2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--58b87da8-48a4-4d5a-aac4-6a4902de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--58b87da8-48a4-4d5a-aac4-6a4902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"name" : "OSINT - Covert Channels and Poor Decisions: The Tale of DNSMessenger" ,
"published" : "2017-03-02T20:28:06Z" ,
"object_refs" : [
"observed-data--58b87db6-8774-454e-ab1a-2dd902de0b81" ,
"url--58b87db6-8774-454e-ab1a-2dd902de0b81" ,
"x-misp-attribute--58b87df0-5704-44fe-b7d4-6a4602de0b81" ,
"indicator--58b87e78-26c4-4fa2-a480-8f4002de0b81" ,
"indicator--58b87e79-0958-4a3f-968e-8f4002de0b81" ,
"indicator--58b87e79-24f4-4105-b0a4-8f4002de0b81" ,
"indicator--58b87e7a-a9f0-4a9a-9f4d-8f4002de0b81" ,
"indicator--58b87e7b-5108-48c3-b27f-8f4002de0b81" ,
"indicator--58b87e7c-0ef0-46b1-940c-8f4002de0b81" ,
"indicator--58b87e7d-ee4c-4054-81c5-8f4002de0b81" ,
"indicator--58b87e7d-08c8-4a2d-96cc-8f4002de0b81" ,
"indicator--58b87e7e-73f4-4cff-b172-8f4002de0b81" ,
"indicator--58b87e7f-a214-44a6-aae4-8f4002de0b81" ,
"indicator--58b87e80-3d70-4f37-a57d-8f4002de0b81" ,
"indicator--58b87e81-5be8-46fc-99e2-8f4002de0b81" ,
"indicator--58b87e81-de60-44f5-85e5-8f4002de0b81" ,
"indicator--58b87e82-c338-48bd-b4a7-8f4002de0b81" ,
"indicator--58b87e83-e494-46c4-bf87-8f4002de0b81" ,
"indicator--58b87e84-2964-4fe4-8d8a-8f4002de0b81" ,
"indicator--58b87e84-7590-45f7-8a16-8f4002de0b81" ,
"indicator--58b87e85-23e8-401c-97b1-8f4002de0b81" ,
"indicator--58b87e86-4410-4101-b9e8-8f4002de0b81" ,
"indicator--58b87e87-4ddc-4d91-b1ae-8f4002de0b81" ,
"indicator--58b87e88-b9b0-4965-ab9d-8f4002de0b81" ,
"indicator--58b87e89-1588-449c-b7a8-8f4002de0b81" ,
"indicator--58b87e8a-21f0-4663-b163-8f4002de0b81" ,
"indicator--58b87e8a-0674-4903-bb8c-8f4002de0b81" ,
"indicator--58b87e8b-b7e0-400d-a030-8f4002de0b81" ,
"indicator--58b87e8c-67a4-4b8e-b84c-8f4002de0b81" ,
"indicator--58b87e8d-35e8-4980-b3f3-8f4002de0b81" ,
"indicator--58b87e8e-9db8-4954-8f57-8f4002de0b81" ,
"indicator--58b87e8f-2cb0-480f-9869-8f4002de0b81" ,
"indicator--58b87e8f-861c-43b8-ad24-8f4002de0b81" ,
"indicator--58b87e90-3cdc-417c-b4e5-8f4002de0b81" ,
"indicator--58b87e91-a690-4963-a30b-8f4002de0b81" ,
"indicator--58b87e92-25b4-47cd-8982-8f4002de0b81" ,
"indicator--58b87e93-86ac-47b7-9dd4-8f4002de0b81" ,
"indicator--58b87e93-97fc-464a-9bbf-8f4002de0b81" ,
"indicator--58b87e94-58f8-493e-a144-8f4002de0b81" ,
"indicator--58b87e95-f168-48e2-b43b-8f4002de0b81" ,
"indicator--58b87e96-5248-4011-a7c8-8f4002de0b81" ,
"indicator--58b87e97-3d70-4e71-92b7-8f4002de0b81" ,
"indicator--58b87e97-aeec-4ffe-83eb-8f4002de0b81" ,
"indicator--58b87e98-68a0-4b0b-b491-8f4002de0b81" ,
"indicator--58b87e99-fba8-4faa-b4d0-8f4002de0b81" ,
"indicator--58b87e9a-c284-456c-aa81-8f4002de0b81" ,
"indicator--58b87e9b-cfa4-4fe2-b0e8-8f4002de0b81" ,
"indicator--58b87e9b-877c-4cec-ae71-8f4002de0b81" ,
"indicator--58b87e9c-38b0-4ca0-8d8f-8f4002de0b81" ,
"indicator--58b87e9d-74a0-48a5-b2d6-8f4002de0b81" ,
"indicator--58b87e9e-d600-4f19-a550-8f4002de0b81" ,
"indicator--58b87e9e-61f0-4771-9821-8f4002de0b81" ,
"indicator--58b87e9f-cb2c-4a1b-9bbe-8f4002de0b81" ,
"indicator--58b87ea0-d238-46f9-80bb-8f4002de0b81" ,
"indicator--58b87ea1-6560-4f24-b0b8-8f4002de0b81" ,
"indicator--58b87ea2-4a08-41dd-9c2c-8f4002de0b81" ,
"indicator--58b87ea2-0c50-471f-8b4d-8f4002de0b81" ,
"indicator--58b87ea3-73a4-4c2f-a34b-8f4002de0b81" ,
"indicator--58b87ea4-e380-4d3d-9277-8f4002de0b81" ,
"indicator--58b87ea5-a9b0-45f8-8cda-8f4002de0b81" ,
"indicator--58b87ea5-da44-4ac9-87a0-8f4002de0b81" ,
"indicator--58b87ea6-a0d8-4a90-958f-8f4002de0b81" ,
"indicator--58b87ea7-b008-4bb4-80b4-8f4002de0b81" ,
"indicator--58b87ea8-0db8-4112-857a-8f4002de0b81" ,
"indicator--58b87ea8-9980-4a6c-ace8-8f4002de0b81" ,
"indicator--58b87ea9-225c-4a77-992d-8f4002de0b81" ,
"indicator--58b87eaa-9944-4f95-aecf-8f4002de0b81" ,
"indicator--58b87eab-9d14-48fe-b3f7-8f4002de0b81" ,
"indicator--58b87eab-d524-4fca-a7a7-8f4002de0b81" ,
"indicator--58b87eac-2c28-4ec3-9f3f-8f4002de0b81" ,
"indicator--58b87ead-59f4-480d-87ca-8f4002de0b81" ,
"indicator--58b87eae-d0fc-4dbe-8a51-8f4002de0b81" ,
"indicator--58b87eaf-3988-4424-a389-8f4002de0b81" ,
"indicator--58b87eaf-a818-4b93-b966-8f4002de0b81" ,
"indicator--58b87eb0-0ebc-4bcc-a66e-8f4002de0b81" ,
"indicator--58b87eb1-15ec-4357-bc6d-8f4002de0b81" ,
"indicator--58b87eb2-c7a8-4cd1-ac01-8f4002de0b81" ,
"indicator--58b87eb2-3610-42df-bbdd-8f4002de0b81" ,
"indicator--58b87eb3-c584-4fe6-b141-8f4002de0b81" ,
"indicator--58b87eb4-dfa4-4e06-85c6-8f4002de0b81" ,
"indicator--58b87eb5-1138-4f3c-8f7f-8f4002de0b81" ,
"indicator--58b87eb6-950c-4a97-b42a-8f4002de0b81" ,
"indicator--58b87eb6-4c24-4321-a77b-8f4002de0b81" ,
"indicator--58b87eb7-38cc-453c-832e-8f4002de0b81" ,
"indicator--58b87eb8-b2c0-4214-8c65-8f4002de0b81" ,
"indicator--58b87eb9-6d38-405d-b05d-8f4002de0b81" ,
"indicator--58b87eb9-d8a8-4753-89a9-8f4002de0b81" ,
"indicator--58b87eba-8b4c-4608-a395-8f4002de0b81" ,
"indicator--58b87ebb-7b9c-4e79-a1b5-8f4002de0b81" ,
"indicator--58b87ebc-5564-48af-9304-8f4002de0b81" ,
"indicator--58b87ebc-4aec-4a49-a5a0-8f4002de0b81" ,
"indicator--58b87ebd-347c-4a05-9d2c-8f4002de0b81" ,
"indicator--58b87ebe-ce74-4024-a4eb-8f4002de0b81" ,
"indicator--58b87ebf-f4e8-4a83-9cd8-8f4002de0b81" ,
"indicator--58b87ec0-d6b0-42d4-9fbb-8f4002de0b81" ,
"indicator--58b87ec0-42a4-4aa0-b97d-8f4002de0b81" ,
"indicator--58b87ec1-1064-46cf-a8d5-8f4002de0b81" ,
"indicator--58b87ec2-5ed0-4a32-bd1e-8f4002de0b81" ,
"indicator--58b87ec3-f038-4ef5-90b8-8f4002de0b81" ,
"indicator--58b87ec3-d94c-4d9b-82f7-8f4002de0b81" ,
"indicator--58b87ec4-382c-4a96-86cd-8f4002de0b81" ,
"indicator--58b87ec5-ff3c-4686-ba6e-8f4002de0b81" ,
"indicator--58b87ec6-bce8-4e91-a37b-8f4002de0b81" ,
"indicator--58b87ec6-71f4-4112-9c60-8f4002de0b81" ,
"indicator--58b87ec7-61c4-4800-a823-8f4002de0b81" ,
"indicator--58b87ec8-aecc-4f47-b6c6-8f4002de0b81" ,
"indicator--58b87ec9-eb9c-4d2b-ae64-8f4002de0b81" ,
"indicator--58b87eca-1754-4592-aa90-8f4002de0b81" ,
"indicator--58b87eca-23bc-41ce-ba8e-8f4002de0b81" ,
"indicator--58b87eea-829c-4521-b0e5-40a602de0b81" ,
"indicator--58b87eea-3e70-4b6e-b1db-4cca02de0b81" ,
"indicator--58b87eeb-7138-493f-bb6b-4deb02de0b81" ,
"indicator--58b87eec-29c8-4475-aecc-4fd602de0b81" ,
"indicator--58b87eed-ba54-4625-a560-4c1602de0b81" ,
"indicator--58b87eee-0408-450a-ab00-40fe02de0b81" ,
"indicator--58b87eee-a180-45b6-bad1-464b02de0b81" ,
"indicator--58b87eef-411c-471f-9770-485f02de0b81" ,
"indicator--58b87f91-bc74-4999-b3c5-6a4902de0b81" ,
"indicator--58b87f92-5c4c-45ca-85a5-6a4902de0b81" ,
"observed-data--58b87f93-8fec-42ec-9055-6a4902de0b81" ,
"url--58b87f93-8fec-42ec-9055-6a4902de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58b87db6-8774-454e-ab1a-2dd902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"first_observed" : "2017-03-02T20:24:53Z" ,
"last_observed" : "2017-03-02T20:24:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58b87db6-8774-454e-ab1a-2dd902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"admiralty-scale:source-reliability=\"b\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58b87db6-8774-454e-ab1a-2dd902de0b81" ,
"value" : "http://blog.talosintelligence.com/2017/03/dnsmessenger.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--58b87df0-5704-44fe-b7d4-6a4602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"admiralty-scale:source-reliability=\"b\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be accessed by name, rather than requiring users to memorize IP addresses. While many organizations implement strict egress filtering as it pertains to web traffic, firewall rules, etc. many have less stringent controls in place to protect against DNS based threats. Attackers have recognized this and commonly encapsulate different network protocols within DNS to evade security devices.\r\n\r\nTypically this use of DNS is related to the exfiltration of information. Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e78-26c4-4fa2-a480-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'algew.me']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e79-0958-4a3f-968e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'aloqd.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e79-24f4-4105-b0a4-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'bpee.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7a-a9f0-4a9a-9f4d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'bvyv.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7b-5108-48c3-b27f-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'bwuk.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7c-0ef0-46b1-940c-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'cgqy.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7d-ee4c-4054-81c5-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'cihr.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7d-08c8-4a2d-96cc-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ckwl.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7e-73f4-4cff-b172-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'cnmah.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e7f-a214-44a6-aae4-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'coec.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e80-3d70-4f37-a57d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'cuuo.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e81-5be8-46fc-99e2-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'daskd.me']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e81-de60-44f5-85e5-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'dbxa.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e82-c338-48bd-b4a7-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'dlex.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e83-e494-46c4-bf87-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'doof.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e84-2964-4fe4-8d8a-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'dtxf.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e84-7590-45f7-8a16-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'dvso.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e85-23e8-401c-97b1-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'dyiud.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e86-4410-4101-b9e8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'eady.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e87-4ddc-4d91-b1ae-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'enuv.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e88-b9b0-4965-ab9d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'eter.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e89-1588-449c-b7a8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'fbjz.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8a-21f0-4663-b163-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'fhyi.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8a-0674-4903-bb8c-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'futh.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8b-b7e0-400d-a030-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'gjcu.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8c-67a4-4b8e-b84c-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'gjuc.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8d-35e8-4980-b3f3-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'gnoa.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8e-9db8-4954-8f57-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'grij.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8f-2cb0-480f-9869-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'gxhp.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e8f-861c-43b8-ad24-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'hvzr.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e90-3cdc-417c-b4e5-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'idjb.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e91-a690-4963-a30b-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ihrs.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e92-25b4-47cd-8982-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'jimw.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e93-86ac-47b7-9dd4-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'jomp.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e93-97fc-464a-9bbf-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'jxhv.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e94-58f8-493e-a144-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'kjke.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e95-f168-48e2-b43b-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'kshv.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e96-5248-4011-a7c8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'kwoe.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e97-3d70-4e71-92b7-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ldzp.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e97-aeec-4ffe-83eb-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'lhlv.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e98-68a0-4b0b-b491-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'lnoy.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e99-fba8-4faa-b4d0-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'lvrm.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9a-c284-456c-aa81-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'lvxf.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9b-cfa4-4fe2-b0e8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mewt.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9b-877c-4cec-ae71-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mfka.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9c-38b0-4ca0-8d8f-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mjet.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9d-74a0-48a5-b2d6-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mjut.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9e-d600-4f19-a550-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mvze.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9e-61f0-4771-9821-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'mxfg.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87e9f-cb2c-4a1b-9bbe-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'nroq.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea0-d238-46f9-80bb-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'nwrr.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea1-6560-4f24-b0b8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'nxpu.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea2-4a08-41dd-9c2c-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'oaax.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea2-0c50-471f-8b4d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'odwf.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea3-73a4-4c2f-a34b-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'odyr.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea4-e380-4d3d-9277-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'okiq.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea5-a9b0-45f8-8cda-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'oknz.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea5-da44-4ac9-87a0-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ooep.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea6-a0d8-4a90-958f-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ooyh.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea7-b008-4bb4-80b4-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'otzd.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea8-0db8-4112-857a-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'oxrp.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea8-9980-4a6c-ace8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'oyaw.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ea9-225c-4a77-992d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'pafk.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eaa-9944-4f95-aecf-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'palj.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eab-9d14-48fe-b3f7-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'pbbk.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eab-d524-4fca-a7a7-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ppdx.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eac-2c28-4ec3-9f3f-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'pvze.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ead-59f4-480d-87ca-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'qefg.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eae-d0fc-4dbe-8a51-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'qlpa.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eaf-3988-4424-a389-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'qznm.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eaf-a818-4b93-b966-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'reld.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb0-0ebc-4bcc-a66e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'rnkj.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb1-15ec-4357-bc6d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'rzzc.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb2-c7a8-4cd1-ac01-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'sgvt.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb2-3610-42df-bbdd-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'soru.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb3-c584-4fe6-b141-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'swio.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb4-dfa4-4e06-85c6-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'tijm.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb5-1138-4f3c-8f7f-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'tsrs.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb6-950c-4a97-b42a-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'turp.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb6-4c24-4321-a77b-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ueox.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb7-38cc-453c-832e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ufyb.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb8-b2c0-4214-8c65-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'utca.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb9-6d38-405d-b05d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vdfe.site']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eb9-d8a8-4753-89a9-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vjro.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eba-8b4c-4608-a395-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vkpo.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebb-7b9c-4e79-a1b5-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vpua.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebc-5564-48af-9304-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vqba.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebc-4aec-4a49-a5a0-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vwcq.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebd-347c-4a05-9d2c-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vxqt.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebe-ce74-4024-a4eb-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'vxwy.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ebf-f4e8-4a83-9cd8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'wfsv.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec0-d6b0-42d4-9fbb-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'wqiy.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec0-42a4-4aa0-b97d-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'wvzu.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec1-1064-46cf-a8d5-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'xhqd.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec2-5ed0-4a32-bd1e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'yamd.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec3-f038-4ef5-90b8-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'yedq.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec3-d94c-4d9b-82f7-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'yqox.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec4-382c-4a96-86cd-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'ysxy.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec5-ff3c-4686-ba6e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zcnt.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec6-bce8-4e91-a37b-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zdqp.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec6-71f4-4112-9c60-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zjav.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec7-61c4-4800-a823-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zjvz.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec8-aecc-4f47-b6c6-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zmyo.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87ec9-eb9c-4d2b-ae64-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zody.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eca-1754-4592-aa90-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'zugh.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eca-23bc-41ce-ba8e-8f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"description" : "C2 Domains:" ,
"pattern" : "[domain-name:value = 'cspg.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eea-829c-4521-b0e5-40a602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f9e54609f1f4136da71dbab8f57c2e68e84bcdc32a58cc12ad5f86334ac0eacf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eea-3e70-4b6e-b1db-4cca02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f82baa39ba44d9b356eb5d904917ad36446083f29dced8c5b34454955da89174']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eeb-7138-493f-bb6b-4deb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = '340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eec-29c8-4475-aecc-4fd602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = '7f0a314f15a6f20ca6dced545fbc9ef8c1634f9ff8eb736deab73e46ae131458']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eed-ba54-4625-a560-4c1602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'be5f4bfa35fc1b350d38d8ddc8e88d2dd357b84f254318b1f3b07160c3900750']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eee-0408-450a-ab00-40fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9b955d9d7f62d405da9cf05425c9b6dd3738ce09160c8a75d396a6de229d9dd7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eee-a180-45b6-bad1-464b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'fd6e7fc11a325c498d73cf683ecbe90ddbf0e1ae1d540b811012bd6980eed882']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87eef-411c-471f-9770-485f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:53.000Z" ,
"modified" : "2017-03-02T20:24:53.000Z" ,
"pattern" : "[file:hashes.SHA256 = '6bf9d311ed16e059f9538b4c24c836cf421cf5c0c1f756fdfdeb9e1792ada8ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87f91-bc74-4999-b3c5-6a4902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:49.000Z" ,
"modified" : "2017-03-02T20:24:49.000Z" ,
"description" : "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981" ,
"pattern" : "[file:hashes.SHA1 = 'd00225d485c597bea712e7c7baa4fba7d7f281e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58b87f92-5c4c-45ca-85a5-6a4902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:50.000Z" ,
"modified" : "2017-03-02T20:24:50.000Z" ,
"description" : "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981" ,
"pattern" : "[file:hashes.MD5 = '2abad0ae32dd72bac5da0af1e580a2eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-03-02T20:24:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58b87f93-8fec-42ec-9055-6a4902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-03-02T20:24:51.000Z" ,
"modified" : "2017-03-02T20:24:51.000Z" ,
"first_observed" : "2017-03-02T20:24:51Z" ,
"last_observed" : "2017-03-02T20:24:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58b87f93-8fec-42ec-9055-6a4902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58b87f93-8fec-42ec-9055-6a4902de0b81" ,
"value" : "https://www.virustotal.com/file/340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981/analysis/1488479981/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}