misp-circl-feed/feeds/circl/stix-2.1/546481a0-fc90-4aa4-8508-4a68950d210b.json

928 lines
37 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--546481a0-fc90-4aa4-8508-4a68950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:29:44.000Z",
"modified": "2014-11-13T10:29:44.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--546481a0-fc90-4aa4-8508-4a68950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:29:44.000Z",
"modified": "2014-11-13T10:29:44.000Z",
"name": "OSINT Adobe Zero-day Used in LadyBoyle Attack blog post by Symantec",
"published": "2014-11-13T14:47:56Z",
"object_refs": [
"observed-data--546481ac-fbc4-43b5-b8a1-4e92950d210b",
"url--546481ac-fbc4-43b5-b8a1-4e92950d210b",
"x-misp-attribute--546481b8-b910-42cc-8be7-4761950d210b",
"x-misp-attribute--546481c5-f1dc-4fcf-93f1-e5f1950d210b",
"vulnerability--546481e3-0f90-46c1-91c1-4ce9950d210b",
"observed-data--54648248-0040-4104-9f56-44f2950d210b",
"url--54648248-0040-4104-9f56-44f2950d210b",
"observed-data--54648248-cc04-414e-a1ee-4249950d210b",
"url--54648248-cc04-414e-a1ee-4249950d210b",
"x-misp-attribute--54648724-036c-4c89-97b0-46cc950d210b",
"x-misp-attribute--54648724-a2a8-4413-b22e-4df4950d210b",
"x-misp-attribute--5464875b-de3c-4891-954d-45bd950d210b",
"x-misp-attribute--5464875b-068c-4a32-bb0d-4d0d950d210b",
"x-misp-attribute--5464875b-e3f4-4e22-9461-48f2950d210b",
"indicator--5464878c-a8c4-4e30-8aac-4c56950d210b",
"indicator--546487b7-82ac-4d61-ab31-43f6950d210b",
"indicator--546487b7-cbdc-47ef-8691-41c3950d210b",
"indicator--546487b7-14cc-4247-9b47-4710950d210b",
"indicator--546487b7-d68c-4f45-8b69-4031950d210b",
"indicator--546487b7-04ac-4b46-b669-4182950d210b",
"indicator--546487b7-8728-4f29-b861-457f950d210b",
"indicator--546487b7-6178-49e4-953e-4dc7950d210b",
"indicator--546487b7-7904-4f08-a38c-4ade950d210b",
"indicator--546487b8-17f0-48e2-b367-4fe7950d210b",
"indicator--546487b8-c8a0-45ad-a428-401e950d210b",
"indicator--546487b8-36fc-4db2-b188-460c950d210b",
"indicator--546487b8-df14-48e7-a97a-4a8a950d210b",
"indicator--546487b8-09d4-49a6-a7e2-49f6950d210b",
"indicator--546487b8-fb70-4b90-b13d-419b950d210b",
"indicator--546487b8-e7b8-46b6-b030-45d9950d210b",
"indicator--546487b8-6ef8-45be-b149-4e34950d210b",
"indicator--546487b8-d0f8-44a0-925e-4d49950d210b",
"indicator--546487b8-0610-4df9-9689-4642950d210b",
"indicator--546487b8-ef30-441a-977c-4ea0950d210b",
"indicator--546487b8-1ec4-444a-a8f0-4dbd950d210b",
"indicator--546487b8-3e3c-4ee9-9018-429e950d210b",
"indicator--546487b8-fdf4-481e-87b9-493b950d210b",
"indicator--546487b8-6d34-4a88-aac3-4c71950d210b",
"indicator--546487b8-f194-40b8-80d6-420d950d210b",
"indicator--546487f2-9190-488f-9642-468d950d210b",
"indicator--546487f2-ddec-465b-b0ad-46cc950d210b",
"indicator--54648818-d770-495e-9995-4be9950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--546481ac-fbc4-43b5-b8a1-4e92950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:02:20.000Z",
"modified": "2014-11-13T10:02:20.000Z",
"first_observed": "2014-11-13T10:02:20Z",
"last_observed": "2014-11-13T10:02:20Z",
"number_observed": 1,
"object_refs": [
"url--546481ac-fbc4-43b5-b8a1-4e92950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--546481ac-fbc4-43b5-b8a1-4e92950d210b",
"value": "http://www.symantec.com/connect/blogs/adobe-zero-day-used-ladyboyle-attack"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546481b8-b910-42cc-8be7-4761950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:02:32.000Z",
"modified": "2014-11-13T10:02:32.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "LadyBoyle"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--546481c5-f1dc-4fcf-93f1-e5f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:02:45.000Z",
"modified": "2014-11-13T10:02:45.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--546481e3-0f90-46c1-91c1-4ce9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:03:15.000Z",
"modified": "2014-11-13T10:03:15.000Z",
"name": "CVE-2013-0634",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2013-0634"
}
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54648248-0040-4104-9f56-44f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:06:38.000Z",
"modified": "2014-11-13T10:06:38.000Z",
"first_observed": "2014-11-13T10:06:38Z",
"last_observed": "2014-11-13T10:06:38Z",
"number_observed": 1,
"object_refs": [
"url--54648248-0040-4104-9f56-44f2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54648248-0040-4104-9f56-44f2950d210b",
"value": "http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54648248-cc04-414e-a1ee-4249950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:04:56.000Z",
"modified": "2014-11-13T10:04:56.000Z",
"first_observed": "2014-11-13T10:04:56Z",
"last_observed": "2014-11-13T10:04:56Z",
"number_observed": 1,
"object_refs": [
"url--54648248-cc04-414e-a1ee-4249950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54648248-cc04-414e-a1ee-4249950d210b",
"value": "http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54648724-036c-4c89-97b0-46cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:25:40.000Z",
"modified": "2014-11-13T10:25:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Bloodhound.Flash.19"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54648724-a2a8-4413-b22e-4df4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:25:40.000Z",
"modified": "2014-11-13T10:25:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Bloodhound.Flash.20"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464875b-de3c-4891-954d-45bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:26:34.000Z",
"modified": "2014-11-13T10:26:34.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Mdropper"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464875b-068c-4a32-bb0d-4d0d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:26:35.000Z",
"modified": "2014-11-13T10:26:35.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Swifi"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464875b-e3f4-4e22-9461-48f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:26:35.000Z",
"modified": "2014-11-13T10:26:35.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Boda"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464878c-a8c4-4e30-8aac-4c56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:27:24.000Z",
"modified": "2014-11-13T10:27:24.000Z",
"pattern": "[domain-name:value = 'ieee.boeing-job.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:27:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-82ac-4d61-ab31-43f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = '369p.mail-signin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-cbdc-47ef-8691-41c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'bm1k8.4pu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-14cc-4247-9b47-4710950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'cti.moobesring.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-d68c-4f45-8b69-4031950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'domcon.microtrendsoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-04ac-4b46-b669-4182950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'engage.intelfox.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-8728-4f29-b861-457f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'funny.greenitenergy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-6178-49e4-953e-4dc7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'i0i0i.3322.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b7-7904-4f08-a38c-4ade950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:07.000Z",
"modified": "2014-11-13T10:28:07.000Z",
"pattern": "[domain-name:value = 'krjregh.sacreeflame.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-17f0-48e2-b367-4fe7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'lol.dns-lookup.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-c8a0-45ad-a428-401e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'lywja.healthsvsolu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-36fc-4db2-b188-460c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'matrix.linkerservices.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-df14-48e7-a97a-4a8a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'mx.dns221.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-09d4-49a6-a7e2-49f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'piping.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-fb70-4b90-b13d-419b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'ru.pad62.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-e7b8-46b6-b030-45d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'stmp.allshell.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-6ef8-45be-b149-4e34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'support.icoredb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-d0f8-44a0-925e-4d49950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'svr01.passport.serveuser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-0610-4df9-9689-4642950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'ukupdate.masteradvz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-ef30-441a-977c-4ea0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'update.mysq1.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-1ec4-444a-a8f0-4dbd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'update.updates.mefound.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-3e3c-4ee9-9018-429e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'update1.mysq1.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-fdf4-481e-87b9-493b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'update3.effers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-6d34-4a88-aac3-4c71950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'updatedns.itemdb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487b8-f194-40b8-80d6-420d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:28:08.000Z",
"modified": "2014-11-13T10:28:08.000Z",
"pattern": "[domain-name:value = 'updatedns.serveuser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:28:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487f2-9190-488f-9642-468d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:29:06.000Z",
"modified": "2014-11-13T10:29:06.000Z",
"pattern": "[file:hashes.MD5 = '3de314089db35af9baaeefc598f09b23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:29:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--546487f2-ddec-465b-b0ad-46cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:29:06.000Z",
"modified": "2014-11-13T10:29:06.000Z",
"pattern": "[file:hashes.MD5 = '2568615875525003688839cb8950aeae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:29:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54648818-d770-495e-9995-4be9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T10:29:44.000Z",
"modified": "2014-11-13T10:29:44.000Z",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'lynx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T10:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}