misp-circl-feed/feeds/circl/stix-2.1/56266091-a774-467e-b0f8-4d9c950d210b.json

1844 lines
75 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56266091-a774-467e-b0f8-4d9c950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:35:56.000Z",
"modified": "2015-12-22T14:35:56.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56266091-a774-467e-b0f8-4d9c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:35:56.000Z",
"modified": "2015-12-22T14:35:56.000Z",
"name": "OSINT Pay No Attention to the Server Behind the Proxy: Mapping FinFisher\u00e2\u20ac\u2122s Continuing Proliferation by Citizen Lab",
"published": "2015-11-05T15:27:50Z",
"object_refs": [
"observed-data--562660e7-4764-4382-ba31-4ea2950d210b",
"url--562660e7-4764-4382-ba31-4ea2950d210b",
"indicator--562662b4-1140-4793-8ef8-431b950d210b",
"indicator--562662b5-a1f8-438d-a4fd-431b950d210b",
"indicator--562662b5-0724-41a2-8447-431b950d210b",
"indicator--562662b5-fa90-4116-bb04-431b950d210b",
"indicator--562662b6-3008-4959-9571-431b950d210b",
"indicator--562662b6-90f0-42a5-908e-431b950d210b",
"indicator--562662b7-f508-454c-ac53-431b950d210b",
"indicator--562662b7-8e44-441d-a45c-431b950d210b",
"indicator--562662b7-8ab0-419f-b71e-431b950d210b",
"indicator--562662b8-02bc-44c5-9d59-431b950d210b",
"indicator--562662b9-6eb0-4a23-a7f0-431b950d210b",
"indicator--562662b9-9790-40cc-8d4a-431b950d210b",
"indicator--562662b9-d808-4e0e-b3c3-431b950d210b",
"indicator--562662ba-f03c-45ee-bb92-431b950d210b",
"indicator--562662ba-0d64-4643-86e5-431b950d210b",
"indicator--562662bb-f058-4639-9a04-431b950d210b",
"indicator--562662bb-33d0-418a-96ff-431b950d210b",
"indicator--562662bb-f3a8-4faa-a1a0-431b950d210b",
"indicator--562662bc-9070-48ef-8156-431b950d210b",
"observed-data--562662bc-62d8-4480-8488-431b950d210b",
"network-traffic--562662bc-62d8-4480-8488-431b950d210b",
"ipv4-addr--562662bc-62d8-4480-8488-431b950d210b",
"indicator--562662bd-e2e4-431e-b611-431b950d210b",
"indicator--562662bd-ad60-47de-9df6-431b950d210b",
"indicator--562662be-cb74-4ef4-9c7f-431b950d210b",
"indicator--562662be-5ea8-4a57-9450-431b950d210b",
"indicator--562662be-5fb4-46df-9c41-431b950d210b",
"indicator--562662bf-7790-4849-87a5-431b950d210b",
"indicator--562662bf-f128-4ef6-8a70-431b950d210b",
"indicator--562662c0-2940-45e7-a806-431b950d210b",
"indicator--562662c0-cd50-42d1-bbbf-431b950d210b",
"indicator--562662c0-f4b4-4802-90a8-431b950d210b",
"indicator--562662c1-bc20-46fa-8c38-431b950d210b",
"indicator--562662c1-83dc-45f0-a91a-431b950d210b",
"indicator--562662c2-7f5c-484d-b8f4-431b950d210b",
"indicator--562662c2-d2e8-41c9-a93d-431b950d210b",
"indicator--5626641f-3868-460a-83b6-431b950d210b",
"indicator--56266420-a3d8-4bab-a13f-431b950d210b",
"indicator--56266420-6e24-4b43-9bbf-431b950d210b",
"indicator--56266421-12a8-40ef-bf88-431b950d210b",
"indicator--56266421-b968-4fed-b0f9-431b950d210b",
"indicator--56266422-e1e0-42c2-ad42-431b950d210b",
"indicator--56266422-e228-410c-9e84-431b950d210b",
"indicator--56266422-d968-4fb6-822a-431b950d210b",
"indicator--56266423-80d4-48bc-a89b-431b950d210b",
"indicator--56266531-f698-405d-b709-432e950d210b",
"indicator--56266532-5628-4c7f-8f0f-432e950d210b",
"observed-data--56266532-a820-4819-bb9d-432e950d210b",
"url--56266532-a820-4819-bb9d-432e950d210b",
"indicator--56266533-3a48-4a84-9b40-432e950d210b",
"indicator--56266533-5320-4fdc-8de7-432e950d210b",
"observed-data--56266533-33d4-48ae-a553-432e950d210b",
"url--56266533-33d4-48ae-a553-432e950d210b",
"indicator--56266534-6460-4878-b7ed-432e950d210b",
"observed-data--56266534-8d84-4c98-8e82-432e950d210b",
"url--56266534-8d84-4c98-8e82-432e950d210b",
"indicator--56266535-3ecc-4379-937d-432e950d210b",
"indicator--56266535-8ddc-4658-b1c3-432e950d210b",
"observed-data--56266535-5a00-4a05-9850-432e950d210b",
"url--56266535-5a00-4a05-9850-432e950d210b",
"indicator--56266536-c094-4474-a143-432e950d210b",
"indicator--56266536-7fe8-42a9-bfe2-432e950d210b",
"observed-data--56266537-23d0-48a2-b897-432e950d210b",
"url--56266537-23d0-48a2-b897-432e950d210b",
"indicator--56266537-f308-400a-acca-432e950d210b",
"indicator--56266537-d774-412f-9835-432e950d210b",
"observed-data--56266538-a9fc-469b-903e-432e950d210b",
"url--56266538-a9fc-469b-903e-432e950d210b",
"indicator--56266538-1904-4744-9993-432e950d210b",
"indicator--56266538-a5d0-484c-9faa-432e950d210b",
"observed-data--56266539-4848-4794-b0dc-432e950d210b",
"url--56266539-4848-4794-b0dc-432e950d210b",
"indicator--56266539-c514-478b-b868-432e950d210b",
"indicator--5626653a-27a0-41f9-9e77-432e950d210b",
"observed-data--5626653a-0084-4b65-a86f-432e950d210b",
"url--5626653a-0084-4b65-a86f-432e950d210b",
"indicator--562665f4-171c-4c6f-b471-432e950d210b",
"indicator--562665f4-6c30-4efd-887c-432e950d210b",
"indicator--562665f5-afec-4d12-94bf-432e950d210b",
"indicator--56266694-656c-4cf8-9c4e-432e950d210b",
"indicator--56266695-8bf4-4ddf-ab03-432e950d210b",
"indicator--56795fcc-8df8-4ac3-9fa1-49d5950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--562660e7-4764-4382-ba31-4ea2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:42:31.000Z",
"modified": "2015-10-20T15:42:31.000Z",
"first_observed": "2015-10-20T15:42:31Z",
"last_observed": "2015-10-20T15:42:31Z",
"number_observed": 1,
"object_refs": [
"url--562660e7-4764-4382-ba31-4ea2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--562660e7-4764-4382-ba31-4ea2950d210b",
"value": "https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b4-1140-4793-8ef8-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:12.000Z",
"modified": "2015-10-20T15:50:12.000Z",
"pattern": "[file:hashes.SHA256 = '1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b5-a1f8-438d-a4fd-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:13.000Z",
"modified": "2015-10-20T15:50:13.000Z",
"pattern": "[file:hashes.SHA256 = '94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b5-0724-41a2-8447-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:13.000Z",
"modified": "2015-10-20T15:50:13.000Z",
"pattern": "[domain-name:value = 'oogle.wwwhost.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b5-fa90-4116-bb04-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:13.000Z",
"modified": "2015-10-20T15:50:13.000Z",
"pattern": "[domain-name:value = 'google.wwwhost.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b6-3008-4959-9571-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:14.000Z",
"modified": "2015-10-20T15:50:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.74.241.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b6-90f0-42a5-908e-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:14.000Z",
"modified": "2015-10-20T15:50:14.000Z",
"pattern": "[domain-name:value = 'info.dynamic-dns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b7-f508-454c-ac53-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:15.000Z",
"modified": "2015-10-20T15:50:15.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.48.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b7-8e44-441d-a45c-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:15.000Z",
"modified": "2015-10-20T15:50:15.000Z",
"pattern": "[domain-name:value = 'update.ciscofreak.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b7-8ab0-419f-b71e-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:39.000Z",
"modified": "2015-10-20T15:56:39.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.220.246.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b8-02bc-44c5-9d59-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:51:46.000Z",
"modified": "2015-10-20T15:51:46.000Z",
"pattern": "[domain-name:value = 'uae.kim']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:51:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b9-6eb0-4a23-a7f0-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:17.000Z",
"modified": "2015-10-20T15:50:17.000Z",
"pattern": "[domain-name:value = 'r.ddns.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b9-9790-40cc-8d4a-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:17.000Z",
"modified": "2015-10-20T15:50:17.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.125.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662b9-d808-4e0e-b3c3-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:17.000Z",
"modified": "2015-10-20T15:50:17.000Z",
"pattern": "[domain-name:value = 'a.ddns.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662ba-f03c-45ee-bb92-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:18.000Z",
"modified": "2015-10-20T15:50:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.3.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662ba-0d64-4643-86e5-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:18.000Z",
"modified": "2015-10-20T15:50:18.000Z",
"pattern": "[domain-name:value = 'test.cable-modem.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bb-f058-4639-9a04-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:19.000Z",
"modified": "2015-10-20T15:50:19.000Z",
"pattern": "[file:hashes.MD5 = '64c1ef8e0923bf44aaa96caeb28a6c11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bb-33d0-418a-96ff-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:19.000Z",
"modified": "2015-10-20T15:50:19.000Z",
"pattern": "[domain-name:value = 'googlecombq6xx.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bb-f3a8-4faa-a1a0-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:19.000Z",
"modified": "2015-10-20T15:50:19.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bc-9070-48ef-8156-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:20.000Z",
"modified": "2015-10-20T15:50:20.000Z",
"pattern": "[domain-name:value = 'tvnew.otzo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--562662bc-62d8-4480-8488-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-05T15:27:44.000Z",
"modified": "2015-11-05T15:27:44.000Z",
"first_observed": "2015-11-05T15:27:44Z",
"last_observed": "2015-11-05T15:27:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--562662bc-62d8-4480-8488-431b950d210b",
"ipv4-addr--562662bc-62d8-4480-8488-431b950d210b"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--562662bc-62d8-4480-8488-431b950d210b",
"dst_ref": "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b",
"value": "172.227.95.162"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bd-e2e4-431e-b611-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:21.000Z",
"modified": "2015-10-20T15:50:21.000Z",
"pattern": "[file:hashes.MD5 = '57ab5f60198d311226cdc246598729ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bd-ad60-47de-9df6-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:57:35.000Z",
"modified": "2015-10-20T15:57:35.000Z",
"pattern": "[domain-name:value = 'google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:57:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662be-cb74-4ef4-9c7f-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:22.000Z",
"modified": "2015-10-20T15:50:22.000Z",
"pattern": "[domain-name:value = 'natco1.no-ip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662be-5ea8-4a57-9450-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:22.000Z",
"modified": "2015-10-20T15:50:22.000Z",
"pattern": "[domain-name:value = 'natco2.no-ip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662be-5fb4-46df-9c41-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:22.000Z",
"modified": "2015-10-20T15:50:22.000Z",
"pattern": "[domain-name:value = 'natco3.no-ip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bf-7790-4849-87a5-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:23.000Z",
"modified": "2015-10-20T15:50:23.000Z",
"pattern": "[domain-name:value = 'natco4.no-ip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662bf-f128-4ef6-8a70-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:23.000Z",
"modified": "2015-10-20T15:50:23.000Z",
"pattern": "[domain-name:value = 'natco5.no-ip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c0-2940-45e7-a806-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:24.000Z",
"modified": "2015-10-20T15:50:24.000Z",
"pattern": "[file:hashes.SHA256 = '22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c0-cd50-42d1-bbbf-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:24.000Z",
"modified": "2015-10-20T15:50:24.000Z",
"pattern": "[url:value = 'http://workingulf.net/dfserv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c0-f4b4-4802-90a8-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:24.000Z",
"modified": "2015-10-20T15:50:24.000Z",
"pattern": "[file:hashes.SHA256 = 'e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c1-bc20-46fa-8c38-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:25.000Z",
"modified": "2015-10-20T15:50:25.000Z",
"pattern": "[domain-name:value = 'workingulf.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c1-83dc-45f0-a91a-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:25.000Z",
"modified": "2015-10-20T15:50:25.000Z",
"pattern": "[file:hashes.SHA256 = 'd759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c2-7f5c-484d-b8f4-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:26.000Z",
"modified": "2015-10-20T15:50:26.000Z",
"pattern": "[url:value = 'http://wp.piedslibres.com/wp/wp-includes/js/next.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562662c2-d2e8-41c9-a93d-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:50:26.000Z",
"modified": "2015-10-20T15:50:26.000Z",
"pattern": "[file:hashes.SHA256 = '08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5626641f-3868-460a-83b6-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:15.000Z",
"modified": "2015-10-20T15:56:15.000Z",
"pattern": "[file:hashes.MD5 = 'b53c492168e5b389b0e6a2fc8b4355f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266420-a3d8-4bab-a13f-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:16.000Z",
"modified": "2015-10-20T15:56:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.59.240.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266420-6e24-4b43-9bbf-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:16.000Z",
"modified": "2015-10-20T15:56:16.000Z",
"pattern": "[domain-name:value = 'news.redirectme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266421-12a8-40ef-bf88-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:17.000Z",
"modified": "2015-10-20T15:56:17.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.123.112.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266421-b968-4fed-b0f9-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:17.000Z",
"modified": "2015-10-20T15:56:17.000Z",
"pattern": "[domain-name:value = 'docs.gmailserver.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266422-e1e0-42c2-ad42-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:18.000Z",
"modified": "2015-10-20T15:56:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.123.112.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266422-e228-410c-9e84-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:18.000Z",
"modified": "2015-10-20T15:56:18.000Z",
"pattern": "[domain-name:value = 'office.gmailserver.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266422-d968-4fb6-822a-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:18.000Z",
"modified": "2015-10-20T15:56:18.000Z",
"pattern": "[domain-name:value = 'verify-login.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266423-80d4-48bc-a89b-431b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T15:56:19.000Z",
"modified": "2015-10-20T15:56:19.000Z",
"pattern": "[domain-name:value = 'western.gmailserver.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T15:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266531-f698-405d-b709-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:49.000Z",
"modified": "2015-10-20T16:00:49.000Z",
"description": "- Xchecked via VT: 08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655",
"pattern": "[file:hashes.SHA1 = '44529ffbfeb5bdfab852795c6d995616522ae63d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266532-5628-4c7f-8f0f-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:50.000Z",
"modified": "2015-10-20T16:00:50.000Z",
"description": "- Xchecked via VT: 08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655",
"pattern": "[file:hashes.MD5 = '6b8f4dcfea0b4e9cbeb19cfad7f11e9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266532-a820-4819-bb9d-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:50.000Z",
"modified": "2015-10-20T16:00:50.000Z",
"first_observed": "2015-10-20T16:00:50Z",
"last_observed": "2015-10-20T16:00:50Z",
"number_observed": 1,
"object_refs": [
"url--56266532-a820-4819-bb9d-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266532-a820-4819-bb9d-432e950d210b",
"value": "https://www.virustotal.com/file/08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655/analysis/1444961310/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266533-3a48-4a84-9b40-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:51.000Z",
"modified": "2015-10-20T16:00:51.000Z",
"description": "- Xchecked via VT: d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8",
"pattern": "[file:hashes.SHA1 = '5ef1bf0fbc1e7543e65558bea6090ae2f92ec756']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266533-5320-4fdc-8de7-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:51.000Z",
"modified": "2015-10-20T16:00:51.000Z",
"description": "- Xchecked via VT: d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8",
"pattern": "[file:hashes.MD5 = '111a622b041bf2e9813c831ef46403b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266533-33d4-48ae-a553-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:51.000Z",
"modified": "2015-10-20T16:00:51.000Z",
"first_observed": "2015-10-20T16:00:51Z",
"last_observed": "2015-10-20T16:00:51Z",
"number_observed": 1,
"object_refs": [
"url--56266533-33d4-48ae-a553-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266533-33d4-48ae-a553-432e950d210b",
"value": "https://www.virustotal.com/file/d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8/analysis/1432824292/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266534-6460-4878-b7ed-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:52.000Z",
"modified": "2015-10-20T16:00:52.000Z",
"description": "- Xchecked via VT: e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119",
"pattern": "[file:hashes.SHA1 = '874e41967e8c34b444ccecd365add06ab263165e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266534-8d84-4c98-8e82-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:52.000Z",
"modified": "2015-10-20T16:00:52.000Z",
"first_observed": "2015-10-20T16:00:52Z",
"last_observed": "2015-10-20T16:00:52Z",
"number_observed": 1,
"object_refs": [
"url--56266534-8d84-4c98-8e82-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266534-8d84-4c98-8e82-432e950d210b",
"value": "https://www.virustotal.com/file/e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119/analysis/1444961305/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266535-3ecc-4379-937d-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:53.000Z",
"modified": "2015-10-20T16:00:53.000Z",
"description": "- Xchecked via VT: 22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114",
"pattern": "[file:hashes.SHA1 = '41e9c2e4935a2b39c7b5b066588986a363c58390']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266535-8ddc-4658-b1c3-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:53.000Z",
"modified": "2015-10-20T16:00:53.000Z",
"description": "- Xchecked via VT: 22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114",
"pattern": "[file:hashes.MD5 = '3e766f5cedbc5a669622ced136f53fc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266535-5a00-4a05-9850-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:53.000Z",
"modified": "2015-10-20T16:00:53.000Z",
"first_observed": "2015-10-20T16:00:53Z",
"last_observed": "2015-10-20T16:00:53Z",
"number_observed": 1,
"object_refs": [
"url--56266535-5a00-4a05-9850-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266535-5a00-4a05-9850-432e950d210b",
"value": "https://www.virustotal.com/file/22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114/analysis/1432101483/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266536-c094-4474-a143-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:54.000Z",
"modified": "2015-10-20T16:00:54.000Z",
"description": "- Xchecked via VT: 94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389",
"pattern": "[file:hashes.SHA1 = '5e98486f941091eae2fbb89eedc36082fd5d9153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266536-7fe8-42a9-bfe2-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:54.000Z",
"modified": "2015-10-20T16:00:54.000Z",
"description": "- Xchecked via VT: 94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389",
"pattern": "[file:hashes.MD5 = '4395feba04c6cafba33fa659df1ec5a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266537-23d0-48a2-b897-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:55.000Z",
"modified": "2015-10-20T16:00:55.000Z",
"first_observed": "2015-10-20T16:00:55Z",
"last_observed": "2015-10-20T16:00:55Z",
"number_observed": 1,
"object_refs": [
"url--56266537-23d0-48a2-b897-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266537-23d0-48a2-b897-432e950d210b",
"value": "https://www.virustotal.com/file/94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389/analysis/1439466209/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266537-f308-400a-acca-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:55.000Z",
"modified": "2015-10-20T16:00:55.000Z",
"description": "- Xchecked via VT: 1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48",
"pattern": "[file:hashes.SHA1 = 'ce3d62ca9d3ae2cc0e2d64c50745522503200ee0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266537-d774-412f-9835-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:55.000Z",
"modified": "2015-10-20T16:00:55.000Z",
"description": "- Xchecked via VT: 1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48",
"pattern": "[file:hashes.MD5 = '471848024b7f7eb717a9597f54802428']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266538-a9fc-469b-903e-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:56.000Z",
"modified": "2015-10-20T16:00:56.000Z",
"first_observed": "2015-10-20T16:00:56Z",
"last_observed": "2015-10-20T16:00:56Z",
"number_observed": 1,
"object_refs": [
"url--56266538-a9fc-469b-903e-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266538-a9fc-469b-903e-432e950d210b",
"value": "https://www.virustotal.com/file/1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48/analysis/1427332547/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266538-1904-4744-9993-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:56.000Z",
"modified": "2015-10-20T16:00:56.000Z",
"description": "- Xchecked via VT: 57ab5f60198d311226cdc246598729ea",
"pattern": "[file:hashes.SHA256 = '089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266538-a5d0-484c-9faa-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:56.000Z",
"modified": "2015-10-20T16:00:56.000Z",
"description": "- Xchecked via VT: 57ab5f60198d311226cdc246598729ea",
"pattern": "[file:hashes.SHA1 = '1d1c24ee7dd77f742e59f54626ff68211d24b64a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56266539-4848-4794-b0dc-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:57.000Z",
"modified": "2015-10-20T16:00:57.000Z",
"first_observed": "2015-10-20T16:00:57Z",
"last_observed": "2015-10-20T16:00:57Z",
"number_observed": 1,
"object_refs": [
"url--56266539-4848-4794-b0dc-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56266539-4848-4794-b0dc-432e950d210b",
"value": "https://www.virustotal.com/file/089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41/analysis/1444029943/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266539-c514-478b-b868-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:57.000Z",
"modified": "2015-10-20T16:00:57.000Z",
"description": "- Xchecked via VT: 64c1ef8e0923bf44aaa96caeb28a6c11",
"pattern": "[file:hashes.SHA256 = '6001692fde7a070df22a184fa8ecd844ab7b304a79fc7852aac8d81466ec3860']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5626653a-27a0-41f9-9e77-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:58.000Z",
"modified": "2015-10-20T16:00:58.000Z",
"description": "- Xchecked via VT: 64c1ef8e0923bf44aaa96caeb28a6c11",
"pattern": "[file:hashes.SHA1 = '8aad6f55c47e7079977b107918c1e4cd30613379']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5626653a-0084-4b65-a86f-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:00:58.000Z",
"modified": "2015-10-20T16:00:58.000Z",
"first_observed": "2015-10-20T16:00:58Z",
"last_observed": "2015-10-20T16:00:58Z",
"number_observed": 1,
"object_refs": [
"url--5626653a-0084-4b65-a86f-432e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5626653a-0084-4b65-a86f-432e950d210b",
"value": "https://www.virustotal.com/file/6001692fde7a070df22a184fa8ecd844ab7b304a79fc7852aac8d81466ec3860/analysis/1422287826/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562665f4-171c-4c6f-b471-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:04:04.000Z",
"modified": "2015-10-20T16:04:04.000Z",
"pattern": "[domain-name:value = 'pal4u.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562665f4-6c30-4efd-887c-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:04:04.000Z",
"modified": "2015-10-20T16:04:04.000Z",
"pattern": "[domain-name:value = 'pal2me.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562665f5-afec-4d12-94bf-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:04:05.000Z",
"modified": "2015-10-20T16:04:05.000Z",
"pattern": "[domain-name:value = 'shop8d.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:04:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266694-656c-4cf8-9c4e-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:06:44.000Z",
"modified": "2015-10-20T16:06:44.000Z",
"pattern": "[domain-name:value = 'news-youm7.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56266695-8bf4-4ddf-ab03-432e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-20T16:06:45.000Z",
"modified": "2015-10-20T16:06:45.000Z",
"pattern": "[domain-name:value = 'to70.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-20T16:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56795fcc-8df8-4ac3-9fa1-49d5950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-12-22T14:35:56.000Z",
"modified": "2015-12-22T14:35:56.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41/analysis/1447091115/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-22T14:35:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}