adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5464c1d9-3d78-434d-a936-51e4950d210b.json

1287 lines
51 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5464c1d9-3d78-434d-a936-51e4950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2017-06-22T20:16:54.000Z",
"modified": "2017-06-22T20:16:54.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5464c1d9-3d78-434d-a936-51e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2017-06-22T20:16:54.000Z",
"modified": "2017-06-22T20:16:54.000Z",
"name": "OSINT Expansion on Snake",
"published": "2017-06-22T20:17:10Z",
"object_refs": [
"indicator--5464c1ef-e49c-4ddc-86b5-9034950d210b",
"indicator--5464c1ef-cc80-4f72-9083-9034950d210b",
"indicator--5464c1ef-09f4-4345-a778-9034950d210b",
"indicator--5464c1ef-fe28-4697-a9c8-9034950d210b",
"indicator--5464c1ef-0198-40ca-92fe-9034950d210b",
"indicator--5464c1ef-f01c-4008-9330-9034950d210b",
"indicator--5464c20e-e42c-4f97-86ff-9051950d210b",
"indicator--5464c20e-8400-4c99-9d83-9051950d210b",
"indicator--5464c20e-2034-4dec-b85d-9051950d210b",
"indicator--5464c20e-8a28-4ca4-8e26-9051950d210b",
"indicator--5464c20e-c9ec-4451-a95b-9051950d210b",
"indicator--5464c20e-5d38-4891-9bab-9051950d210b",
"indicator--5464c20e-617c-44f9-bbed-9051950d210b",
"indicator--5464c20e-8a48-40e3-bbe1-9051950d210b",
"indicator--5464c20e-0698-4712-aca4-9051950d210b",
"indicator--5464c20e-89b0-4cb2-931f-9051950d210b",
"indicator--5464c20e-2400-43c9-a6f6-9051950d210b",
"indicator--5464c20e-e410-4f54-ba87-9051950d210b",
"indicator--5464c20f-c6a8-4490-8529-9051950d210b",
"indicator--5464c20f-52a8-4eaa-9074-9051950d210b",
"indicator--5464c20f-73cc-40c7-8d47-9051950d210b",
"indicator--5464c20f-8d90-4222-b489-9051950d210b",
"indicator--5464c20f-4e10-4259-aa31-9051950d210b",
"indicator--5464c20f-1954-4b0b-946a-9051950d210b",
"indicator--5464c20f-03e8-42d8-aa97-9051950d210b",
"indicator--5464c20f-7858-4f68-8c43-9051950d210b",
"indicator--5464c20f-fea0-4176-9c80-9051950d210b",
"indicator--5464c20f-171c-4249-bdf5-9051950d210b",
"indicator--5464c20f-2188-44e0-abe4-9051950d210b",
"indicator--5464c20f-571c-47cb-b47b-9051950d210b",
"indicator--5464c20f-91b0-41ef-96e4-9051950d210b",
"indicator--5464c20f-96d4-40b7-a509-9051950d210b",
"indicator--5464c20f-60c4-4aaf-9ce8-9051950d210b",
"indicator--5464c20f-ea1c-4660-882a-9051950d210b",
"indicator--5464c210-2730-4266-a7cb-9051950d210b",
"indicator--5464c210-c450-4b32-9ed2-9051950d210b",
"indicator--5464c210-7958-4cff-95d5-9051950d210b",
"indicator--5464c210-9654-41d7-9427-9051950d210b",
"indicator--5464c210-b8fc-4818-b30b-9051950d210b",
"indicator--5464c210-9f7c-4994-8f5e-9051950d210b",
"indicator--5464c210-1178-4748-b1f1-9051950d210b",
"indicator--5464c210-d4b4-4b06-bcc4-9051950d210b",
"indicator--5464c210-5d34-4a63-96db-9051950d210b",
"indicator--5464c210-65c4-4bf1-b5af-9051950d210b",
"indicator--5464c210-a3f0-416a-8450-9051950d210b",
"indicator--5464c210-546c-4358-b93e-9051950d210b",
"indicator--5464c210-b964-4cbc-9f14-9051950d210b",
"indicator--5464c210-950c-4ca8-9e31-9051950d210b",
"indicator--5464c210-caa0-4206-99e6-9051950d210b",
"x-misp-attribute--5464c25c-3eb4-4012-97b5-969a950d210b",
"x-misp-attribute--560d3d64-884c-418e-9f12-46ca950d210b",
"x-misp-attribute--560d3d64-6060-42ad-9b33-4911950d210b",
"x-misp-attribute--560d3d65-3444-4937-ba0c-47f9950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"misp-galaxy:threat-actor=\"Turla Group\""
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-e49c-4ddc-86b5-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.190.233.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-cc80-4f72-9083-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.194.224.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-09f4-4345-a778-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.211.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-fe28-4697-a9c8-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.65.252.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-0198-40ca-92fe-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.246.199.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c1ef-f01c-4008-9330-9034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:36:31.000Z",
"modified": "2014-11-13T14:36:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.1.82.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-e42c-4f97-86ff-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'tiles.cebarrett.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-8400-4c99-9d83-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'alosh66.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-2034-4dec-b85d-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'darksun.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-8a28-4ca4-8e26-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'luck-babys.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-c9ec-4451-a95b-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'newsweek.serveblog.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-5d38-4891-9bab-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'weather-online.hopto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-617c-44f9-bbed-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'airlinenewspaper.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-8a48-40e3-bbe1-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'easport-news.publicvm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-0698-4712-aca4-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'tn5.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-89b0-4cb2-931f-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'marketing.ntmdt.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-2400-43c9-a6f6-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'brstcjjcmoc.myfw.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20e-e410-4f54-ba87-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:02.000Z",
"modified": "2014-11-13T14:37:02.000Z",
"pattern": "[domain-name:value = 'twtw.mrface.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-c6a8-4490-8529-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'image.servepics.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-52a8-4eaa-9074-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'new-book.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-73cc-40c7-8d47-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'biznews.podzone.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-8d90-4222-b489-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'cqcount.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-4e10-4259-aa31-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'hotnews.ath.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-1954-4b0b-946a-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'easycounter.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-03e8-42d8-aa97-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = '3366.passas.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-7858-4f68-8c43-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = '51hongling.onthenetas.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-fea0-4176-9c80-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'boy.podzone.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-171c-4249-bdf5-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'ftpmicrosoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-2188-44e0-abe4-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'allnews.ath.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-571c-47cb-b47b-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'downmicrisoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-91b0-41ef-96e4-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'webmail-login.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-96d4-40b7-a509-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'zgtlohzofi.kwik.to']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-60c4-4aaf-9ce8-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = '723.kwik.to']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c20f-ea1c-4660-882a-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:03.000Z",
"modified": "2014-11-13T14:37:03.000Z",
"pattern": "[domain-name:value = 'zjhao.dtdns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-2730-4266-a7cb-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'freshdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-c450-4b32-9ed2-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'support-adobe.endofinternet.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-7958-4cff-95d5-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'pressforum.serveblog.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-9654-41d7-9427-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'intellicast.ath.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-b8fc-4818-b30b-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'sportacademy.my03.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-9f7c-4994-8f5e-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'webonline.mefound.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-1178-4748-b1f1-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'breakingnews.ath.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-d4b4-4b06-bcc4-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'today-news.office-on-the.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-5d34-4a63-96db-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'newgame.2waky.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-65c4-4bf1-b5af-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'nifty-user.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-a3f0-416a-8450-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'euronews.ath.cx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-546c-4358-b93e-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'marketplace.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-b964-4cbc-9f14-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'attack1.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-950c-4ca8-9e31-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'novbl.ssh01.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5464c210-caa0-4206-99e6-9051950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:37:04.000Z",
"modified": "2014-11-13T14:37:04.000Z",
"pattern": "[domain-name:value = 'z07.dyndns.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-11-13T14:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5464c25c-3eb4-4012-97b5-969a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-11-13T14:38:20.000Z",
"modified": "2014-11-13T14:38:20.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Expansion done by David Andr\u00c3\u00a9 based on passive DNS database"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--560d3d64-884c-418e-9f12-46ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T14:04:20.000Z",
"modified": "2015-10-01T14:04:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Snake"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--560d3d64-6060-42ad-9b33-4911950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T14:04:20.000Z",
"modified": "2015-10-01T14:04:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Turla"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--560d3d65-3444-4937-ba0c-47f9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T14:04:21.000Z",
"modified": "2015-10-01T14:04:21.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Uroburos"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue Copy permalink