adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56e6910e-9cdc-4c9a-8ece-4531950d210f.json

5216 lines
247 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56e6910e-9cdc-4c9a-8ece-4531950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:27:16.000Z",
"modified": "2016-03-15T21:27:16.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e6910e-9cdc-4c9a-8ece-4531950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:27:16.000Z",
"modified": "2016-03-15T21:27:16.000Z",
"name": "OSINT - SteamStealer IPs",
"published": "2016-03-15T21:27:25Z",
"object_refs": [
"indicator--56e6918f-bd24-479d-998d-46ac950d210f",
"indicator--56e6918f-aa84-4734-9782-4eba950d210f",
"indicator--56e69190-3694-4ff8-983b-4a1e950d210f",
"indicator--56e69190-426c-4bf2-bcdd-4d56950d210f",
"indicator--56e69190-e264-42d4-9f62-4f21950d210f",
"indicator--56e69191-91f4-4aa2-9a0a-4019950d210f",
"indicator--56e69191-1c68-49f4-979d-4f38950d210f",
"indicator--56e69191-c444-403b-bb03-4908950d210f",
"indicator--56e69191-9544-4078-9858-43a9950d210f",
"indicator--56e69192-0a2c-4a96-badd-4e16950d210f",
"indicator--56e69192-addc-4278-9b1e-4bf5950d210f",
"indicator--56e69192-c720-4fbe-ba18-46b6950d210f",
"indicator--56e69193-b25c-4bc4-a97d-44e5950d210f",
"indicator--56e69193-3418-4404-acad-4a86950d210f",
"indicator--56e69193-1284-48b4-9246-4eb2950d210f",
"indicator--56e69194-7528-496e-abfc-410b950d210f",
"indicator--56e69194-4034-406b-9cc2-4248950d210f",
"indicator--56e69194-65ec-4a61-a87e-4ba0950d210f",
"indicator--56e69195-8c68-452e-9d1c-456e950d210f",
"indicator--56e69195-2474-4819-b63c-4cad950d210f",
"indicator--56e69195-9584-4c9c-acd4-41a6950d210f",
"indicator--56e69195-da7c-42ab-9134-4770950d210f",
"indicator--56e69196-f0dc-4581-89e3-4ec4950d210f",
"indicator--56e69196-72c0-4525-bf4e-4510950d210f",
"indicator--56e69196-ee2c-44ed-b99f-4e24950d210f",
"indicator--56e69197-2d80-49a1-aa0b-47da950d210f",
"indicator--56e69197-58c8-4f37-8afe-407e950d210f",
"indicator--56e69197-d624-4dca-b0e1-456d950d210f",
"indicator--56e69198-5434-461f-89c4-4f7d950d210f",
"indicator--56e69198-3df8-4c84-93c7-4478950d210f",
"indicator--56e69198-e8c8-44a3-8536-4c64950d210f",
"indicator--56e69199-558c-4fb4-b546-4402950d210f",
"indicator--56e69199-ccf4-4e95-8f91-4b86950d210f",
"indicator--56e69199-ae90-4f74-acac-4ce4950d210f",
"indicator--56e6919a-fb94-4542-a0a4-404b950d210f",
"indicator--56e6919a-1a90-4343-86d9-42a0950d210f",
"indicator--56e6919a-8c98-49a6-8717-4d0b950d210f",
"indicator--56e6919b-8730-46e1-a5a5-422f950d210f",
"indicator--56e6919b-4298-4888-9284-42ab950d210f",
"indicator--56e6919b-a8f4-413e-ab04-4032950d210f",
"indicator--56e6919c-af40-4e84-87c9-470c950d210f",
"indicator--56e6919c-9994-4dca-86eb-4957950d210f",
"indicator--56e6919c-9910-4b75-a5d0-4001950d210f",
"indicator--56e6919c-f2ec-4d57-8e31-4c7b950d210f",
"indicator--56e6919d-7fa4-4d6a-939a-4f1f950d210f",
"indicator--56e6919d-1544-4d91-b377-4aa3950d210f",
"indicator--56e6919d-27f8-4983-a974-44d3950d210f",
"indicator--56e6919d-0670-41e1-8280-4bdb950d210f",
"indicator--56e6919e-f30c-46ac-83b7-4fc9950d210f",
"indicator--56e6919e-21f8-4d9b-89b1-4372950d210f",
"indicator--56e6919e-2ce0-4a7f-97bb-4ade950d210f",
"indicator--56e6919f-f568-4339-b9f4-48c9950d210f",
"indicator--56e6919f-6e78-46bc-94f9-48e6950d210f",
"indicator--56e6919f-ba1c-4ef3-8339-474c950d210f",
"indicator--56e691a0-79b0-4fb2-bec7-4784950d210f",
"indicator--56e691a0-b64c-4581-bdfa-4417950d210f",
"indicator--56e691a0-0444-47fc-bf0e-4850950d210f",
"indicator--56e691a1-cc1c-42db-a482-4189950d210f",
"indicator--56e691a1-6bc8-469c-8d51-42b2950d210f",
"indicator--56e691a1-9b88-4165-a1b0-4ddf950d210f",
"indicator--56e691a2-2420-4079-b8ea-4e0e950d210f",
"indicator--56e691a2-90cc-4b0f-b39b-4724950d210f",
"indicator--56e691a2-13a8-4570-8716-4828950d210f",
"indicator--56e691a3-1efc-495f-817a-4ebe950d210f",
"indicator--56e691a3-f358-4342-89a7-4a8a950d210f",
"indicator--56e691a3-790c-451f-82ec-4d73950d210f",
"indicator--56e691a4-e2cc-48f3-9ae8-479c950d210f",
"indicator--56e691a4-a404-4d28-9cde-42fd950d210f",
"indicator--56e691a4-904c-4221-b1e3-4e4f950d210f",
"indicator--56e691a5-baa0-4429-a3b0-4af9950d210f",
"indicator--56e691a5-bea4-4df9-a90d-49aa950d210f",
"indicator--56e691a5-35ec-4ba6-9694-41e8950d210f",
"indicator--56e691a6-4d1c-4026-82a9-457e950d210f",
"indicator--56e691a6-e67c-440f-a20c-4f7b950d210f",
"indicator--56e691a6-ccd0-4381-b1f6-42a9950d210f",
"indicator--56e691a7-4138-4988-a5ab-466c950d210f",
"indicator--56e691a7-de64-4107-8f3b-4165950d210f",
"indicator--56e691a7-b6cc-47bd-aa63-4e5f950d210f",
"indicator--56e691a8-bb34-4cbf-9bc1-4569950d210f",
"indicator--56e691a8-9930-491b-a133-4d9e950d210f",
"indicator--56e691a8-0128-405d-99b0-42df950d210f",
"indicator--56e691a9-e880-4b7e-a232-4668950d210f",
"indicator--56e691a9-a9dc-44c2-a90f-4291950d210f",
"indicator--56e691a9-177c-4f60-b3be-4ba9950d210f",
"indicator--56e691aa-4e24-4d9c-b2ba-4f3a950d210f",
"indicator--56e691aa-52f0-4257-a5f1-46ca950d210f",
"indicator--56e691aa-3cac-4f92-8fab-452d950d210f",
"indicator--56e691ab-b3bc-40be-9f37-4d89950d210f",
"indicator--56e691ab-b290-4b69-941e-424d950d210f",
"indicator--56e691ac-9cb0-4078-9554-4c2d950d210f",
"indicator--56e691ac-2d20-4b4c-a9cc-4174950d210f",
"indicator--56e691ac-6fc8-486b-8184-4a7d950d210f",
"indicator--56e691ad-fd38-4359-b85e-49dd950d210f",
"indicator--56e691ad-40cc-4e83-b63e-4de5950d210f",
"indicator--56e691ad-7e34-435c-a08c-45a7950d210f",
"indicator--56e691ae-1fec-47a9-9c73-4a7a950d210f",
"indicator--56e691ae-e1ec-4ffd-9b57-4fc0950d210f",
"indicator--56e691ae-78c8-4ed1-9617-44ed950d210f",
"indicator--56e691af-8918-47e3-a4dd-4276950d210f",
"indicator--56e691af-5538-42f3-b877-410a950d210f",
"indicator--56e691ee-7be4-4dbe-959d-4a30950d210f",
"indicator--56e691ee-aa48-4f08-b727-403f950d210f",
"indicator--56e691ef-89e4-498c-9143-4a8f950d210f",
"indicator--56e691ef-a254-44bb-bb80-44f6950d210f",
"indicator--56e691ef-e0c0-4135-9b5d-466a950d210f",
"indicator--56e691ef-db68-466b-be74-4636950d210f",
"indicator--56e691f0-b500-4306-bd50-4537950d210f",
"indicator--56e691f0-4094-46b7-a5ee-4da7950d210f",
"indicator--56e691f0-5990-42c3-b9ba-4393950d210f",
"indicator--56e691f1-2ffc-4804-a985-48f9950d210f",
"indicator--56e691f1-d0a4-46aa-9294-484d950d210f",
"indicator--56e691f1-26e4-4840-89f5-47e5950d210f",
"indicator--56e691f2-83a4-4aa9-94c1-4231950d210f",
"indicator--56e691f2-df08-44f5-b540-4942950d210f",
"indicator--56e691f2-6068-4e09-a2d9-4a98950d210f",
"indicator--56e691f3-d22c-4d39-97b3-4058950d210f",
"indicator--56e691f3-835c-45e5-ad5b-4c87950d210f",
"indicator--56e691f3-5250-4d4c-994c-456f950d210f",
"indicator--56e691f3-dec4-4933-be2b-42e4950d210f",
"indicator--56e691f4-d190-4d7a-9be2-4243950d210f",
"indicator--56e691f4-1710-48db-a719-44c6950d210f",
"indicator--56e691f4-dbe8-4561-a9af-4095950d210f",
"indicator--56e691f5-ef38-4ed8-989f-4458950d210f",
"indicator--56e691f5-bf90-42c6-ae65-42fe950d210f",
"indicator--56e691f6-b00c-4cae-8f3a-4188950d210f",
"indicator--56e691f6-dc28-466a-a4a4-43fa950d210f",
"indicator--56e691f6-51c4-4c17-8c59-44a1950d210f",
"indicator--56e691f7-cd5c-4857-84d9-4cd9950d210f",
"indicator--56e691f7-463c-40fa-ae9e-47db950d210f",
"indicator--56e691f7-7158-489f-8c84-4d48950d210f",
"indicator--56e691f8-1050-4b63-a6f9-44dc950d210f",
"indicator--56e691f8-f4b0-4b3e-af35-498a950d210f",
"indicator--56e691f8-3e74-423e-9381-4e1e950d210f",
"indicator--56e691f8-8ec0-43b8-8baa-4ae6950d210f",
"indicator--56e691f9-e584-4933-81bf-43be950d210f",
"indicator--56e691f9-08b8-4d72-b794-4b55950d210f",
"indicator--56e691f9-bb74-492d-98f1-45aa950d210f",
"indicator--56e691f9-2b1c-4818-a724-43cd950d210f",
"indicator--56e691fa-49f0-4bf7-9745-47a6950d210f",
"indicator--56e691fa-d678-4336-8699-4414950d210f",
"indicator--56e691fa-1b20-46a8-b036-4bfb950d210f",
"indicator--56e691fb-39b8-4c5c-a70e-4bb4950d210f",
"indicator--56e691fb-a688-4e2b-8d5d-4255950d210f",
"indicator--56e691fb-7ddc-4570-a2fe-438a950d210f",
"indicator--56e691fb-0b5c-4690-9c50-4aa8950d210f",
"indicator--56e691fc-4fc8-4448-b92f-4354950d210f",
"indicator--56e691fc-3154-4cab-a132-4845950d210f",
"indicator--56e691fc-b960-415b-b55c-4266950d210f",
"indicator--56e691fd-1cb0-4b75-8f8d-4705950d210f",
"indicator--56e691fd-0f08-4a7a-8da2-4155950d210f",
"indicator--56e691fd-dbe8-44af-b6c8-48e3950d210f",
"indicator--56e691fd-1038-4700-bfef-43b1950d210f",
"indicator--56e691fe-bcf8-4b71-b26f-46b7950d210f",
"indicator--56e691fe-fd30-40d8-a039-49a1950d210f",
"indicator--56e691fe-e72c-4668-a672-403b950d210f",
"indicator--56e691ff-9d90-4736-86d3-42e4950d210f",
"indicator--56e691ff-dd7c-4eed-8ab7-47b6950d210f",
"indicator--56e691ff-9504-4bfd-be9d-4778950d210f",
"indicator--56e69200-992c-4473-a927-4f68950d210f",
"indicator--56e69200-27b0-4e68-a0ab-4d26950d210f",
"indicator--56e69200-5c5c-4e1f-8979-40d1950d210f",
"indicator--56e69201-a984-4af5-9928-4189950d210f",
"indicator--56e69201-81c0-4602-8f29-4803950d210f",
"indicator--56e69201-0820-49c5-a560-4820950d210f",
"indicator--56e69202-45a8-41a0-8bba-49c5950d210f",
"indicator--56e69202-9548-4904-9485-4dfd950d210f",
"indicator--56e69202-16b0-4ddc-b296-404e950d210f",
"indicator--56e69203-a36c-45fa-a55c-43a2950d210f",
"indicator--56e69203-2258-42b8-870f-4836950d210f",
"indicator--56e69203-3cd4-47bf-acea-45e7950d210f",
"indicator--56e69204-5ae8-4230-8d68-41c5950d210f",
"indicator--56e69204-899c-44a5-bf73-4a8f950d210f",
"indicator--56e69205-e668-4581-938b-4620950d210f",
"indicator--56e69205-cde8-4692-be8b-42b1950d210f",
"indicator--56e69205-0240-4558-98c1-43da950d210f",
"indicator--56e69206-61f4-4a2a-9bba-49be950d210f",
"indicator--56e69206-654c-4ff2-b5d1-44df950d210f",
"indicator--56e69206-facc-49d2-9533-4b82950d210f",
"indicator--56e69207-2f24-4bd3-a68a-46af950d210f",
"indicator--56e69207-7d60-47ca-8ca6-4fcc950d210f",
"indicator--56e69207-7e7c-45ae-aaa8-4cab950d210f",
"indicator--56e69208-4440-4947-974c-4d68950d210f",
"indicator--56e69208-e3ec-4595-8b72-4861950d210f",
"indicator--56e69208-4514-42c7-b765-4585950d210f",
"indicator--56e69209-dfe8-4b0e-8154-497d950d210f",
"indicator--56e69209-cd20-4f86-b154-4da3950d210f",
"indicator--56e69209-b3b4-47b5-b2ee-45ed950d210f",
"indicator--56e6920a-a7fc-4a89-81c0-4380950d210f",
"indicator--56e6920a-0ee4-4960-b2b7-4e5c950d210f",
"indicator--56e6920a-2fac-4efd-843b-400b950d210f",
"indicator--56e6920b-c430-4b18-b80e-4bc7950d210f",
"indicator--56e6920b-34d4-4d2a-853b-41fc950d210f",
"indicator--56e6920b-368c-4865-b05c-4746950d210f",
"indicator--56e6920c-20fc-494f-948b-4522950d210f",
"indicator--56e6920c-82f0-45a9-a03a-450d950d210f",
"indicator--56e6920c-3714-4419-9bc3-41bc950d210f",
"indicator--56e6920d-8e24-467c-9737-486d950d210f",
"indicator--56e6920d-2690-42e7-8ecb-43a9950d210f",
"indicator--56e6920d-3b40-42f6-b99b-445f950d210f",
"indicator--56e6920d-699c-43b4-8346-421b950d210f",
"indicator--56e69234-807c-4026-aa1f-4ced950d210f",
"indicator--56e69234-eeec-4f85-bc11-45d7950d210f",
"indicator--56e69234-d510-4474-890b-43a1950d210f",
"observed-data--56e69249-0584-489e-93d2-47b0950d210f",
"url--56e69249-0584-489e-93d2-47b0950d210f",
"observed-data--56e69264-7b0c-45bd-9efe-4fab950d210f",
"url--56e69264-7b0c-45bd-9efe-4fab950d210f",
"x-misp-attribute--56e6927b-e648-4824-bd5b-46c2950d210f",
"observed-data--56e87e34-8838-43ee-87a6-4b2002de0b81",
"url--56e87e34-8838-43ee-87a6-4b2002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:topic=\"ict\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6918f-bd24-479d-998d-46ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:19.000Z",
"modified": "2016-03-14T10:25:19.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.104.41.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6918f-aa84-4734-9782-4eba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:19.000Z",
"modified": "2016-03-14T10:25:19.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69190-3694-4ff8-983b-4a1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:20.000Z",
"modified": "2016-03-14T10:25:20.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.37.235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69190-426c-4bf2-bcdd-4d56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:20.000Z",
"modified": "2016-03-14T10:25:20.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69190-e264-42d4-9f62-4f21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:20.000Z",
"modified": "2016-03-14T10:25:20.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.188.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69191-91f4-4aa2-9a0a-4019950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:21.000Z",
"modified": "2016-03-14T10:25:21.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.231.86.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69191-1c68-49f4-979d-4f38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:21.000Z",
"modified": "2016-03-14T10:25:21.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.233.249.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69191-c444-403b-bb03-4908950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:21.000Z",
"modified": "2016-03-14T10:25:21.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.166.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69191-9544-4078-9858-43a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:21.000Z",
"modified": "2016-03-14T10:25:21.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.41.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69192-0a2c-4a96-badd-4e16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:22.000Z",
"modified": "2016-03-14T10:25:22.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.36.100.181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69192-addc-4278-9b1e-4bf5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:22.000Z",
"modified": "2016-03-14T10:25:22.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.28.20.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69192-c720-4fbe-ba18-46b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:22.000Z",
"modified": "2016-03-14T10:25:22.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69193-b25c-4bc4-a97d-44e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:23.000Z",
"modified": "2016-03-14T10:25:23.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69193-3418-4404-acad-4a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:23.000Z",
"modified": "2016-03-14T10:25:23.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.206.200.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69193-1284-48b4-9246-4eb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:23.000Z",
"modified": "2016-03-14T10:25:23.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.20.163.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69194-7528-496e-abfc-410b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:24.000Z",
"modified": "2016-03-14T10:25:24.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69194-4034-406b-9cc2-4248950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:24.000Z",
"modified": "2016-03-14T10:25:24.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.165.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69194-65ec-4a61-a87e-4ba0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:24.000Z",
"modified": "2016-03-14T10:25:24.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69195-8c68-452e-9d1c-456e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:25.000Z",
"modified": "2016-03-14T10:25:25.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.220.20.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69195-2474-4819-b63c-4cad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:25.000Z",
"modified": "2016-03-14T10:25:25.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69195-9584-4c9c-acd4-41a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:25.000Z",
"modified": "2016-03-14T10:25:25.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69195-da7c-42ab-9134-4770950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:25.000Z",
"modified": "2016-03-14T10:25:25.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.244.10.252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69196-f0dc-4581-89e3-4ec4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:26.000Z",
"modified": "2016-03-14T10:25:26.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69196-72c0-4525-bf4e-4510950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:26.000Z",
"modified": "2016-03-14T10:25:26.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.204.249.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69196-ee2c-44ed-b99f-4e24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:26.000Z",
"modified": "2016-03-14T10:25:26.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69197-2d80-49a1-aa0b-47da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:27.000Z",
"modified": "2016-03-14T10:25:27.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69197-58c8-4f37-8afe-407e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:27.000Z",
"modified": "2016-03-14T10:25:27.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69197-d624-4dca-b0e1-456d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:27.000Z",
"modified": "2016-03-14T10:25:27.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.9.53.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69198-5434-461f-89c4-4f7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:28.000Z",
"modified": "2016-03-14T10:25:28.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69198-3df8-4c84-93c7-4478950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:28.000Z",
"modified": "2016-03-14T10:25:28.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69198-e8c8-44a3-8536-4c64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:28.000Z",
"modified": "2016-03-14T10:25:28.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.194.250.188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69199-558c-4fb4-b546-4402950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:29.000Z",
"modified": "2016-03-14T10:25:29.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.41.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69199-ccf4-4e95-8f91-4b86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:29.000Z",
"modified": "2016-03-14T10:25:29.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69199-ae90-4f74-acac-4ce4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:29.000Z",
"modified": "2016-03-14T10:25:29.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.64.154.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919a-fb94-4542-a0a4-404b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:30.000Z",
"modified": "2016-03-14T10:25:30.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.28.20.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919a-1a90-4343-86d9-42a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:30.000Z",
"modified": "2016-03-14T10:25:30.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.40.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919a-8c98-49a6-8717-4d0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:30.000Z",
"modified": "2016-03-14T10:25:30.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919b-8730-46e1-a5a5-422f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:31.000Z",
"modified": "2016-03-14T10:25:31.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.220.16.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919b-4298-4888-9284-42ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:31.000Z",
"modified": "2016-03-14T10:25:31.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.140.140.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919b-a8f4-413e-ab04-4032950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:31.000Z",
"modified": "2016-03-14T10:25:31.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.140.191.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919c-af40-4e84-87c9-470c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:32.000Z",
"modified": "2016-03-14T10:25:32.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.36.100.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919c-9994-4dca-86eb-4957950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:32.000Z",
"modified": "2016-03-14T10:25:32.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.135.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919c-9910-4b75-a5d0-4001950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:32.000Z",
"modified": "2016-03-14T10:25:32.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919c-f2ec-4d57-8e31-4c7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:32.000Z",
"modified": "2016-03-14T10:25:32.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.208.83.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919d-7fa4-4d6a-939a-4f1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:33.000Z",
"modified": "2016-03-14T10:25:33.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.63.56.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919d-1544-4d91-b377-4aa3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:33.000Z",
"modified": "2016-03-14T10:25:33.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919d-27f8-4983-a974-44d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:33.000Z",
"modified": "2016-03-14T10:25:33.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919d-0670-41e1-8280-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:33.000Z",
"modified": "2016-03-14T10:25:33.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.208.83.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919e-f30c-46ac-83b7-4fc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:34.000Z",
"modified": "2016-03-14T10:25:34.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.38.48.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919e-21f8-4d9b-89b1-4372950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:34.000Z",
"modified": "2016-03-14T10:25:34.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.36.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919e-2ce0-4a7f-97bb-4ade950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:34.000Z",
"modified": "2016-03-14T10:25:34.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919f-f568-4339-b9f4-48c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:35.000Z",
"modified": "2016-03-14T10:25:35.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.79.85.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919f-6e78-46bc-94f9-48e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:35.000Z",
"modified": "2016-03-14T10:25:35.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.208.221.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6919f-ba1c-4ef3-8339-474c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:35.000Z",
"modified": "2016-03-14T10:25:35.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.244.10.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a0-79b0-4fb2-bec7-4784950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:36.000Z",
"modified": "2016-03-14T10:25:36.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.244.10.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a0-b64c-4581-bdfa-4417950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:36.000Z",
"modified": "2016-03-14T10:25:36.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.112.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a0-0444-47fc-bf0e-4850950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:36.000Z",
"modified": "2016-03-14T10:25:36.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a1-cc1c-42db-a482-4189950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:37.000Z",
"modified": "2016-03-14T10:25:37.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.128.177.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a1-6bc8-469c-8d51-42b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:37.000Z",
"modified": "2016-03-14T10:25:37.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.79.85.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a1-9b88-4165-a1b0-4ddf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:37.000Z",
"modified": "2016-03-14T10:25:37.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.68.190.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a2-2420-4079-b8ea-4e0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:38.000Z",
"modified": "2016-03-14T10:25:38.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.196.97.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a2-90cc-4b0f-b39b-4724950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:38.000Z",
"modified": "2016-03-14T10:25:38.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.22.85.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a2-13a8-4570-8716-4828950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:38.000Z",
"modified": "2016-03-14T10:25:38.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.40.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a3-1efc-495f-817a-4ebe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:39.000Z",
"modified": "2016-03-14T10:25:39.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a3-f358-4342-89a7-4a8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:39.000Z",
"modified": "2016-03-14T10:25:39.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.72.144.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a3-790c-451f-82ec-4d73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:39.000Z",
"modified": "2016-03-14T10:25:39.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a4-e2cc-48f3-9ae8-479c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:40.000Z",
"modified": "2016-03-14T10:25:40.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a4-a404-4d28-9cde-42fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:40.000Z",
"modified": "2016-03-14T10:25:40.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a4-904c-4221-b1e3-4e4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:40.000Z",
"modified": "2016-03-14T10:25:40.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a5-baa0-4429-a3b0-4af9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:41.000Z",
"modified": "2016-03-14T10:25:41.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a5-bea4-4df9-a90d-49aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:41.000Z",
"modified": "2016-03-14T10:25:41.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.187.238.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a5-35ec-4ba6-9694-41e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:41.000Z",
"modified": "2016-03-14T10:25:41.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.143.10.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a6-4d1c-4026-82a9-457e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:42.000Z",
"modified": "2016-03-14T10:25:42.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a6-e67c-440f-a20c-4f7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:42.000Z",
"modified": "2016-03-14T10:25:42.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a6-ccd0-4381-b1f6-42a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:42.000Z",
"modified": "2016-03-14T10:25:42.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a7-4138-4988-a5ab-466c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:43.000Z",
"modified": "2016-03-14T10:25:43.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a7-de64-4107-8f3b-4165950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:43.000Z",
"modified": "2016-03-14T10:25:43.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.28.20.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a7-b6cc-47bd-aa63-4e5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:43.000Z",
"modified": "2016-03-14T10:25:43.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.175.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a8-bb34-4cbf-9bc1-4569950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:44.000Z",
"modified": "2016-03-14T10:25:44.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a8-9930-491b-a133-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:44.000Z",
"modified": "2016-03-14T10:25:44.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a8-0128-405d-99b0-42df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:44.000Z",
"modified": "2016-03-14T10:25:44.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a9-e880-4b7e-a232-4668950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:45.000Z",
"modified": "2016-03-14T10:25:45.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a9-a9dc-44c2-a90f-4291950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:45.000Z",
"modified": "2016-03-14T10:25:45.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691a9-177c-4f60-b3be-4ba9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:45.000Z",
"modified": "2016-03-14T10:25:45.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691aa-4e24-4d9c-b2ba-4f3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:46.000Z",
"modified": "2016-03-14T10:25:46.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.40.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691aa-52f0-4257-a5f1-46ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:46.000Z",
"modified": "2016-03-14T10:25:46.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691aa-3cac-4f92-8fab-452d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:46.000Z",
"modified": "2016-03-14T10:25:46.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ab-b3bc-40be-9f37-4d89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:47.000Z",
"modified": "2016-03-14T10:25:47.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.101.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ab-b290-4b69-941e-424d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:47.000Z",
"modified": "2016-03-14T10:25:47.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.44.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ac-9cb0-4078-9554-4c2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:48.000Z",
"modified": "2016-03-14T10:25:48.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.48.89.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ac-2d20-4b4c-a9cc-4174950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:48.000Z",
"modified": "2016-03-14T10:25:48.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ac-6fc8-486b-8184-4a7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:48.000Z",
"modified": "2016-03-14T10:25:48.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ad-fd38-4359-b85e-49dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:49.000Z",
"modified": "2016-03-14T10:25:49.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ad-40cc-4e83-b63e-4de5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:49.000Z",
"modified": "2016-03-14T10:25:49.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ad-7e34-435c-a08c-45a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:49.000Z",
"modified": "2016-03-14T10:25:49.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ae-1fec-47a9-9c73-4a7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:50.000Z",
"modified": "2016-03-14T10:25:50.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.48.89.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ae-e1ec-4ffd-9b57-4fc0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:50.000Z",
"modified": "2016-03-14T10:25:50.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.40.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ae-78c8-4ed1-9617-44ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:50.000Z",
"modified": "2016-03-14T10:25:50.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691af-8918-47e3-a4dd-4276950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:51.000Z",
"modified": "2016-03-14T10:25:51.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.108.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691af-5538-42f3-b877-410a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:25:51.000Z",
"modified": "2016-03-14T10:25:51.000Z",
"description": "encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.120.162.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ee-7be4-4dbe-959d-4a30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:54.000Z",
"modified": "2016-03-14T10:26:54.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.231.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ee-aa48-4f08-b727-403f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:54.000Z",
"modified": "2016-03-14T10:26:54.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ef-89e4-498c-9143-4a8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:55.000Z",
"modified": "2016-03-14T10:26:55.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.106.207.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ef-a254-44bb-bb80-44f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:55.000Z",
"modified": "2016-03-14T10:26:55.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.75.240.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ef-e0c0-4135-9b5d-466a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:55.000Z",
"modified": "2016-03-14T10:26:55.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.165.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ef-db68-466b-be74-4636950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:55.000Z",
"modified": "2016-03-14T10:26:55.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.28.28.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f0-b500-4306-bd50-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:56.000Z",
"modified": "2016-03-14T10:26:56.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.106.107.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f0-4094-46b7-a5ee-4da7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:56.000Z",
"modified": "2016-03-14T10:26:56.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.124.140.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f0-5990-42c3-b9ba-4393950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:56.000Z",
"modified": "2016-03-14T10:26:56.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.68.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f1-2ffc-4804-a985-48f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:57.000Z",
"modified": "2016-03-14T10:26:57.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.69.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f1-d0a4-46aa-9294-484d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:57.000Z",
"modified": "2016-03-14T10:26:57.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.140.185.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f1-26e4-4840-89f5-47e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:57.000Z",
"modified": "2016-03-14T10:26:57.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.65.208.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f2-83a4-4aa9-94c1-4231950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:58.000Z",
"modified": "2016-03-14T10:26:58.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.120.250.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f2-df08-44f5-b540-4942950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:58.000Z",
"modified": "2016-03-14T10:26:58.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f2-6068-4e09-a2d9-4a98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:58.000Z",
"modified": "2016-03-14T10:26:58.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f3-d22c-4d39-97b3-4058950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:59.000Z",
"modified": "2016-03-14T10:26:59.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f3-835c-45e5-ad5b-4c87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:59.000Z",
"modified": "2016-03-14T10:26:59.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.218.229.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f3-5250-4d4c-994c-456f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:59.000Z",
"modified": "2016-03-14T10:26:59.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.197.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f3-dec4-4933-be2b-42e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:26:59.000Z",
"modified": "2016-03-14T10:26:59.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:26:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f4-d190-4d7a-9be2-4243950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:00.000Z",
"modified": "2016-03-14T10:27:00.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.38.55.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f4-1710-48db-a719-44c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:00.000Z",
"modified": "2016-03-14T10:27:00.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f4-dbe8-4561-a9af-4095950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:00.000Z",
"modified": "2016-03-14T10:27:00.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f5-ef38-4ed8-989f-4458950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:01.000Z",
"modified": "2016-03-14T10:27:01.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f5-bf90-42c6-ae65-42fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:01.000Z",
"modified": "2016-03-14T10:27:01.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f6-b00c-4cae-8f3a-4188950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:02.000Z",
"modified": "2016-03-14T10:27:02.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.142.140.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f6-dc28-466a-a4a4-43fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:02.000Z",
"modified": "2016-03-14T10:27:02.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f6-51c4-4c17-8c59-44a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:02.000Z",
"modified": "2016-03-14T10:27:02.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.224.154.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f7-cd5c-4857-84d9-4cd9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:03.000Z",
"modified": "2016-03-14T10:27:03.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.98.38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f7-463c-40fa-ae9e-47db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:03.000Z",
"modified": "2016-03-14T10:27:03.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f7-7158-489f-8c84-4d48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:03.000Z",
"modified": "2016-03-14T10:27:03.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f8-1050-4b63-a6f9-44dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:04.000Z",
"modified": "2016-03-14T10:27:04.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.127.239.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f8-f4b0-4b3e-af35-498a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:04.000Z",
"modified": "2016-03-14T10:27:04.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.208.83.27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f8-3e74-423e-9381-4e1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:04.000Z",
"modified": "2016-03-14T10:27:04.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f8-8ec0-43b8-8baa-4ae6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:04.000Z",
"modified": "2016-03-14T10:27:04.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.31.196.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f9-e584-4933-81bf-43be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:05.000Z",
"modified": "2016-03-14T10:27:05.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.41.41.1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f9-08b8-4d72-b794-4b55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:05.000Z",
"modified": "2016-03-14T10:27:05.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f9-bb74-492d-98f1-45aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:05.000Z",
"modified": "2016-03-14T10:27:05.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.101.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691f9-2b1c-4818-a724-43cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:05.000Z",
"modified": "2016-03-14T10:27:05.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fa-49f0-4bf7-9745-47a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:06.000Z",
"modified": "2016-03-14T10:27:06.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fa-d678-4336-8699-4414950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:06.000Z",
"modified": "2016-03-14T10:27:06.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fa-1b20-46a8-b036-4bfb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:06.000Z",
"modified": "2016-03-14T10:27:06.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fb-39b8-4c5c-a70e-4bb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:07.000Z",
"modified": "2016-03-14T10:27:07.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.216.243.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fb-a688-4e2b-8d5d-4255950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:07.000Z",
"modified": "2016-03-14T10:27:07.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.251.86.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fb-7ddc-4570-a2fe-438a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:07.000Z",
"modified": "2016-03-14T10:27:07.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fb-0b5c-4690-9c50-4aa8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:07.000Z",
"modified": "2016-03-14T10:27:07.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.166.39.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fc-4fc8-4448-b92f-4354950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:08.000Z",
"modified": "2016-03-14T10:27:08.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.170.186.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fc-3154-4cab-a132-4845950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:08.000Z",
"modified": "2016-03-14T10:27:08.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.17.1.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fc-b960-415b-b55c-4266950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:08.000Z",
"modified": "2016-03-14T10:27:08.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fd-1cb0-4b75-8f8d-4705950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:09.000Z",
"modified": "2016-03-14T10:27:09.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.17.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fd-0f08-4a7a-8da2-4155950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:09.000Z",
"modified": "2016-03-14T10:27:09.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.5.250.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fd-dbe8-44af-b6c8-48e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:09.000Z",
"modified": "2016-03-14T10:27:09.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.208.83.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fd-1038-4700-bfef-43b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:09.000Z",
"modified": "2016-03-14T10:27:09.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fe-bcf8-4b71-b26f-46b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:10.000Z",
"modified": "2016-03-14T10:27:10.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fe-fd30-40d8-a039-49a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:10.000Z",
"modified": "2016-03-14T10:27:10.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.2.163.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691fe-e72c-4668-a672-403b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:10.000Z",
"modified": "2016-03-14T10:27:10.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ff-9d90-4736-86d3-42e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:11.000Z",
"modified": "2016-03-14T10:27:11.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ff-dd7c-4eed-8ab7-47b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:11.000Z",
"modified": "2016-03-14T10:27:11.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e691ff-9504-4bfd-be9d-4778950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:11.000Z",
"modified": "2016-03-14T10:27:11.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.109.222.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69200-992c-4473-a927-4f68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:12.000Z",
"modified": "2016-03-14T10:27:12.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.166.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69200-27b0-4e68-a0ab-4d26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:12.000Z",
"modified": "2016-03-14T10:27:12.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69200-5c5c-4e1f-8979-40d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:12.000Z",
"modified": "2016-03-14T10:27:12.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69201-a984-4af5-9928-4189950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:13.000Z",
"modified": "2016-03-14T10:27:13.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69201-81c0-4602-8f29-4803950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:13.000Z",
"modified": "2016-03-14T10:27:13.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.31.204.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69201-0820-49c5-a560-4820950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:13.000Z",
"modified": "2016-03-14T10:27:13.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.109.19.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69202-45a8-41a0-8bba-49c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:14.000Z",
"modified": "2016-03-14T10:27:14.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.69.141']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69202-9548-4904-9485-4dfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:14.000Z",
"modified": "2016-03-14T10:27:14.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.71.64.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69202-16b0-4ddc-b296-404e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:14.000Z",
"modified": "2016-03-14T10:27:14.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.45.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69203-a36c-45fa-a55c-43a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:15.000Z",
"modified": "2016-03-14T10:27:15.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.40.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69203-2258-42b8-870f-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:15.000Z",
"modified": "2016-03-14T10:27:15.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.71.64.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69203-3cd4-47bf-acea-45e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:15.000Z",
"modified": "2016-03-14T10:27:15.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.49.12.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69204-5ae8-4230-8d68-41c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:16.000Z",
"modified": "2016-03-14T10:27:16.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.58.207.243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69204-899c-44a5-bf73-4a8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:16.000Z",
"modified": "2016-03-14T10:27:16.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.124.66.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69205-e668-4581-938b-4620950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:17.000Z",
"modified": "2016-03-14T10:27:17.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.227.16.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69205-cde8-4692-be8b-42b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:17.000Z",
"modified": "2016-03-14T10:27:17.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.75.240.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69205-0240-4558-98c1-43da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:17.000Z",
"modified": "2016-03-14T10:27:17.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.139.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69206-61f4-4a2a-9bba-49be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:18.000Z",
"modified": "2016-03-14T10:27:18.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.220.16.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69206-654c-4ff2-b5d1-44df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:18.000Z",
"modified": "2016-03-14T10:27:18.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69206-facc-49d2-9533-4b82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:18.000Z",
"modified": "2016-03-14T10:27:18.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.108.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69207-2f24-4bd3-a68a-46af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:19.000Z",
"modified": "2016-03-14T10:27:19.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.195.77.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69207-7d60-47ca-8ca6-4fcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:19.000Z",
"modified": "2016-03-14T10:27:19.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.69.230.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69207-7e7c-45ae-aaa8-4cab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:19.000Z",
"modified": "2016-03-14T10:27:19.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.255.28.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69208-4440-4947-974c-4d68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:20.000Z",
"modified": "2016-03-14T10:27:20.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.140.192.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69208-e3ec-4595-8b72-4861950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:20.000Z",
"modified": "2016-03-14T10:27:20.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.31.209.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69208-4514-42c7-b765-4585950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:20.000Z",
"modified": "2016-03-14T10:27:20.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.120.162.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69209-dfe8-4b0e-8154-497d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:21.000Z",
"modified": "2016-03-14T10:27:21.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.220.16.185']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69209-cd20-4f86-b154-4da3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:21.000Z",
"modified": "2016-03-14T10:27:21.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.120.162.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69209-b3b4-47b5-b2ee-45ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:21.000Z",
"modified": "2016-03-14T10:27:21.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.56.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920a-a7fc-4a89-81c0-4380950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:22.000Z",
"modified": "2016-03-14T10:27:22.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.164.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920a-0ee4-4960-b2b7-4e5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:22.000Z",
"modified": "2016-03-14T10:27:22.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.31.204.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920a-2fac-4efd-843b-400b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:22.000Z",
"modified": "2016-03-14T10:27:22.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.87.205.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920b-c430-4b18-b80e-4bc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:23.000Z",
"modified": "2016-03-14T10:27:23.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.31.204.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920b-34d4-4d2a-853b-41fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:23.000Z",
"modified": "2016-03-14T10:27:23.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.112.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920b-368c-4865-b05c-4746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:23.000Z",
"modified": "2016-03-14T10:27:23.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.71.65.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920c-20fc-494f-948b-4522950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:24.000Z",
"modified": "2016-03-14T10:27:24.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.109.223.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920c-82f0-45a9-a03a-450d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:24.000Z",
"modified": "2016-03-14T10:27:24.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920c-3714-4419-9bc3-41bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:24.000Z",
"modified": "2016-03-14T10:27:24.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.165.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920d-8e24-467c-9737-486d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:25.000Z",
"modified": "2016-03-14T10:27:25.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.41.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920d-2690-42e7-8ecb-43a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:25.000Z",
"modified": "2016-03-14T10:27:25.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.228.91.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920d-3b40-42f6-b99b-445f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:25.000Z",
"modified": "2016-03-14T10:27:25.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.9.53.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e6920d-699c-43b4-8346-421b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:27:25.000Z",
"modified": "2016-03-14T10:27:25.000Z",
"description": "IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.88.115.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:27:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69234-807c-4026-aa1f-4ced950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:28:04.000Z",
"modified": "2016-03-14T10:28:04.000Z",
"description": "I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.52.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:28:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69234-eeec-4f85-bc11-45d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:28:04.000Z",
"modified": "2016-03-14T10:28:04.000Z",
"description": "I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.41.148']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:28:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e69234-d510-4474-890b-43a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:28:04.000Z",
"modified": "2016-03-14T10:28:04.000Z",
"description": "I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.56.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-14T10:28:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e69249-0584-489e-93d2-47b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:28:25.000Z",
"modified": "2016-03-14T10:28:25.000Z",
"first_observed": "2016-03-14T10:28:25Z",
"last_observed": "2016-03-14T10:28:25Z",
"number_observed": 1,
"object_refs": [
"url--56e69249-0584-489e-93d2-47b0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e69249-0584-489e-93d2-47b0950d210f",
"value": "https://otx.alienvault.com/pulse/55bb83ae67db8c6f0af587a4/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e69264-7b0c-45bd-9efe-4fab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:28:52.000Z",
"modified": "2016-03-14T10:28:52.000Z",
"first_observed": "2016-03-14T10:28:52Z",
"last_observed": "2016-03-14T10:28:52Z",
"number_observed": 1,
"object_refs": [
"url--56e69264-7b0c-45bd-9efe-4fab950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e69264-7b0c-45bd-9efe-4fab950d210f",
"value": "http://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e6927b-e648-4824-bd5b-46c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-14T10:29:15.000Z",
"modified": "2016-03-14T10:29:15.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "This IOC contains all IPs I have encountered - they are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others. They may also be a C&C for the malware, or fake gambling/lottery websites. Any additional information can also be found on my blog: http://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e87e34-8838-43ee-87a6-4b2002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-15T21:27:16.000Z",
"modified": "2016-03-15T21:27:16.000Z",
"first_observed": "2016-03-15T21:27:16Z",
"last_observed": "2016-03-15T21:27:16Z",
"number_observed": 1,
"object_refs": [
"url--56e87e34-8838-43ee-87a6-4b2002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e87e34-8838-43ee-87a6-4b2002de0b81",
"value": "https://kasperskycontenthub.com/securelist/files/2016/03/Steam_Stealers_research_ENG.pdf"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink