misp-circl-feed/feeds/circl/misp/594a23b3-e954-44cd-98d7-4e2a950d210f.json

1943 lines
6.5 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--594a23b3-e954-44cd-98d7-4e2a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:50:38.000Z",
"modified": "2017-06-21T08:50:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--594a23b3-e954-44cd-98d7-4e2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:50:38.000Z",
"modified": "2017-06-21T08:50:38.000Z",
"name": "Malspam 2017-06-21 'Job Application'",
"published": "2017-06-21T08:50:47Z",
"object_refs": [
"indicator--594a2446-26d8-4dca-96de-4a8b950d210f",
"indicator--594a2446-b454-4533-a599-43f7950d210f",
"indicator--594a2446-f688-42c7-9d88-4347950d210f",
"indicator--594a24cb-50f8-4780-a52c-4bf1950d210f",
"indicator--594a24cb-6980-4b9f-89e7-44a0950d210f",
"indicator--594a24cb-a444-442f-8894-4890950d210f",
"observed-data--594a24ea-a8f4-42a0-8b7c-4b5f950d210f",
"email-message--594a24ea-a8f4-42a0-8b7c-4b5f950d210f",
"observed-data--594a2552-72bc-4656-a5d5-4b46950d210f",
"email-message--594a2552-72bc-4656-a5d5-4b46950d210f",
"email-addr--594a2552-72bc-4656-a5d5-4b46950d210f",
"observed-data--594a2575-71fc-496d-b90c-4f63950d210f",
"email-message--594a2575-71fc-496d-b90c-4f63950d210f",
"indicator--594a28eb-b348-4450-ab37-4723950d210f",
"indicator--594a28eb-b06c-4a08-ba50-47e5950d210f",
"indicator--594a28eb-1924-43eb-91e6-4206950d210f",
"indicator--594a28eb-1234-4648-aeaa-464c950d210f",
"indicator--594a28eb-a9b8-40ac-a705-4868950d210f",
"indicator--594a28eb-ad70-42f1-90a4-4a47950d210f",
"indicator--594a28eb-7cd0-4a8c-858b-4654950d210f",
"indicator--594a28eb-6124-4899-b244-492d950d210f",
"indicator--594a28eb-0800-4f00-ba79-4701950d210f",
"indicator--594a28eb-d868-4ba0-b7d0-4b47950d210f",
"indicator--594a28eb-30c0-4169-9b2a-4494950d210f",
"indicator--594a28eb-fc14-4e3a-981b-4a38950d210f",
"indicator--594a28eb-aa80-40d2-a2e9-4c64950d210f",
"indicator--594a28eb-e9d8-4e3c-88f0-438a950d210f",
"indicator--594a28eb-5d48-4420-aa62-46d2950d210f",
"indicator--594a28eb-d390-4238-9624-4638950d210f",
"indicator--594a28eb-73ec-4a23-be3b-44e2950d210f",
"indicator--594a28eb-7054-4388-b650-4066950d210f",
"indicator--594a28eb-cc30-4e05-803c-40e8950d210f",
"indicator--594a28eb-8d5c-4ba2-9ebc-4a2b950d210f",
"indicator--594a28eb-3394-4133-9e9d-4043950d210f",
"indicator--594a28eb-71e4-41cf-9d35-4f59950d210f",
"indicator--594a28eb-a714-4f54-84e9-407e950d210f",
"indicator--594a28eb-80b8-4cef-9de1-41b7950d210f",
"indicator--594a28eb-fc5c-4917-b900-40ad950d210f",
"indicator--594a28eb-075c-4f0d-90ad-4d87950d210f",
"indicator--594a28eb-4718-4fef-aa66-44c8950d210f",
"indicator--594a28eb-5024-479b-9630-4806950d210f",
"indicator--594a28eb-b520-4c10-ac34-4839950d210f",
"indicator--594a28eb-b9e0-4782-87db-4137950d210f",
"indicator--594a28eb-d4a4-46f4-9a37-406b950d210f",
"indicator--594a28eb-5818-4386-989b-4868950d210f",
"indicator--594a28eb-7938-499d-8289-468a950d210f",
"indicator--594a28eb-fbe4-4528-b5ca-4a85950d210f",
"indicator--594a28eb-e638-40b1-94c3-4908950d210f",
"indicator--594a28eb-5a0c-4af5-a88f-48ef950d210f",
"indicator--594a28eb-f810-4c30-9411-4d3b950d210f",
"indicator--594a28eb-aaa4-45d3-a0e1-4923950d210f",
"indicator--594a28eb-85d8-4b0d-af45-4532950d210f",
"indicator--594a28eb-c874-4b7f-90a1-4ede950d210f",
"indicator--594a28eb-285c-4e80-801e-4005950d210f",
"indicator--594a28eb-9c70-4de2-a0ff-4da3950d210f",
"indicator--594a28eb-cc4c-46a5-9888-496f950d210f",
"indicator--594a29b5-0238-4494-a277-4d45950d210f",
"indicator--594a29b5-ba30-40be-8407-4ada950d210f",
"indicator--594a29b5-34a8-43e0-9ae5-41c6950d210f",
"indicator--594a29b5-a760-4298-85d8-4cd2950d210f",
"indicator--594a29b5-5bb8-490a-91ce-4c83950d210f",
"indicator--594a29b5-2398-4f74-9759-433d950d210f",
"indicator--594a29b5-ffc8-4015-bf27-40a4950d210f",
"indicator--594a29b5-3270-478b-8f75-4d92950d210f",
"indicator--594a29b5-4bf4-414b-bce5-41ee950d210f",
"indicator--594a29b5-1758-4114-a8c1-4244950d210f",
"indicator--594a29b5-ca20-45cd-b413-4b8a950d210f",
"indicator--594a29b5-db30-4542-b9e7-40f1950d210f",
"indicator--594a29b5-b6e0-4af3-a6b4-4c2a950d210f",
"indicator--594a29b5-0014-499f-a13f-40c0950d210f",
"indicator--594a29b5-056c-4cdc-b97d-4509950d210f",
"indicator--594a29b5-b190-469c-af6c-4e7b950d210f",
"indicator--594a29b5-9914-4eed-8fe4-4bde950d210f",
"indicator--594a29b5-a9c0-4af7-9b28-44fb950d210f",
"indicator--594a29b5-e2a8-4f0c-97be-4597950d210f",
"indicator--594a29b5-86fc-4a83-b35d-4934950d210f",
"indicator--594a29b5-a1ac-4976-a865-42d7950d210f",
"indicator--594a29b5-f49c-4911-903c-40a1950d210f",
"indicator--594a29b5-77fc-4a3f-ae9d-42e6950d210f",
"indicator--594a29b5-7fec-4548-b8fb-4ff9950d210f",
"indicator--594a29b5-bdc4-435f-aaa2-44ad950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"MalSpam"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a2446-26d8-4dca-96de-4a8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:46:14.000Z",
"modified": "2017-06-21T07:46:14.000Z",
"description": "Executable VB file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMc91UqiIWZ5rEdLAAAgTAAgABwAM2FlNWExM2M1MGNmY2NlNWU2NTYyNDA3Mjc4MmQwYWFVVAkAA0UkSllFJEpZdXgLAAEEIQAAAAQhAAAA46WVBqvKyXLwByv3rYznC8bZJ8whCd3yfCglP9mBGr3XfWygG6BwPacA6ScTlk5wN1X3q8X3f5PhdPNu4MshsHe0PZgwh6pBh2A6zkqKgkODFM/Gv54NqoGtSty1Si9FYi3uydvswhuBbTY3ZU8t+7NvOCouzqRFx0/kCK4Nkh7K2RhDKwaXJf2u2HGAJaoPMDvnvLiTN+2sFYF1ILTNc8E/coyCNh4FRC1C/w+cNsp3//mn+qqIuFpxhD6seSZhfdRcRk0/CrMDDnqw/Pl2+eBHxPmsjDLbBlKMfEHTzdWIINlTHCQxV5oyjcflh/gweOap5c3HZ7mIOdfULGTerKiXsGkfRR63eVmwLyJpBMtj6fWm9UNJF6ZINSgfS57PQQuWLNCtEj56V/iG4YT8Rycw0iivdjYHRzAbjfE+y3ESSoP5JyIl65sKCTItIN5pQuShXeORouquJHlq18VuJafsyb1wUjCgGQEl6066Vg2LyWNaRG+aHKQleNULWg31amjbhqQkcYqF3kxSVlruKKaEY81JIDBfnRpPzNtpYT02I/54Yzm5hzDfoRFLnwfMbnxg7qSoGvG6o2B3rm8llB5VwhMlJCtPQVi+t4NEHnzp0x4idGDte+zzSQTCA8frdJEPvK1ELC2SmLU1D7JDfU1s4JM8Fh2zRV4uN/Ivsj3TBr6p84AD1QC+Bq122xRetAiuQGDgLIgYPBsY4yQzuhwQU4X9z4oiRRjHVcKrJExduPCS1DHHq4sf2aD8XLL8zMKKZ83vuRZTv+YhWvME8gaO0TzMtQjFtTrh7G7LCcE1uSHk4NyIb2O7umJUgltiNwS+05xpYUC6lYlUts9YABLvoLjVV+yAL4daHJivOKG3DBUoVASf71b8EBMFXwQh512TideoLk7U/86PhTzzjdjJZdGJ7jXF7BlFWiYlXtBKXA8x/Qx6A+FYByrQ9h+h0of+o1s10HBdPcgtBOSbnZDAqbc77+Y2GTM5PGus0jR8TLsmWnR/18FsQ07WaxTHrnetPkDidJhCuVKj5SD6vYz9+uBURz3NqHZZEvOKOJiVXnUaqwCWpy3PXqn3aRq87blXlNKTLL1J4pGoCINJvnpQ3oF1F1Ds2S30+DGOjsZRxu1si2ByqE3JC4kq7acQfn3jEHw90E6yoc6FGlEnbImxd4TCqvjl9sx5AWS96tGQ5W44BWLDjDul+Od7QNyBOpWgCBYj+GGQ6hq+iOqqsWMjMqXiFW18dRkOwluawR3dZtKWk8RPakz6zY7le3K0+eJOSnOULsTKKFX9GmoJTEquRJ6Kr98UiMppDdI40NTfiq+ob3s68QI2u9tjWKt2dc0CeapmVv0Os+n21h45iZ9KzYYst14D4gu4+dAQ6FYjzlLsqgrIjzGXJdnkbn5h+ljbHribUGvAGpPwp1STPIXspk8Ts1/j2mkvHeZGIAgP7REp/7iAsA8oRwsrzb11dkBuHikmv5dSelROV2KzIPAmLmCU98bWGo78p/OvOTP3WWRtfzHxdSEhQmLClcx/FHPclTHMv88oZkQ9VEHDOWUZwfuMkDPnLk7ojeU91IC55r9gcV9GnxX9o7Y/RutJgJlf2qO9jJYv2OjjqNEnIudK0jFOp5HHXMjcVIe86DK6z77knf83dXTy5FUZ1Mq3IqvSN0tOziTvNxSNKrGvIu+PG7TiirsR3/MRTOI+Hgmauaf2M5SQtgpAEgq2MaT21dd07uMPy63mBpPgXG2/AeNaFm9F5+80wxf6bGEB+sT1+aVokUNcmQbamMfcffiALGTVQlyEsumEmewy4p3Ht/9zXUMzVpjwYVhljm+VoWaQ5o3j5r2E5ew7TJyZvIJz3L8ItL09ocMOC42y/aKvpwTeWK2b6aV9aMaLcTKIamDLM/Sba22oLFMjTD96az4DQ+mHE8+A1oKVNH5/0l/JS3xE5pIEdDRCgi9bUzkmL8phxvi6vQmMPFPwNkOkOhz+L9HJKvMk1vWt/oiWilRmvmmk5oKhFS+2LgGLp/9lvk2pecIiDSXvSDCAi8C+3s9anLfSVSxAHGOb4hJnb2aPIVo+7GMT+V2HK/96kx0530IyahEM1OrfjDlpDy3Rzhs4uwUqFlmQUplodqXOShR99p4UdwMzEzgvfk5BFIhbkOLuuBfANLEVAB1frlIohnpKmpf1PqDtsTYZ0/5WcXPNaqJYme4zV4BQcg+b8q+DduiUI3LyAgrT0INPZsBHmJSEEhhi7KtN9WkZptYGlAaUtnp3B5Bs9ZbdC5iOaGzCfekdOVP72Z0thI1Mvvem+qKG4d9X3CI4PJ0zTvjcTCkMcc39bOS6A0FKz9MMZM+Hd/YwFCCAaLdeIsO1nQumDs0B7p8858pi45HyOdPjjugrhGUuG1V6FQmbj5HRPDlqaIuKNoOXXJJ/rLVkFMZeNZ+ClSLSFahSVTGHcdvvnUOwIoXIWcqjCal8opO3kkJMXBqoTmuZlPVTve3of3GWBf68DX9M/1LQ59vDv5izzoV7e93mDc4H+aVQ4LDiPukOWNNYbclJA9ctEdZGBzP2boemMQ/kzWIDrsz507uerhEkBNqoSHDHi1B/fbeBh4E8Vxxr7EgFa+QrRJyMnHV9pdbB6P6g+qw79sqxrLQRX9OjDlLuGhYx+2IQf4MxaaY13P+ZQP3axr6PEwFg3Tb6vH5OC4QdKDggpc1+Qy+ZPl86QdzAo0I8ZqkH9z8+xFgk4hb4Al36L9/CAEp+Chn4khzvj0jKruSfUosYTe0EpiZaRvnUGbVmzJP2Lk/suDqkVQK2Zt7SIPNiZ49uxbsCg3NrHzoNj63pe8Xy2abtoGmncwEn16rsxCVHOujFKeQw1WWG/54ZCF5dUhDC4EMGzi4fjf1+2D0/Kwnw0+IZG7K3awwbTI8bLgT5cOncomhSZDkMFAU05oP+B7eOidbYB+La6fFmU2oQhp3zdA+dHjV9w/2urWBdHc8gAiPNuzYanHgcj+BqwQUX0MsiRe5iGRPqDUTkXn8c42MOWOz2g1PPJ0xWNdoHTNraAenNfOHFq0pgEU1SV/hmFKOikhe+GiUJ6MBu5wml5l+7WW2AkhspGxVe1y6tWgZ1yUwJPbvCg4Vwti1m6JZY6zoUA9Erl6KhZbAFMAyjxWNtlKviVgLnXnc96Td6ZREirByL2HoWcOJ4w+1Kskcu5z/2TIVaXFfTHQ/30B823L2iMcVVRDK28BPkDITWLenKeWrdn47y0G9rwGnMc7lU6BFJk/b0T73XeGULQHijBoTUBdUbGey18hwWnyx/fRQMFgHbwsPdmUu84UXvvkzGRD/0Put9tGrNhMnjNeSkR8GNVLhqZHtvUUnX1C2uSfT8kZfUkmR8dMEM5mGd1IlEVI84V+3ZihQMiqW+4JDGSys1+fxYkiL9YnCdis66P9Sxrhi0HcxLzVd/ylXyqM04q3CzZgL2t2I2Ci1Q+qwvlVB/JEvFG/fWOJMTbZs8Sm1M2uuwTdOVqP9aVWwBMD9I2UZW3wcv7qluofOb5D9reJDZE+oUlFVo8unGpTXEqKk65oYlBQtGmGK3WbRQkLC7+bb/7gf3frYYQZLAublde6y7XJfjEZ2RSNhyPGu79eSeo2+mNZp1hWl8MrflR3L68z+U3IReU1JUqCFL5gy7mn7LclGNXuUh9GmX0VfzgRfQt3sBtMuZD3+E+8TyAsxf+CJt/yBlQIE2zujC6djJ66ob3uWrc+b6BmT4Z1BZGKiSoWlhslcj9Xgw9O9Fnx84GFvTFyKIMWbGHG69F5LRZFMZkFNTv43iWFFPW4ZSdptF9v1u6hSu/hT1V62XFBohLNfmgIpENoPohn2z62hx1ihtX0AE/IPuuC/j8XTDVPKyA64TRtCMgNdRJy5eIVaoGWqlCPCNdV0v5F44MecB4jMcSm
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:46:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a2446-b454-4533-a599-43f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:46:14.000Z",
"modified": "2017-06-21T07:46:14.000Z",
"description": "Executable VB file",
"pattern": "[file:name = 'poop.jpg' AND file:hashes.SHA1 = '6d275d237668f13ab001a295c0d3233129c058a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:46:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a2446-f688-42c7-9d88-4347950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:46:14.000Z",
"modified": "2017-06-21T07:46:14.000Z",
"description": "Executable VB file",
"pattern": "[file:name = 'poop.jpg' AND file:hashes.SHA256 = '524ad16ac80b196a5507fc45adfff6edc2938d498bc8e736ac69a8be7e5e8034']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:46:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a24cb-50f8-4780-a52c-4bf1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:48:27.000Z",
"modified": "2017-06-21T07:48:27.000Z",
"description": ".doc container via Email",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAA4+1UrJjNcHfhcCAADsAgAgABwAMjQyNGI0NjY0ZTViNWFhYzliMjA4ODZmMTc5ZGM3NjZVVAkAA8skSlnLJEpZdXgLAAEEIQAAAAQhAAAAVDUmNjdKfeUn15GFkhSskKzk4nk4E6Jn9dFZkoBW98zAdhiPDQ2OdMX8zy0F/B9TciC5Nsc5K4M0AzstOoJuwZ57fPmyY5YSa/VDyq/U9yS7b6/OsBGJQ2UOeBy/Mx1skLgtJz+zJJU7WZhQen8PQwEY47Lox5iJjh/XV3eaEVtZffKZ6FJll+wsPRawliMDCVU9ECPMRBTDTZ3MMTGGya9GcCsbgwFTjc6gGK1sZU8WPfhh1ChtBkS/8ffW9vN1oWCDhTfxTEyZT9zFXJeIrqCmLUuONeLqL8DrSANycTfCs/xlKY84o9o4th8I9r++a3NGsOCJ4ZikmPIcqUvJDqQisK/9UDrlrPvliFHRtc1b9m9m0HRuUM+3dhTO+Ud02oWheqO7st3zZalRuTzsVCQxddXh/xqeSIt5v3AKYWcBkfsOJk9dj+v64933wd1UqROPvd7LwZ2ug16sf+ioRw0zHuh4d9tVkl0IrQj1Omkin41V8qCCfd2GCY+bYr4mQglyf8cxLn/3Uw4eN6+AIAyxnyfaMGVGuBfNBqZOW1jOKINcsbLW7IrLCglWNca/orZJc3ZsH7w5HrCTORHm0gFWS6jY7n4tk6/4CsYeX3xGqUf57BokZGNRlWi9S3ZMOA5t5a/Pdjnnw8BdtYFy3LVohyhFaCXpRvqpkNGXhM3VvGh0FwgnQm+k/lPIg9hDwmsCwuD4Bd1ljcGXpZABubjsvV9LJioqlY2ySikwSAfE4u2/GjIMF+BwYDmD1kqqLz30DXe0IQ3lix6/FkTJcY8mfkzx4NkXgRvOtz+CABQ7VWt+IC1BHYqxc3ZG5DAr+TpnrTsMw/QYt/UvigVGyoSeAqDmHD1x5B8QCXgLJzb09qBtePZcgnbRxW9qFFGTfVB4H3xZIXbGN0evZWpNt70uJ+3EHl1MeVZqXZ8+sKJmmmJSGCGsQs6Upd3mnZZc+Jj2c/MrKhvtCPDZCo+uYtHceK8vD3Gae5aYtcuDbUhIkEfplD6Eff+DOk/RdLY8pErRoLApL4TEVT5fTQcx/4LWLoOUbqBhUDpAPWm0aHzfm8WtggLB06QR39/8M36WP3hQx8CIQYvXgd5pTS6IedXUUqnX896V8dRT9q+QkZkFz5wvwUKfsp1hdAjTSDq9RDoKKUS1LqG1oN9c8DHUANW0juowWDHAvDA6bLdL+bUsbdhd9XgbHbVtJ2LMlITgfM3qJablnI5H9hH4rSLLx4evE6+Mvn1U+qP765DL2BRs7nzmGoRcXxO0ycvHtYQoeDOC1FvEyFJvo2anMX6QJnqFUngP11RCLALwAsciX9tU+2tn0sxh5M7iY0xaDyiyELrm4oxXv17g1ANehd8BO/DO+VoZizswksrTOTzfcD1MaK6Z6ORmF9I01pilS9KUQxdwitUORHKbnMDpqw1xt85rF2L/K33nuB0uyHNQKAyfaW0DPCFzHfQlYS68rrPYAbkUqGwtb5+/lEGGidmzKnR6AYqeyVIlD8yVN4Pkh0XMdUWAv6NvNtyg4ESbXLcYiD2n4IImtNBclUV2S7fJA4tS4U09hj4huIyeYbZUy8iSrUC7XZfBnkYb1Ghtwfq5Y0XCG1v5t4FXD4JT9XKAK268SZaOd6dA44/06cyE92Dcp6bHdqE5j/RHG4yT55MG8WVngS3yWXe62TSFXa2bCBhz4nVeKcfeiH7o0F6CvBTW8yoNP5j63adt0C7i6GP5GgM/dQo5lrBjM7zkC8DZcr/FX9fXCKwbcwKGVLAXEDBx3E2koDqfWa6RdkxuDeg0pVpGClLzPTMqOO8bVz6JgB38AhLGgAeED50aQycQ0tqGB5NwcDkRZ8EWsUlrZAoa0DsjkHAHdDZudPDtNsm0evLTif5M2CQ54SdFlmtJQgCzT8cYvqAok2KQGZsgAvNNqbwwRtknAU8t26Ep857JYEPbMMnG+EqJold3pnUZvM4MqutBBSz/O7DIGnYJlRfLQwhUGwczP7EjJban1ZptAFTqegWzZoDLQ3gGjWUCcAfw3fRdSCymtBxk5WYFVYlvj/WjRg3JpbwBCeai1Eag/DoCmRj4N/dSr310Pl0xyHJJOcw/DLg1+toKLeUdp6JZMETuPb+NnVmL0TH6+NNsUJ4r4jVqP2I5zzpZQlD7qrTu+099HkRpOTuXQq4tPoMwXMt5RXSCTzxXM4OIYTP+ytuNbQKkZ4dHW3QmhkPaKEccPMzDTx+7zMvx4T+m6hDnwxO/N3tt0KD7A0hvMKaK5wIS4zr0nGEm1C7wj8f9/BWEiqWS4kSuiu4MMVcWjcrgSLYEaB2ggpG6yfjLvRhnkULzqiq5kGCh8GJkvVxamXla7b9GrKw7Kb7PaUgAybD5U+thoYxJSMXIO9kJw3oNnGpJOTvUSkyBWjnhRkGFJjzNs65k1LCxPR7kvxa6cyQreKFaoGSrb6jh7wAGSk7IklHkYjqUUL9B+RiLed5DcsLG6lXAdLHntoq2lKJPZb8I5NX2xWmECb2SpBjzQDuhAIcXR03NseZPff4oE0ljm47rGDlgE8Y9LmWBLSJgQpfB/2FUh4oyL/HMZmugur/RzUe1JPaeKCT3o6yB9/NIXPjR1p7O2+qN/U4ZOkGIXWi8gUA9kUzXuLU6bGrLhl5wI//EsbDPs9alrDfLKJD2RpB+z5eB+ocCJRX6wePbFqAR+4FqYCTjkakuY3CqYyfrx92BuA1bZyMfkW+dmscCZdfE9ZNM4JjCRnPnGqP9NxgPbOyjmMDJbku22IFpilAMpP+iLM9LQEVxGfD3BKizKgyXLdvIvlJ0/9BZX3koElY7moghwdiDmyffraaIqOuC2oeaTbezLqzt2/cVsuMUWm0uH/dSpmYLkVpqYHw+V43g6Sb1XdtteZqSlaAw7PRFAsgPll46HkhxM1cSTsEWLTwoNDRz40gbeHs+20on6TIGFMydLPhc7KoC5I+5Ad/ypLHtPbgentuK/qj0XuvlJCVyxhfk++nqxrsbyUlw9ZedbdG0BnlfL8lxxCzWeJBv5RWMqFfOcMeBxffYiFYHDvkGNBhXUm5HH6ElpY/q7lC30NlF9hPHUq2A+LjC64KYdA9AO51Z7jPTqNjHiYJYCTXhqkztVzCvXzG1E+MjZivHlJoSeWfFrIXV+/FTlrCY9wdL9JjQPP7b6EIXMTg/u3/BGP6JSmvnteTf+poj1ErVM/SZ9zij8G91r1E4wy0T/u8MRE/UN2EnnrufuNHnBjND+gAv5hRLhGfs+GwXfIWO64qrqlGdVKlikqJtvBafblbL2nr0DeY+6O+z3GiENq7D44p9zurfil8vPR5CIF/tLKuez8yLuWk5uHQGYqgqzKRGG2oSSOYgsjFACqlvZ+BscmVrQEJ1pTaQyHCCPCXEh73svRNEUDOhDLYe6FfjQ49denT6abj0IdQjNjQOkezMeX8XSDbauXnjNk9Uz1OzlqDQKUsCxZ2T5SScVPL0IZTyFYDtpaKlUnHvuBmwd8WaHkkAIrskvd0QkP1fMeZK8AjO81s39a4Vleyw30t0+5FzoZoISiilCt81bAYbQYSsffhZ4leJUcmKBSLNjJWJkdrSvBgbftwwCTnuyb9vOym9D00u8t2QsDzxmj5m27itQNDYpf2zUiP/rN453CHJDCdyUf8Q/DsnCGpyRQelKyCXKEcPfp1DuQI0wE7DjqlUTyf/cdmA/LEXn/my2peLUUtXT7YwFvWlwTHxMBK0PCMc/YKlIbZEQGqv5dDZa/05QM7dNgPwJuAJKIYzNmxLoLxQNK+Nq7Rcjm8zZ03VR4uxVkk0/UdyHFCOqP/RIbW1BdoROwi1TWuUQ8xA2O5WBzps2fhligG8QTRL+BNtpdRuLpdAaDrkbFOJioDjrv/QR7Paw0lujTZgK9adLcXS1vcrYnYATRqbYk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:48:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a24cb-6980-4b9f-89e7-44a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:48:27.000Z",
"modified": "2017-06-21T07:48:27.000Z",
"description": ".doc container via Email",
"pattern": "[file:name = 'Deborah-Resume.doc' AND file:hashes.SHA1 = '61ac6d00c979026eacf4b28fcb70969d5dc6a3a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:48:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a24cb-a444-442f-8894-4890950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:48:27.000Z",
"modified": "2017-06-21T07:48:27.000Z",
"description": ".doc container via Email",
"pattern": "[file:name = 'Deborah-Resume.doc' AND file:hashes.SHA256 = '0ca31353ae0438503a2ad9ade37d463eef08cdeed35fac4feba5924eb127f32b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T07:48:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--594a24ea-a8f4-42a0-8b7c-4b5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:48:58.000Z",
"modified": "2017-06-21T07:48:58.000Z",
"first_observed": "2017-06-21T07:48:58Z",
"last_observed": "2017-06-21T07:48:58Z",
"number_observed": 1,
"object_refs": [
"email-message--594a24ea-a8f4-42a0-8b7c-4b5f950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--594a24ea-a8f4-42a0-8b7c-4b5f950d210f",
"is_multipart": false,
"subject": "Job Application"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--594a2552-72bc-4656-a5d5-4b46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:50:42.000Z",
"modified": "2017-06-21T07:50:42.000Z",
"first_observed": "2017-06-21T07:50:42Z",
"last_observed": "2017-06-21T07:50:42Z",
"number_observed": 1,
"object_refs": [
"email-message--594a2552-72bc-4656-a5d5-4b46950d210f",
"email-addr--594a2552-72bc-4656-a5d5-4b46950d210f"
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--594a2552-72bc-4656-a5d5-4b46950d210f",
"is_multipart": false,
"from_ref": "email-addr--594a2552-72bc-4656-a5d5-4b46950d210f"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--594a2552-72bc-4656-a5d5-4b46950d210f",
"value": "miller@securityupdateserver.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--594a2575-71fc-496d-b90c-4f63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T07:51:53.000Z",
"modified": "2017-06-21T07:51:53.000Z",
"first_observed": "2017-06-21T07:51:53Z",
"last_observed": "2017-06-21T07:51:53Z",
"number_observed": 1,
"object_refs": [
"email-message--594a2575-71fc-496d-b90c-4f63950d210f"
],
"labels": [
"misp:type=\"email-body\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--594a2575-71fc-496d-b90c-4f63950d210f",
"is_multipart": false,
"body": "Hi \r\nI visited your website recently.. \r\nI'm currently looking for employment either part time or as a intern to get experience in the field. \r\nPlease review my Resume and let me know what you think.\r\n\r\nBest regards, \r\n\r\n--"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-b348-4450-ab37-4723950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.79.197.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-b06c-4a08-ba50-47e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.16.4.219']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-1924-43eb-91e6-4206950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.46.194.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-1234-4648-aeaa-464c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.93.42.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-a9b8-40ac-a705-4868950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.79.197.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-ad70-42f1-90a4-4a47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.93.42.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-7cd0-4a8c-858b-4654950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.200.74.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-6124-4899-b244-492d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.101.1.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-0800-4f00-ba79-4701950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.33.222.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-d868-4ba0-b7d0-4b47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.101.2.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-30c0-4169-9b2a-4494950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.33.223.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-fc14-4e3a-981b-4a38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '152.163.56.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-aa80-40d2-a2e9-4c64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.225.197.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-e9d8-4e3c-88f0-438a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.93.174.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-5d48-4420-aa62-46d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.101.0.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-d390-4238-9624-4638950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.34.190.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-73ec-4a23-be3b-44e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '13.107.5.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-7054-4388-b650-4066950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.85.202.155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-cc30-4e05-803c-40e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.0.160.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-8d5c-4ba2-9ebc-4a2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '35.158.14.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-3394-4133-9e9d-4043950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.19.162.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-71e4-41cf-9d35-4f59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.29.135.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-a714-4f54-84e9-407e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.172.94.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-80b8-4cef-9de1-41b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.250.2.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-fc5c-4917-b900-40ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.247.166.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-075c-4f0d-90ad-4d87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.216.247.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-4718-4fef-aa66-44c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.45.217.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-5024-479b-9630-4806950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.216.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-b520-4c10-ac34-4839950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.29.136.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-b9e0-4782-87db-4137950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '161.170.238.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-d4a4-46f4-9a37-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.210.249.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-5818-4386-989b-4868950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.206.167.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-7938-499d-8289-468a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.93.174.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-fbe4-4528-b5ca-4a85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.94.232.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-e638-40b1-94c3-4908950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.241.240.143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-5a0c-4af5-a88f-48ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '152.195.39.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-f810-4c30-9411-4d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.187.86.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-aaa4-45d3-a0e1-4923950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.85.249.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-85d8-4b0d-af45-4532950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.103.134.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-c874-4b7f-90a1-4ede950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.93.174.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-285c-4e80-801e-4005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.40.210.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-9c70-4de2-a0ff-4da3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.23.220.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a28eb-cc4c-46a5-9888-496f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:06:03.000Z",
"modified": "2017-06-21T08:06:03.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.47.139.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-0238-4494-a277-4d45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.2vdddxc5vcyqvi3.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-ba30-40be-8407-4ada950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.v6p42kbjuaalj2qbzfigrbat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-34a8-43e0-9ae5-41c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.o2tzcp735ikw4tdl.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-a760-4298-85d8-4cd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.hirhirfgvv6vcz755govs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-5bb8-490a-91ce-4c83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.2dvsqalysndq7p23ua.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-2398-4f74-9759-433d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.s6ge54m523awtazeyfy7g3rel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-ffc8-4015-bf27-40a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.nhmzwx46jrudevpwr6j66ofc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-3270-478b-8f75-4d92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.swhchi4p4ttru2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-4bf4-414b-bce5-41ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.6qrgzi6kjnhzy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-1758-4114-a8c1-4244950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.cgosduh6pevgnmpe4ii6.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-ca20-45cd-b413-4b8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.nl2dtb6uf3jo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-db30-4542-b9e7-40f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.gbaa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-b6e0-4af3-a6b4-4c2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.mduplmhmz4cbsmmk6m.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-0014-499f-a13f-40c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.qhkdidhn4xlwjvblnsrgfk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-056c-4cdc-b97d-4509950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.qm5tx4h63hfcn3kocon.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-b190-469c-af6c-4e7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.4pp47cijiskr6iwojw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-9914-4eed-8fe4-4bde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.53gnzw3wsuax.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-a9c0-4af7-9b28-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.pzfaq3j7xxs5fj7ose.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-e2a8-4f0c-97be-4597950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.qymvrmjf4.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-86fc-4a83-b35d-4934950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.iujmgu7vachgnu6sn5wrh3ad.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-a1ac-4976-a865-42d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.g3ww2iuerd.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-f49c-4911-903c-40a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.gmqb7bi4djxfb5ivljf5.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-77fc-4a3f-ae9d-42e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.4jw7nf72zheawfzd.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-7fec-4548-b8fb-4ff9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.4xjxngsrp4m.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--594a29b5-bdc4-435f-aaa2-44ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-21T08:09:25.000Z",
"modified": "2017-06-21T08:09:25.000Z",
"description": "Sample of generated domains (DGA)",
"pattern": "[domain-name:value = 'www.jp4ktooobethywp6xsh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-21T08:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}