-4207-b635-c298ae5eb4dd",
"indicator--8899c0bb-f1c4-4274-ac97-bc2090888e04",
"indicator--cf93afb2-47e5-42f2-a742-c937e7976be9",
"indicator--e96cd637-d225-4f31-ae55-0fd7ebf72387",
"indicator--08716e06-ac1d-4fdd-9467-651e84a3e6a8",
"indicator--ba7f7120-15c8-47ba-965d-c24de237596c",
"indicator--21472250-40cb-4032-8146-89498d1f1473",
"observed-data--a611936d-86f2-4c43-893b-cef4def6ed68",
"file--a611936d-86f2-4c43-893b-cef4def6ed68",
"observed-data--612490f6-c0cb-4b85-8418-a7d2695a2e25",
"file--612490f6-c0cb-4b85-8418-a7d2695a2e25",
"observed-data--e5bf00f7-cde5-4771-8d9c-c60145e29d4a",
"file--e5bf00f7-cde5-4771-8d9c-c60145e29d4a",
"observed-data--d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e",
"file--d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e",
"observed-data--7ab046c6-1467-4888-85d8-5b9fa65fabdb",
"file--7ab046c6-1467-4888-85d8-5b9fa65fabdb",
"observed-data--7762779d-92af-4997-aabc-e3d4d53ae21b",
"file--7762779d-92af-4997-aabc-e3d4d53ae21b",
"observed-data--d0b6e769-9762-4dde-8800-5ed9c85e0f7f",
"file--d0b6e769-9762-4dde-8800-5ed9c85e0f7f",
"observed-data--6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a",
"file--6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a",
"observed-data--e8c99bfb-e553-425a-9760-5fc0bb6c8e4f",
"file--e8c99bfb-e553-425a-9760-5fc0bb6c8e4f",
"observed-data--1e518ccc-1b05-47f0-ae03-f418f7808e4b",
"file--1e518ccc-1b05-47f0-ae03-f418f7808e4b",
"observed-data--7b4397f5-4169-40e2-bebd-b075e1314c68",
"file--7b4397f5-4169-40e2-bebd-b075e1314c68",
"x-misp-attribute--6cf5fc69-f09f-45c6-908b-fe9dc78dbaaf",
"x-misp-attribute--e03b46ad-ad4b-4610-a73c-51243858e0d6",
"x-misp-attribute--75f8faf6-f1b1-4fd3-b365-0a07396f9fcb",
"x-misp-attribute--21d949a7-ce94-481f-bf25-9577e78eb5f2",
"x-misp-attribute--1dfdd7c2-8484-4072-b350-db4a02947152",
"x-misp-attribute--afea7ac1-28ec-4b95-908c-91088400557b",
"x-misp-attribute--dabd44a8-95a9-4d94-8d1d-18dc4a8ba58a",
"x-misp-attribute--296f5194-d6b7-4026-a431-c804532fce0e",
"x-misp-attribute--dd719fdd-1c43-4b28-aefe-c00da93ae6af",
"x-misp-attribute--53346bef-c79c-42c5-8b8e-7af05f2e0506",
"x-misp-attribute--43e5bd1f-437b-46e0-9599-b67e34fd9249",
"x-misp-attribute--fd604bdb-98bb-464e-80fc-8a2b9b7cca62",
"x-misp-attribute--7af3cba0-fdf2-4ca9-981e-d5fdccafcaaa",
"x-misp-attribute--aadf4226-5cac-4d18-a705-36d48bd5dbcb",
"x-misp-attribute--756ac5e4-684c-4861-aaf3-65aa27e8755a",
"x-misp-attribute--1f979729-5e8f-467c-9998-4e7e2a550ab2",
"x-misp-attribute--b65ba82b-36f1-4237-b170-da9c50dee3dc",
"x-misp-attribute--bd73085f-9605-4a38-b447-f34e04b8372a",
"x-misp-attribute--266f4b5e-1ab7-486d-8296-fca9d7d176a5",
"x-misp-attribute--381bb06f-04f0-42f9-8284-60e9ba61da6f",
"x-misp-attribute--3ab44efb-7487-4b85-833f-41e7351e03e1",
"indicator--fd141de6-e44b-426b-96f4-41b9099981b3",
"indicator--b10225b9-1578-47e8-81f1-b80bfe381eaa",
"indicator--df2dd421-1329-4b7e-b9de-93eb6b2b3c2b",
"indicator--c83df49e-e37b-4e6a-9951-19fc4c17c638",
"indicator--1fdbb119-e0d0-48f4-9c59-93f8297a4910",
"indicator--ca361320-8559-48db-8036-c8cc508610e3",
"indicator--a1540724-c8da-4131-b7a4-1995510c4c43",
"indicator--8a803583-a6d1-434c-90f1-3ec952fe558e",
"indicator--9d36edd8-2236-4956-b553-e3950cbfa4a9",
"indicator--be9673eb-dc13-4edf-ab0f-96a64c73e118",
"indicator--bb17a48c-ce0a-4cdc-8e2b-009387b7add5",
"indicator--5ff5592b-4f1d-4245-8ec7-af0ea19d683c",
"indicator--c672869e-486b-40ae-996e-8a1bf986b776",
"indicator--a9e0fda9-1e32-4cef-8b3d-466d51654a15",
"indicator--254b2b47-8712-40df-b8ec-f6140f34d140",
"indicator--59178c14-47de-41bc-80e2-3797d651a49f",
"indicator--bde85597-f1de-410d-b8a7-271f8e0f4b89",
"indicator--3cbfada9-55da-4fe9-8acf-7987b0ae934f",
"indicator--34704201-a988-4218-979a-0311b49efe49",
"indicator--0f267df7-a56e-48cb-959e-48e18538a218",
"indicator--0cbf72ae-eb07-4fda-ace9-1ce40c9d89a8",
"indicator--9d61fa66-4dce-4cf0-9ac7-689385585954",
"indicator--991ea7de-2222-4272-a317-e97ad6bd13fb",
"indicator--6bcc63cf-e0df-45f9-a1f0-5c94f2ad6c2b",
"indicator--b5d96350-0cf6-48a5-8ef0-03d26303d1a6",
"indicator--02ac26a2-5aea-491b-8344-7abc13dec002",
"indicator--56a00c45-d1bc-48e7-9c07-3ac05572a9fe",
"indicator--455dca2e-ac35-4510-a2a0-676ef484e431",
"indicator--5279ad55-77fe-4c42-a5db-25bfd83994fc",
"indicator--86d04351-b977-4aca-b9c4-dabdae42c5aa",
"indicator--e32c9026-d991-4161-9de8-d3f9b73fb0c4",
"indicator--9e1ac15c-56fe-49b3-b889-f69fea7a8096",
"indicator--15bb11c8-7ef2-4207-a542-7777bc2cb09f",
"indicator--9d3ce22e-70a1-4298-a721-3de55bb33f03",
"indicator--4cdd7f32-7a9a-4e59-9378-1a6f044522a3",
"indicator--118a311b-d391-4e9f-8f56-8e5a44895306",
"indicator--688cdd57-4ca8-4835-b385-88b788473014",
"indicator--506c144c-3b58-4e70-9a9d-a25791af430c",
"indicator--f866c7ec-03de-4b97-b15f-541e480e9372",
"indicator--62183cf6-8688-4102-bfa8-eaa7d4aa611c",
"x-misp-object--79844e5f-4db1-493a-a006-20e5e4309117"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"",
"misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"",
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"",
"misp-galaxy:mitre-attack-pattern=\"Safe Mode Boot - T1562.009\"",
"misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"",
"misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"dnc:malware-type=\"Ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"",
"ecsirt:malicious-code=\"ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"veris:action:malware:variety=\"Ransomware\"",
"Ransomware",
"ms-caro-malware:malware-type=\"Ransom\"",
"ms-caro-malware-full:malware-type=\"Ransom\"",
"Intel 471:GIR=\"1.2.2 - Ransomware-as-a-Service (RaaS)\"",
"misp-galaxy:malpedia=\"MedusaLocker\"",
"misp-galaxy:ransomware=\"MedusaLocker\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c98115ff-fa16-480b-aab5-94f7cd6feff6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'willyhill1960@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33ed009d-9cb3-4b98-bb68-7976b1df1536",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'unlockfile@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53d9f2be-dbfa-419c-a553-b80006c9cd7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'zlo@keem.ne']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4961d7c9-4669-4556-afad-396a98d1af0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'unlockmeplease@airmail.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4ab3b41b-4f44-40b3-b84c-c48bbadd4903",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'zlo@keemail.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad855082-779a-4638-8cf9-724471b140ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'unlockmeplease@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a6f0613-1284-4db4-bf63-353ff8bbeb15",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'zlo@tfwno.gf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c19f454-be75-4f6f-874d-edc17931b5c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'willyhill1960@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb793a7e-dc86-432b-9e98-145fff226ad9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'support@ypsotecs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1f968f7-e29a-4b36-86fd-3740c71db919",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'support@imfoodst.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bdb9b095-3dee-441f-bd0a-2bb8555b8f4f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:47.000Z",
"modified": "2022-07-01T13:09:47.000Z",
"pattern": "[email-message:from_ref.value = 'traceytevin@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c778edb-d952-4e48-a55a-049893447286",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@itwgset.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0d39bcfa-b8e0-4850-b77f-ca7836958da3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'unlock_file@aol.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64359805-055e-470e-9c03-e00e5786bbe2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@novibmaker.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0dca853-a828-4480-bf23-24b96f2f90d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'unlock_file@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d3204522-0b24-452e-8a3a-439533c4db9b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@securycasts.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab44f789-8464-4a35-92c8-6714c5f7cd19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@exoprints.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd58ff7e-c862-4808-83f3-5d6f66d48e93",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'rewmiller-1974@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2d7f1a4-b93b-4e3a-810a-21f3b47695be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@exorints.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c524b5d-f40b-4fb1-a603-cf0ee4fc9dd6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'rpd@keemail.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb830fd-d9ad-4d2b-a926-e097275b1d70",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@fanbridges.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c79df75-48ac-4995-86cf-46ca7d1d74c3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'soterissylla@wyseil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c3de5f3-6aa7-4cf9-a930-3cb7eeee7add",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@faneridges.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7bfcf076-b946-4025-8d7f-632abcd6ed6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'support@careersill.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06e0d3f6-a98e-48ca-af2d-b75a662b3349",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'perfection@bestkoronavirus.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--704c6093-9063-491f-b4b5-aeae05e0db73",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'karloskolorado@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17ba8ed1-7980-4102-9ba6-c655372e9dab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'pool1256@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c00e93e-a932-475c-a44b-671dce7e6b7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'kevynchaz@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0dd0337-6aa7-4049-acd6-85ef3dcfb6ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'rapid@aaathats3as.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4c83f23-97d1-469c-b1c6-562024839838",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'korona@bestkoronavirus.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--44d6e0e5-0f3b-4a14-b540-d6f64d3d2647",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'rescuer@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--15c2fcd2-629d-41b1-99c7-4245b238a1ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'lockperfection@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e4570362-af05-4e6d-8588-e7be5fc5e39b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp01@decorous.cyou']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67af9843-261f-480e-8014-ac89ef9e07ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp01@wholeness.business']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b9cfc17-f64b-4e34-bc44-1feb780276bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'mulierfagus@rdhos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c5ea899f-5e09-41e1-aae2-c30d1a68fed9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp02@decorous.cyou']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54c105da-bbcb-485a-95d1-9bf22d74be7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp02@wholness.business']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f6aafb4e-1942-465b-bf0e-51e714232845",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = '107btc@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b35fe755-07e9-42d1-a946-26575f5e3e27",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelpresotre@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3db0cf25-9be5-43c6-a306-22b3b6744d7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = '33btc@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f1bf7d56-2167-492b-838d-6df4bd37e906",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'cmd@jitjat.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb5a7749-c41f-44ad-b86f-fb383f010431",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = '777decoder777@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cbe5c53-c6f0-436a-ad95-528db471c389",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'coronaviryz@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98ecee0e-92b0-4a74-a866-4a74624c8c00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = '777decoder777@tfwno.gf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a879352-8790-4003-b493-968e74eb192b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'dec_helper@dremno.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45ce0956-c866-437e-916f-9ff4d2279c36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'andrewmiller-1974@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--60c94b70-6aea-4481-ab03-0610ff8c6725",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'dec_helper@excic.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae497c03-1c0a-4b6d-a374-469598af2628",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'angelomartin-1980@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--07cca850-556f-44c2-a350-0a5ed617f8df",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'dec_restore@prontonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bdb2556f-698d-481c-a3a9-9acd3f929ff9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ballioverus@quocor.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41558b31-6d45-4343-9ee4-9f6d034c7e52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'dec_restore1@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0a7f65fc-36c3-4d97-ab82-0c4122e3e849",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'beacon@jitjat.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b4d8106-1954-45a0-9d7d-02d3d7d32eac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'bitcoin@sitesoutheat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79a0d62d-8b08-4744-8bf9-173c0dc8d2b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'beacon@msgsafe.io']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--712dfb1a-88d1-483b-ad51-e37944f05b25",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'briansalgado@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--22e9b19d-eb86-4191-9466-326966fc4ea1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'best666decoder@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--345b4871-3ac0-4200-ae81-37aa75fce5a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'bugervongir@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ff5b02aa-05b5-4c9d-9234-3b6aedb45993",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'bitcoin@mobtouches.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06708900-d105-4965-b3b1-2fde8eb7c00a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'best666decoder@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--adad2178-b001-41c7-9d8d-665338466ba1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'encrypt2020@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e3f397f9-cf27-4506-a0b9-e2825170001e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'decoder83540@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--134be71f-e062-4f19-9763-0aad30721923",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'fast-help@inbox.lv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0a7b100d-0abc-4101-a889-d3c96f296aa2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'decra2019@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1eb5f7c3-c0de-440e-af42-a233a729b2dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'fuc_ktheworld1448@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bfd0d9d5-aa65-43b8-b9d5-131182ae9b72",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'diniaminius@winrof.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e3376d83-4f5a-4554-8e11-aa23fcdf7b1a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'fucktheworld1448@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c9bf08-3713-4cb5-8b83-8a779c21798a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'dirhelp@keemail.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--888a0a2c-88dd-4b4b-a81e-8a13bb55924a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'gartaganisstuffback@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--479e8bcd-e531-4f93-9848-527e2d5daff2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'emaila.elaich@iav.ac.ma']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--693aadcb-a601-461e-b510-614b25c68101",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'gavingonzalez@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67c75f8e-5402-4265-9ff5-511f04bb7663",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'emd@jitjat.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12355d43-008c-4ad5-9fe3-f666f4c34e7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'gsupp@onionmail.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e86178a8-e72f-4972-b577-06dbb8756067",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'encrypt2020@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68caeb24-1abb-4d17-af6c-d0d4fc357a14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'gsupp@techmail.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f87c84d1-87de-4194-832e-59252c1b6aac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'helper@atacdi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf5764cc-526c-4207-b635-c298ae5eb4dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp@decorous.cyou']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8899c0bb-f1c4-4274-ac97-bc2090888e04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'helper@buildingwin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf93afb2-47e5-42f2-a742-c937e7976be9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp@decorous.cyoum']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e96cd637-d225-4f31-ae55-0fd7ebf72387",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'helprestore@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08716e06-ac1d-4fdd-9467-651e84a3e6a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'ithelp@wholeness.business']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ba7f7120-15c8-47ba-965d-c24de237596c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:09:48.000Z",
"modified": "2022-07-01T13:09:48.000Z",
"pattern": "[email-message:from_ref.value = 'helptorestore@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--21472250-40cb-4032-8146-89498d1f1473",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-01T13:38:47.000Z",
"modified": "2022-07-01T13:38:47.000Z",
"pattern": "[email-message:from_ref.value = 'rescuer@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-01T13:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--a611936d-86f2-4c43-893b-cef4def6ed68",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--a611936d-86f2-4c43-893b-cef4def6ed68"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--a611936d-86f2-4c43-893b-cef4def6ed68",
"name": "how_to_ recover_data.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--612490f6-c0cb-4b85-8418-a7d2695a2e25",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--612490f6-c0cb-4b85-8418-a7d2695a2e25"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--612490f6-c0cb-4b85-8418-a7d2695a2e25",
"name": "how_to_recover_data.html.marlock01"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e5bf00f7-cde5-4771-8d9c-c60145e29d4a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--e5bf00f7-cde5-4771-8d9c-c60145e29d4a"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--e5bf00f7-cde5-4771-8d9c-c60145e29d4a",
"name": "instructions.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e",
"name": "READINSTRUCTION.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--7ab046c6-1467-4888-85d8-5b9fa65fabdb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--7ab046c6-1467-4888-85d8-5b9fa65fabdb"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--7ab046c6-1467-4888-85d8-5b9fa65fabdb",
"name": "!!!HOW_TO_DECRYPT!!!"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--7762779d-92af-4997-aabc-e3d4d53ae21b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--7762779d-92af-4997-aabc-e3d4d53ae21b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--7762779d-92af-4997-aabc-e3d4d53ae21b",
"name": "How_to_recovery.txt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--d0b6e769-9762-4dde-8800-5ed9c85e0f7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--d0b6e769-9762-4dde-8800-5ed9c85e0f7f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--d0b6e769-9762-4dde-8800-5ed9c85e0f7f",
"name": "readinstructions.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a",
"name": "readme_to_recover_files"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e8c99bfb-e553-425a-9760-5fc0bb6c8e4f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--e8c99bfb-e553-425a-9760-5fc0bb6c8e4f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--e8c99bfb-e553-425a-9760-5fc0bb6c8e4f",
"name": "recovery_instructions.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--1e518ccc-1b05-47f0-ae03-f418f7808e4b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--1e518ccc-1b05-47f0-ae03-f418f7808e4b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--1e518ccc-1b05-47f0-ae03-f418f7808e4b",
"name": "HOW_TO_RECOVER_DATA.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--7b4397f5-4169-40e2-bebd-b075e1314c68",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:03:07.000Z",
"modified": "2022-07-04T13:03:07.000Z",
"first_observed": "2022-07-04T13:03:07Z",
"last_observed": "2022-07-04T13:03:07Z",
"number_observed": 1,
"object_refs": [
"file--7b4397f5-4169-40e2-bebd-b075e1314c68"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--7b4397f5-4169-40e2-bebd-b075e1314c68",
"name": "recovery_instruction.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--6cf5fc69-f09f-45c6-908b-fe9dc78dbaaf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "14oxnsSc1LZ5M2cPZeQ9rFnXqEvPCnZikc"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--e03b46ad-ad4b-4610-a73c-51243858e0d6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1DRxUFhvJjGUdojCzMWSLmwx7Qxn79XbJq"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--75f8faf6-f1b1-4fd3-b365-0a07396f9fcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "18wRbb94CjyTGkUp32ZM7krCYCB9MXUq42"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--21d949a7-ce94-481f-bf25-9577e78eb5f2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1AbRxRfP6yHePpi7jmDZkS4Mfpm1ZiatH5"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--1dfdd7c2-8484-4072-b350-db4a02947152",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1Edcufenw1BB4ni9UadJpQh9LVx9JGtKpP"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--afea7ac1-28ec-4b95-908c-91088400557b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1DyMbw6R9PbJqfUSDcK5729xQ57yJrE8BC"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--dabd44a8-95a9-4d94-8d1d-18dc4a8ba58a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "184ZcAoxkvimvVZaj8jZFujC7EwR3BKWvf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--296f5194-d6b7-4026-a431-c804532fce0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "14oH2h12LvQ7BYBufcrY5vfKoCq2hTPoev"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--dd719fdd-1c43-4b28-aefe-c00da93ae6af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "bc1qy34v0zv6wu0cugea5xjlxagsfwgunwkzc0xcjj"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--53346bef-c79c-42c5-8b8e-7af05f2e0506",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "bc1q9jg45a039tn83jk2vhdpranty2y8tnpnrk9k5q"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--43e5bd1f-437b-46e0-9599-b67e34fd9249",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "bc1qz3lmcw4k58n79wpzm550r5pkzxc2h8rwmmu6xm"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--fd604bdb-98bb-464e-80fc-8a2b9b7cca62",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1AereQUh8yjNPs9Wzeg1Le47dsqC8NNaNM"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--7af3cba0-fdf2-4ca9-981e-d5fdccafcaaa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1DeNHM2eTqHp5AszTsUiS4WDHWkGc5UxHf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--aadf4226-5cac-4d18-a705-36d48bd5dbcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1HEDP3c3zPwiqUaYuWZ8gBFdAQQSa6sMGw"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--756ac5e4-684c-4861-aaf3-65aa27e8755a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1HdgQM9bjX7u7vWJnfErY4MWGBQJi5mVWV"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--1f979729-5e8f-467c-9998-4e7e2a550ab2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1nycdn9ebxht4tpspu4ehpjz9ghxlzipll"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--b65ba82b-36f1-4237-b170-da9c50dee3dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "12xd6KrWVtgHEJHKPEfXwMVWuFK4k1FCUF"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--bd73085f-9605-4a38-b447-f34e04b8372a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1HZHhdJ6VdwBLCFhdu7kDVZN9pb3BWeUED"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--266f4b5e-1ab7-486d-8296-fca9d7d176a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1PormUgPR72yv2FRKSVY27U4ekWMKobWjg"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--381bb06f-04f0-42f9-8284-60e9ba61da6f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "14cATAzXwD7CQf35n8Ea5pKJPfhM6jEHak"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--3ab44efb-7487-4b85-833f-41e7351e03e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-04T13:23:58.000Z",
"modified": "2022-07-04T13:23:58.000Z",
"labels": [
"misp:type=\"btc\"",
"misp:category=\"Financial fraud\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Financial fraud",
"x_misp_type": "btc",
"x_misp_value": "1PopeZ4LNLanisswLndAJB1QntTF8hpLsD"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd141de6-e44b-426b-96f4-41b9099981b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/6-iSm1B1Ehljh8HYuXGym4Xyu1WdwsR2Av-6tXiw1BImsqoLh7pd207Rl6XYoln7sId']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b10225b9-1578-47e8-81f1-b80bfe381eaa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/8-grp514hncgblilsjtd32hg6jtbyhlocr5pqjswxfgf2oragnl3pqno6fkqcimqin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df2dd421-1329-4b7e-b9de-93eb6b2b3c2b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6y4g53rxdi5.onion/21-8P4ZLCsMETPaLw9MkSlXJsNZWdHe0rxjt-XmBgZLWlm5ULGFCOJFuVdEymmxysofwu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c83df49e-e37b-4e6a-9951-19fc4c17c638",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/2l-8P4ZLCsMTPaLw9MkSlXJsNZWdHeOrxjtE9lck1MuXPYo29daQys6gomZZXUImN7Z']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1fdbb119-e0d0-48f4-9c59-93f8297a4910",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-DcaE9HeHywqSHvdcIwOndCS4PuWASX8g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca361320-8559-48db-8036-c8cc508610e3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-kB4rQXGKyxGiLyw7YDsMKSBjyfdwcyxo']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1540724-c8da-4131-b7a4-1995510c4c43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-bET6JbB9vEMZ7qYBPqUMCxOQExFx4iOi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a803583-a6d1-434c-90f1-3ec952fe558e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/8-MO0Q7O97Hgxvm1YbD7OMnimImZJXEWaG-RbH4TvdwVTGQB3X6VOUOP3lgO6YOJEOW']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d36edd8-2236-4956-b553-e3950cbfa4a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/8-gRp514hncgb1i1sjtD32hG6jTbUh1ocR-Uola2Fo30KTJvZX0otYZgTh5txmKwUNe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be9673eb-dc13-4edf-ab0f-96a64c73e118",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-OWQwD1w1Td7hY7IGUUjxmHMoFSQW6blg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb17a48c-ce0a-4cdc-8e2b-009387b7add5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-uGHwkkWCoUtBbZWN50sSS4Ds8RABkrKy']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ff5592b-4f1d-4245-8ec7-af0ea19d683c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-Tj3PRnQlpHc9OftRVDGAWUulvE80yZbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c672869e-486b-40ae-996e-8a1bf986b776",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/8-Ww5sCBhsL8eM4PeAgsfgfa9lrqa81r31-tDQRZCAUe4164X532j9Ky16IBN9StWTH']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9e0fda9-1e32-4cef-8b3d-466d51654a15",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://gvlay6u4g53rxdi5.onion/21-wIq5kK9gGKiTmyups1U6fABj1VnXIYRB-I5xek6PG2EbWlPC7C1rXfsqJBlWlFFfY']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--254b2b47-8712-40df-b8ec-f6140f34d140",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[domain-name:value = 'qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59178c14-47de-41bc-80e2-3797d651a49f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:22:12.000Z",
"modified": "2022-07-05T06:22:12.000Z",
"description": "TOR Addresses",
"pattern": "[url:value = 'http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onion/leakdata/paigesmusic-leakdata-closed-part1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:22:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bde85597-f1de-410d-b8a7-271f8e0f4b89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:27:52.000Z",
"modified": "2022-07-05T06:27:52.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '195.123.246.138' AND domain-name:x_misp_last_seen = '2021-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3cbfada9-55da-4fe9-8acf-7987b0ae934f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:28:19.000Z",
"modified": "2022-07-05T06:28:19.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '138.124.186.221' AND domain-name:x_misp_last_seen = '2021-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:28:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--34704201-a988-4218-979a-0311b49efe49",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:28:58.000Z",
"modified": "2022-07-05T06:28:58.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '159.223.0.9' AND domain-name:x_misp_last_seen = '2021-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:28:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f267df7-a56e-48cb-959e-48e18538a218",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:30:05.000Z",
"modified": "2022-07-05T06:30:05.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '45.146.164.141' AND domain-name:x_misp_last_seen = '2021-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:30:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0cbf72ae-eb07-4fda-ace9-1ce40c9d89a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:31:07.000Z",
"modified": "2022-07-05T06:31:07.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '185.220.101.35' AND domain-name:x_misp_last_seen = '2021-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:31:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d61fa66-4dce-4cf0-9ac7-689385585954",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:31:34.000Z",
"modified": "2022-07-05T06:31:34.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '185.220.100.249' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:31:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--991ea7de-2222-4272-a317-e97ad6bd13fb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:31:52.000Z",
"modified": "2022-07-05T06:31:52.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '50.80.219.149' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:31:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6bcc63cf-e0df-45f9-a1f0-5c94f2ad6c2b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:32:17.000Z",
"modified": "2022-07-05T06:32:17.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '185.220.101.146' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:32:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b5d96350-0cf6-48a5-8ef0-03d26303d1a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:32:39.000Z",
"modified": "2022-07-05T06:32:39.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '185.220.101.252' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02ac26a2-5aea-491b-8344-7abc13dec002",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:32:56.000Z",
"modified": "2022-07-05T06:32:56.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '179.60.150.97' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:32:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56a00c45-d1bc-48e7-9c07-3ac05572a9fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:33:17.000Z",
"modified": "2022-07-05T06:33:17.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '84.38.189.52' AND domain-name:x_misp_last_seen = '2021-09-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:33:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--455dca2e-ac35-4510-a2a0-676ef484e431",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:33:49.000Z",
"modified": "2022-07-05T06:33:49.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '94.232.43.63' AND domain-name:x_misp_last_seen = '2021-07-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:33:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5279ad55-77fe-4c42-a5db-25bfd83994fc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:34:18.000Z",
"modified": "2022-07-05T06:34:18.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '108.11.30.103' AND domain-name:x_misp_last_seen = '2021-04-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:34:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--86d04351-b977-4aca-b9c4-dabdae42c5aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:34:32.000Z",
"modified": "2022-07-05T06:34:32.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '194.61.55.94' AND domain-name:x_misp_last_seen = '2021-04-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:34:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e32c9026-d991-4161-9de8-d3f9b73fb0c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:34:59.000Z",
"modified": "2022-07-05T06:34:59.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '198.50.233.202' AND domain-name:x_misp_last_seen = '2021-04-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:34:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e1ac15c-56fe-49b3-b889-f69fea7a8096",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:35:40.000Z",
"modified": "2022-07-05T06:35:40.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '40.92.90.105' AND domain-name:x_misp_last_seen = '2021-01-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:35:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--15bb11c8-7ef2-4207-a542-7777bc2cb09f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:36:17.000Z",
"modified": "2022-07-05T06:36:17.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '188.68.216.23' AND domain-name:x_misp_last_seen = '2020-12-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d3ce22e-70a1-4298-a721-3de55bb33f03",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:36:36.000Z",
"modified": "2022-07-05T06:36:36.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '87.251.75.71' AND domain-name:x_misp_last_seen = '2020-12-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4cdd7f32-7a9a-4e59-9378-1a6f044522a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:37:09.000Z",
"modified": "2022-07-05T06:37:09.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '196.240.57.20' AND domain-name:x_misp_last_seen = '2020-10-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:37:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--118a311b-d391-4e9f-8f56-8e5a44895306",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:37:27.000Z",
"modified": "2022-07-05T06:37:27.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '198.0.198.5' AND domain-name:x_misp_last_seen = '2020-08-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--688cdd57-4ca8-4835-b385-88b788473014",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:42:48.000Z",
"modified": "2022-07-05T06:42:48.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '194.5.220.122' AND domain-name:x_misp_last_seen = '2020-03-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:42:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--506c144c-3b58-4e70-9a9d-a25791af430c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:44:52.000Z",
"modified": "2022-07-05T06:44:52.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '194.5.250.124' AND domain-name:x_misp_last_seen = '2020-03-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:44:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f866c7ec-03de-4b97-b15f-541e480e9372",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:45:08.000Z",
"modified": "2022-07-05T06:45:08.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '194.5.220.124' AND domain-name:x_misp_last_seen = '2020-03-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:45:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--62183cf6-8688-4102-bfa8-eaa7d4aa611c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T06:48:22.000Z",
"modified": "2022-07-05T06:48:22.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '104.210.72.161' AND domain-name:x_misp_last_seen = '2019-11-01T00:00:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-05T06:48:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--79844e5f-4db1-493a-a006-20e5e4309117",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-05T08:28:31.000Z",
"modified": "2022-07-05T08:28:31.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-181a",
"category": "External analysis",
"uuid": "a6d6f274-c7e0-4fb8-8c84-e8e66680a338"
},
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/AA22-181A_stopransomware_medusalocker.pdf",
"category": "External analysis",
"uuid": "3eceb8cf-bd52-4c01-a95f-5c1e60e75b35"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims\u2019 networks. The MedusaLocker actors encrypt the victim's data and leave a ransom note with communication instructions in every folder containing an encrypted file. The note directs victims to provide ransomware payments to a specific Bitcoin wallet address. MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model based on the observed split of ransom payments. Typical RaaS models involve the ransomware developer and various affiliates that deploy the ransomware on victim systems. MedusaLocker ransomware payments appear to be consistently split between the affiliate, who receives 55 to 60 percent of the ransom; and the developer, who receives the remainder.",
"category": "Other",
"uuid": "c4ccb926-906e-41ff-8588-f4380fde0638"
},
{
"type": "text",
"object_relation": "type",
"value": "Alert",
"category": "Other",
"uuid": "81705f55-816b-4006-92c5-fb40d55adeb6"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "AA22-181A_stopransomware_medusalocker.pdf",
"category": "External analysis",
"uuid": "0ea5c6a7-d215-4c63-b8cc-7dccfad867ea",
"data": "JVBERi0xLjYNJeLjz9MNCjE1NTAgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgNjQ4NzgzL08gMTU1Mi9FIDQwNTY4MC9OIDExL1QgNjQ4MjI1L0ggWyA1ODggNDM2XT4+DWVuZG9iag0gICAgICAgICAgDQoxNTkwIDAgb2JqDTw8L0RlY29kZVBhcm1zPDwvQ29sdW1ucyA1L1ByZWRpY3RvciAxMj4+L0ZpbHRlci9GbGF0ZURlY29kZS9JRFs8MkZBM0YzNUU0QzU3M0M0QThCOENFRDMxNjRFRjY3NTI+PDI4NjU4QzBBNzg4OUJDNDZBQUMzNTZGNzFFQkY2NjMyPl0vSW5kZXhbMTU1MCA3Ml0vSW5mbyAxNTQ5IDAgUi9MZW5ndGggMTc0L1ByZXYgNjQ4MjI2L1Jvb3QgMTU1MSAwIFIvU2l6ZSAxNjIyL1R5cGUvWFJlZi9XWzEgMyAxXT4+c3RyZWFtDQpo3mJiZGAQYGBiYGD5ACIZVoFIJkkQyZEBZuuCySYQyToLrNIdLPISTD4Fi8iD2V0gknERWOUEsLgTmBQHi+uBxWVApPUKEMnsAhYPA5H8n4Ek4+ZMEDt3KYhUUgKRqlkg8dT/ILbeDxDp+wRsVyGIlO0Hs3OBJJOCIojNlQwis4RBZHokWEQCZELKchCbOx5I/p7rwcDEyMA2F+xfBsYhQ/5n+GP9GCDAABqWHOANCmVuZHN0cmVhbQ1lbmRvYmoNc3RhcnR4cmVmDQowDQolJUVPRg0KICAgICAgIA0KMTYyMSAwIG9iag08PC9DIDQwNi9GaWx0ZXIvRmxhdGVEZWNvZGUvSSA0MjgvTGVuZ3RoIDM0MC9PIDM5MC9TIDI3Nj4+c3RyZWFtDQpo3mJgYGACom8MbAwMQtsYhBkQQJiBFSjKwsAxIQDE5TE4cFiLiVeDsanBbgLvBkYboBjjbbb6A8+uGFY39IRNWaqd/IgBGQgck5l5TpNzkq9baGSBs0TRMke30BiBY3IpIqkBzhKVEwKnOvIkPgMKshi2z2SVDAGpBwqGAblqlVCGxcxnjipXUkMbeRLPqWhC2DMYmJTNKjo6OhoYGJXTQQwGBvYKIA9IMDCUIzPYykGSjGBS0L0CrEUUrAWPX4AcZQaOoLlAWg2INcCeCWMQZHjYeKTB6oHSASUF/iPMaoz9jE8afBk0G5wXyCfwszBuYD4mu5JhN1D7y6szZm60cZ6hKmIU0p3ROfGA4IaXJ1ji7Kdx8Zrcm9lw0MLNVSDA22SXwzTGubDAUmXgLDUEOQOIloNt5iy7AaT5GRhCdsCD1JyB80E4RBWTOECAAQCMInXcDQplbmRzdHJlYW0NZW5kb2JqDTE1NTEgMCBvYmoNPDwvTGFuZyj+/wBFAE4ALQBVAFMpL01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSA1MyAwIFIvT3V0bGluZXMgNzEgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VzIDE1NDYgMCBSL1N0cnVjdFRyZWVSb290IDg0IDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNMTU1MiAwIG9iag08PC9Bbm5vdHMgMTU5MSAwIFIvQ29udGVudHNbMTU1NiAwIFIgMTU1NyAwIFIgMTU2MCAwIFIgMTU2MyAwIFIgMTU2NCAwIFIgMTU2NSAwIFIgMTU2NyAwIFIgMTU2OSAwIFJdL0Nyb3BCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vR3JvdXAgMTYyMCAwIFIvTWVkaWFCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vUGFyZW50IDE1NDcgMCBSL1Jlc291cmNlczw8L0V4dEdTdGF0ZTw8L0dTMCAxNTk1IDAgUj4+L0ZvbnQ8PC9DMl8wIDE2MDAgMCBSL1RUMCAxNjAyIDAgUi9UVDEgMTYwNCAwIFIvVFQyIDE2MDYgMCBSL1RUMyAxNjA4IDAgUi9UVDQgMTYxMCAwIFIvVFQ1IDE2MTIgMCBSL1RUNiAxNjE0IDAgUi9UVDcgMTYxNiAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUNdL1hPYmplY3Q8PC9JbTAgMTU2OCAwIFIvSW0xIDE1ODIgMCBSL0ltMiAxNTg0IDAgUi9JbTMgMTU4NSAwIFIvSW00IDE1ODcgMCBSL0ltNSAxNTg5IDAgUj4+Pj4vUm90YXRlIDAvU3RydWN0UGFyZW50cyAwL1RhYnMvUy9UeXBlL1BhZ2U+Pg1lbmRvYmoNMTU1MyAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMjg3L0xlbmd0aCAxNzk2L04gMzAvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN60mW1T2zgQgP+KPsJ0iCVZr51O5pJQaOagtISWXpl8MIkBD0mcSUxb/v3tSrYTu3nv3XiMZWlXu5KeXcmBScsIJUxaTqTEZ0iYVlgQhFuDBUkEdyKKSOaaNJHKNRlimMCCJVZxwhSlxGpXYIRRY7EEryFnWIK+jVFYgs4Zl1iShKvQYEkRbozAkiYhs07OkFCErs6S0EisY5QIxkIsMSKkpFjiRBiG/UGDZOi3AsekUK5VEmmkxpIioOXkNFFCoFfMQMmiz8wSJUPUgPEqqRm5cxNDybWfmbwg8gK4nRfKGifcf/cuaHkb8Ba0e/Deg+vmdRoH7XQ2jGfBLaHNZv5yR0GO9oMPQTe4jgcZWJUN45wzDZwqDQ8DXsPTKtEPei/3GfZ1kUyefa+tySTNms3CsDnUsGYNZWCmuGjAxBMuZEPA4rJQNrjSO1i2B1oWXDbACpG8oa0xRIasIcOQqLChObdbLHd75CEazcHUZfAxnY2jUdABdxo0uPqUt1x9uiQs6LVINnuJg95lNH8G0Uns+3r/KzvvZVEWB4PI6aVTr+f6v0KXk8njUXcYT7Ikez0Gpx+TeTZ7PWoN0/v4GNybTkfxGJpxlOjTfIAvjFIZdLqnvRjKUlM3PZ1o+iFOHp8yoikNTmMvesI5Dc5G0eOciOAsnWTtdvoLJgrrCXPIQ2d913QWjZPR61HvdXyfjo59VTKKOdpgzgZWfYzGcXD76Z/33Ys3XvTyxjX0slmcDZ6KucKqW++QAIe6WTRKBq3J4ygmNOhl8fgr0dJPFIqiw7NkmqWz4Fs+Dkn9qNvRPEaR36ziFLzOoavu5CH1ycTNRPf0Jj3vnl5G06CY3OD0FkdKa7Z84kGlAgVQRhH0iy+8C27vGKd3EPr9frN557JUHpRrvfNLMIxgFqF57jMamno/GaRDWPnSuZMPpXm0SIOb9MskAaEYlJQfVOlKFQRBlxeeqcXCh1zmCx/yxcqfKCVdG+EwG66DyuK3ZklUX3teXfvO1/Obq+9vnOTBS2/M5qVntrr0NaPlFN4mk9ZknpTvZ8lsnnWeolkx6uW1xg0Eh3IR5TJMssXMQwg7l5YnH7avyuSDvWH2NL+D7IkZFPMNbHG4QkpBhoN9L4T8gje2oASWC2mU3OVe7h0vRmF7QQN4Q+Zyt3uH3UqDIL47A9Q7gp0YMOxkod7p5XKlXl62QpR9Y7037P/6oZWuUVpxsSyjdbixHZ9ouT4knAbXXuhBWec6xb3fhZaWJxuju78cHNaa7bFh1VJsSNhcXWzApmFRf2toqGponF91rnvXntITj/3eEXLCeB4jlu8XI6utHxoqYS1UhNkSKmJ9qFASQiR5mvy1KUxWrvY+IUErAUFLw0Uo0LWB8Lvh/xP+Q9Evp69f3QxYFXi5BLxWK4GHoyy2AfDWzel24k2V+M8Xre+dbzlz7XQ03JF6vZZ6BlvaXtivd2EH9KVZgb6soQ+pYyP62q5GvwC8evmV3612NY/Vv7RM1/5pDLrj4wBIgbecwRotUq1NjyUt1aMDN56W/Ogg1VZawi207M1JcX5gofpDSv4gNeoaH3zbKcJuSo2HxP4qclZnQFqysHwYKLSK/Ec3ZD+UWX6ifSwvDgtFTkTyipbiXuKv7EEv8md1x5ZiCU
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink