2023-06-14 17:31:25 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5a0d5bf4-99c8-4f15-9879-22b1950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-20T13:15:33.000Z" ,
"modified" : "2017-11-20T13:15:33.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5a0d5bf4-99c8-4f15-9879-22b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-20T13:15:33.000Z" ,
"modified" : "2017-11-20T13:15:33.000Z" ,
"name" : "OSINT - HIDDEN COBRA \u2013 North Korean Remote Administration Tool: FALLCHILL" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"indicator--5a0d5cac-2ef4-4bae-baa4-4a91950d210f" ,
"indicator--5a0d5cac-ba20-4bc4-8262-4bba950d210f" ,
"indicator--5a0d5cac-9b70-447e-a488-478d950d210f" ,
"indicator--5a0d5cab-007c-4517-99e0-433d950d210f" ,
"x-misp-attribute--5a0d5c2a-f1e4-4b25-b521-223f950d210f" ,
"observed-data--5a0d5c0d-b18c-4f6f-aa4f-21c1950d210f" ,
"url--5a0d5c0d-b18c-4f6f-aa4f-21c1950d210f" ,
"indicator--5a0d5cac-e5a0-4eb8-aeae-450e950d210f" ,
"indicator--5a0d5cac-d258-4609-8361-4d7a950d210f" ,
"indicator--5a0d5cac-86f4-4569-9bd2-44e6950d210f" ,
"indicator--5a0d5cac-43bc-4e34-bb67-4071950d210f" ,
"indicator--5a0d5cac-03a4-4235-9147-4ba4950d210f" ,
"indicator--5a0d5cac-052c-44da-bf20-406a950d210f" ,
"indicator--5a0d5cac-94a4-4948-b022-4729950d210f" ,
"indicator--5a0d5cac-98e8-483a-87c0-4806950d210f" ,
"indicator--5a0d5cac-b8e8-442b-b8db-4c15950d210f" ,
"indicator--5a0d5cac-4968-4900-b36b-4f77950d210f" ,
"indicator--5a0d5cac-ab6c-41d9-8db5-4538950d210f" ,
"indicator--5a0d5cac-7510-42a3-974f-4101950d210f" ,
"indicator--5a0d5cac-e318-4ceb-9e1d-464b950d210f" ,
"indicator--5a0d5cac-f0ac-4308-8aa8-4546950d210f" ,
"indicator--5a0d5cac-7364-4cec-a34d-49d3950d210f" ,
"indicator--5a0d5cac-3548-4317-ba86-47aa950d210f" ,
"indicator--5a0d5cac-19a8-4022-a693-4626950d210f" ,
"indicator--5a0d5cac-f848-4a73-9157-46db950d210f" ,
"indicator--5a0d5cac-18ec-4bc8-a595-460c950d210f" ,
"indicator--5a0d5cac-df54-41a3-9862-48cb950d210f" ,
"indicator--5a0d5cac-406c-4dac-a6fc-411c950d210f" ,
"indicator--5a0d5cac-efec-4716-a5d3-42a7950d210f" ,
"indicator--5a0d5cac-6a8c-4e1a-bad4-467e950d210f" ,
"indicator--5a0d5cac-8bf8-4464-bda7-41b9950d210f" ,
"indicator--5a0d5cac-dd70-41ea-9e72-4316950d210f" ,
"indicator--5a0d5cac-6fe4-48ff-a4da-48d4950d210f" ,
"indicator--5a0d5cac-f0c4-443e-a482-42d6950d210f" ,
"indicator--5a0d5cac-4774-448e-a959-4be3950d210f" ,
"indicator--5a0d5cac-060c-4f32-9ef5-44e7950d210f" ,
"indicator--5a0d5cac-db4c-49cd-8e8e-4d6d950d210f" ,
"indicator--5a0d5cac-52b8-4327-9ba8-48af950d210f" ,
"indicator--5a0d5cac-b904-4e2e-9886-4d18950d210f" ,
"indicator--5a0d5cac-c498-48c9-862e-4e3e950d210f" ,
"indicator--5a0d5cac-71ac-493a-be1e-45a9950d210f" ,
"indicator--5a0d5cac-690c-4409-9a7f-4f46950d210f" ,
"indicator--5a0d5cac-0f08-46a5-9976-4e9d950d210f" ,
"indicator--5a0d5cac-c828-475e-aa90-445b950d210f" ,
"indicator--5a0d5cac-52cc-4c04-b3e0-4bdf950d210f" ,
"indicator--5a0d5cac-5454-4bfa-ac35-4729950d210f" ,
"indicator--5a0d5cac-88e4-4815-bae9-490d950d210f" ,
"indicator--5a0d5cac-64e4-4694-be69-49e4950d210f" ,
"indicator--5a0d5cac-00d4-450d-90a0-4a22950d210f" ,
"indicator--5a0d5cac-44c4-4f44-822c-4a3f950d210f" ,
"indicator--5a0d5cac-2fa4-485a-a67a-42bc950d210f" ,
"indicator--5a0d5cac-811c-4636-8a32-422c950d210f" ,
"indicator--5a0d5cac-8d0c-48d7-a471-4723950d210f" ,
"indicator--5a0d5cac-92fc-4454-bc1f-499e950d210f" ,
"indicator--5a0d5cad-8fe8-49f2-826a-4b9d950d210f" ,
"indicator--5a0d5cad-fe48-4022-907e-455a950d210f" ,
"indicator--5a0d5cad-284c-44d1-8bc0-4c23950d210f" ,
"indicator--5a0d5cad-a3bc-47dd-b8bb-43bf950d210f" ,
"indicator--5a0d5cad-b52c-4840-9e6c-411a950d210f" ,
"indicator--5a0d5cad-f1cc-4186-8ddf-4701950d210f" ,
"indicator--5a0d5cad-8ee8-418c-bf8f-41eb950d210f" ,
"indicator--5a0d5cad-c090-4253-8707-4c41950d210f" ,
"indicator--5a0d5cad-d178-46f3-bef8-4ee7950d210f" ,
"indicator--5a0d5cad-ab04-40df-a071-4f0b950d210f" ,
"indicator--5a0d5cad-81f8-44bc-bd21-4882950d210f" ,
"indicator--5a0d5cad-4144-45a1-8e13-40c1950d210f" ,
"indicator--5a0d5cad-0160-47d4-bbe3-4700950d210f" ,
"indicator--5a0d5cad-9de0-4760-82fc-4864950d210f" ,
"indicator--5a0d5cad-f54c-42af-ac30-4f89950d210f" ,
"indicator--5a0d5cad-b57c-4a18-8f1c-4770950d210f" ,
"indicator--5a0d5cad-b018-4f1d-93af-482a950d210f" ,
"indicator--5a0d5cad-88b8-4899-83c5-412a950d210f" ,
"indicator--5a0d5cad-63d4-4033-9899-4982950d210f" ,
"indicator--5a0d5cad-eaac-431f-a176-430b950d210f" ,
"indicator--5a0d5cad-897c-4f7a-ba71-429e950d210f" ,
"indicator--5a0d5cad-1848-4566-84b6-43d8950d210f" ,
"indicator--5a0d5cad-12d0-47f9-9c4c-4191950d210f" ,
"indicator--5a0d5cad-71bc-4cc8-83ca-4866950d210f" ,
"indicator--5a0d5cad-8434-4f4b-8eaa-4809950d210f" ,
"indicator--5a0d5cad-da38-4053-a188-45a3950d210f" ,
"indicator--5a0d5cad-4a28-476e-9df6-4fc5950d210f" ,
"indicator--5a0d5cad-bd9c-4057-b472-4bb0950d210f" ,
"indicator--5a0d5cad-27f0-468c-9143-43f8950d210f" ,
"indicator--5a0d5cad-18a4-447f-ac34-4265950d210f" ,
"indicator--5a0d5cad-cf6c-4ed0-a3b9-480f950d210f" ,
"indicator--5a0d5cad-de7c-441f-be8d-422d950d210f" ,
"indicator--5a0d5cad-1e3c-4d69-b544-4548950d210f" ,
"indicator--5a0d5cad-3470-4089-8adc-40f3950d210f" ,
"indicator--5a0d5cad-ec70-4532-9ff5-4167950d210f" ,
"indicator--5a0d5cad-9028-4a7e-b958-4683950d210f" ,
"indicator--5a0d5cad-ea9c-4249-9228-40c9950d210f" ,
"indicator--5a0d65c3-59c0-430d-a6f9-4e6a950d210f" ,
"indicator--5a0d6a08-d304-4922-924f-7860950d210f" ,
"indicator--5a0d6a08-c718-42ec-a84a-7860950d210f" ,
"indicator--5a0d6a08-ba98-4007-8907-7860950d210f" ,
"indicator--5a0d6a08-99b4-4f94-9278-7860950d210f" ,
"indicator--5a0d6a08-defc-41fe-b70a-7860950d210f" ,
"indicator--5a0d6a76-7878-4cec-ad85-76fa950d210f" ,
"indicator--5a0d6a76-e90c-4ece-aa45-76fa950d210f" ,
"indicator--5a0d6a76-e5f0-4f3d-b7c0-76fa950d210f" ,
"observed-data--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"file--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"artifact--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"indicator--5a0d6e08-0298-459d-859f-7779950d210f" ,
"indicator--5a0d6e08-3238-4c4b-a0d1-7779950d210f" ,
"indicator--5a0d6e08-a908-4ee6-b576-7779950d210f" ,
"indicator--5a0d6e08-b020-4b90-bccf-7779950d210f" ,
"indicator--5a0d6e08-45f0-4e70-9ce1-7779950d210f" ,
"indicator--5a0d6e09-7780-4d52-967d-7779950d210f" ,
"indicator--5a0d6e09-1a98-49dc-a594-7779950d210f" ,
"indicator--5a0ed76f-4cec-4790-ac37-48a502de0b81" ,
"observed-data--5a0ed76f-74c8-4636-b565-4ca302de0b81" ,
"url--5a0ed76f-74c8-4636-b565-4ca302de0b81" ,
"indicator--5a0ed76f-d3ac-4e29-b8f3-43bf02de0b81" ,
"observed-data--5a0ed76f-45e4-4d7d-8556-4dca02de0b81" ,
"url--5a0ed76f-45e4-4d7d-8556-4dca02de0b81" ,
"indicator--5a0d68b2-c4d0-4721-936b-77bb950d210f" ,
"indicator--5a0d6aa6-a230-4f7b-8ab3-469a950d210f" ,
"indicator--5a0d6abb-4910-4c4c-9004-7753950d210f" ,
"indicator--5a0d6ada-a910-4186-90fc-21c1950d210f" ,
"indicator--5a0d6d2a-464c-4b9c-8406-421c950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:source-type=\"technical-report\"" ,
"misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"misp-galaxy:rat=\"FALLCHILL\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-2ef4-4bae-baa4-4a91950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.101.211.162']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-ba20-4bc4-8262-4bba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.0.213.173']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-9b70-447e-a488-478d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T09:38:52.000Z" ,
"modified" : "2017-11-16T09:38:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.100.189.174']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T09:38:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cab-007c-4517-99e0-433d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T09:38:51.000Z" ,
"modified" : "2017-11-16T09:38:51.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.212.132.222']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T09:38:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a0d5c2a-f1e4-4b25-b521-223f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government\u2014commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.\r\n\r\nFBI has high confidence that HIDDEN COBRA actors are using the IP addresses\u2014listed in this report\u2019s IOC files\u2014to maintain a presence on victims\u2019 networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to any North Korean government malicious cyber activity.\r\n\r\nThis alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with FALLCHILL malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the FALLCHILL malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a0d5c0d-b18c-4f6f-aa4f-21c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"first_observed" : "2017-11-17T12:34:52Z" ,
"last_observed" : "2017-11-17T12:34:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a0d5c0d-b18c-4f6f-aa4f-21c1950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a0d5c0d-b18c-4f6f-aa4f-21c1950d210f" ,
"value" : "https://www.us-cert.gov/ncas/alerts/TA17-318A"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-e5a0-4eb8-aeae-450e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.118']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-d258-4609-8361-4d7a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.141']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-86f4-4569-9bd2-44e6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.196']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-43bc-4e34-bb67-4071950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-03a4-4235-9147-4ba4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-052c-44da-bf20-406a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-94a4-4948-b022-4729950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-98e8-483a-87c0-4806950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-b8e8-442b-b8db-4c15950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.74']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-4968-4900-b36b-4f77950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.105.225.232']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-ab6c-41d9-8db5-4538950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.92.208.194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-7510-42a3-974f-4101950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.92.208.196']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-e318-4ceb-9e1d-464b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.92.208.197']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-f0ac-4308-8aa8-4546950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:52.000Z" ,
"modified" : "2017-11-17T12:34:52.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.183.21.222']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-7364-4cec-a34d-49d3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.82.74.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-3548-4317-ba86-47aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.82.86.164']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-19a8-4022-a693-4626950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.207.78.204']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-f848-4a73-9157-46db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.10.74.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-18ec-4bc8-a595-460c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.114.89.131']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-df54-41a3-9862-48cb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.114.94.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-406c-4dac-a6fc-411c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.217.27.203']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-efec-4716-a5d3-42a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.208.194.72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-6a8c-4e1a-bad4-467e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.235.53.229']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-8bf8-4464-bda7-41b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.78.100.101']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-dd70-41ea-9e72-4316950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.243.45.227']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-6fe4-48ff-a4da-48d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.232.100.154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-f0c4-443e-a482-42d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.90.93.138']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-4774-448e-a959-4be3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.160.213.239']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-060c-4f32-9ef5-44e7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.123.221.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-db4c-49cd-8e8e-4d6d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.71.90.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-52b8-4327-9ba8-48af950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.233.33.177']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-b904-4e2e-9886-4d18950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.57.90.108']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-c498-48c9-862e-4e3e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.79.99.169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-71ac-493a-be1e-45a9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.160.191.116']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-690c-4409-9a7f-4f46950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.25.89.30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-0f08-46a5-9976-4e9d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.223.213.115']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-c828-475e-aa90-445b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.223.73.81']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-52cc-4c04-b3e0-4bdf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.116.139.195']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-5454-4bfa-ac35-4729950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.74.38.115']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-88e4-4815-bae9-490d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.202.40.35']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-64e4-4694-be69-49e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.192.193.149']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-00d4-450d-90a0-4a22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.0.129.65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-44c4-4f44-822c-4a3f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.0.129.83']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-2fa4-485a-a67a-42bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.234.40.112']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-811c-4636-8a32-422c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.167.100.46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-8d0c-48d7-a471-4723950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.180.64.10']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cac-92fc-4454-bc1f-499e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.78.33.70']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-8fe8-49f2-826a-4b9d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.78.33.82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-fe48-4022-907e-455a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.163.20.178']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-284c-44d1-8bc0-4c23950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.62.168.157']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-a3bc-47dd-b8bb-43bf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.29.144.201']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-b52c-4840-9e6c-411a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.175.41.191']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-f1cc-4186-8ddf-4701950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:53.000Z" ,
"modified" : "2017-11-17T12:34:53.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.232.121.65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-8ee8-418c-bf8f-41eb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-c090-4253-8707-4c41950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.12']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-d178-46f3-bef8-4ee7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.13']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-ab04-40df-a071-4f0b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-81f8-44bc-bd21-4882950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.140']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-4144-45a1-8e13-40c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.158']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-0160-47d4-bbe3-4700950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.162']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-9de0-4760-82fc-4864950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.163']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-f54c-42af-ac30-4f89950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.164']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-b57c-4a18-8f1c-4770950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.170']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-b018-4f1d-93af-482a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.173']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-88b8-4899-83c5-412a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.179']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-63d4-4033-9899-4982950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.181']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-eaac-431f-a176-430b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.185']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-897c-4f7a-ba71-429e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.186']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-1848-4566-84b6-43d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.242.128.223']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-12d0-47f9-9c4c-4191950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.125.1.130']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-71bc-4cc8-83ca-4866950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.125.1.132']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-8434-4f4b-8eaa-4809950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.125.1.133']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-da38-4053-a188-45a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.125.1.138']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-4a28-476e-9df6-4fc5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.167.53.183']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-bd9c-4057-b472-4bb0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.103.110.134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-27f0-468c-9143-43f8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.65.90.58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-18a4-447f-ac34-4265950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.101.211.140']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-cf6c-4ed0-a3b9-480f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.101.211.170']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-de7c-441f-be8d-422d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.101.211.251']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-1e3c-4d69-b544-4548950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.113.84.130']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-3470-4089-8adc-40f3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.159.16.132']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-ec70-4532-9ff5-4167950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.211.212.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-9028-4a7e-b958-4683950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T09:38:53.000Z" ,
"modified" : "2017-11-16T09:38:53.000Z" ,
"description" : "INSTALLATION" ,
"pattern" : "[file:hashes.MD5 = '1216da2b3d6e64075e8434be1058de06']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T09:38:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d5cad-ea9c-4249-9228-40c9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T09:38:53.000Z" ,
"modified" : "2017-11-16T09:38:53.000Z" ,
"description" : "INSTALLATION" ,
"pattern" : "[file:hashes.MD5 = 'e48fe20eb1f5a5887f2ac631fed9ed63']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T09:38:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d65c3-59c0-430d-a6f9-4e6a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:17:39.000Z" ,
"modified" : "2017-11-16T10:17:39.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '10.10.30.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:17:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a08-d304-4922-924f-7860950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "(header)" ,
"pattern" : "[file:hashes.MD5 = '9c58c3fe5f463b33e9d2bc488bf4ae82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a08-c718-42ec-a84a-7860950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : ".text" ,
"pattern" : "[file:hashes.MD5 = '5e856b2016485f5d844d07ebc461690c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a08-ba98-4007-8907-7860950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : ".rdata" ,
"pattern" : "[file:hashes.MD5 = '063ef94aa302b3de760bbf4ce2f3ef9d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a08-99b4-4f94-9278-7860950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : ".data" ,
"pattern" : "[file:hashes.MD5 = '59ad2089dfe1a9456b4b456e62933a32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a08-defc-41fe-b70a-7860950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : ".rsrc" ,
"pattern" : "[file:hashes.MD5 = '3e47af504a67377daffd633c5ee43c50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a76-7878-4cec-ad85-76fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.212.132.222' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a76-e90c-4ece-aa45-76fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.100.189.174' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6a76-e5f0-4f3d-b7c0-76fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "On port 1992" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '10.10.30.110' AND network-traffic:dst_port = '1992']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"first_observed" : "2017-11-17T12:34:54Z" ,
"last_observed" : "2017-11-17T12:34:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"artifact--5a0d6b47-01d4-4bef-b59c-4fcb950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"name" : "MAR-10135536-A_WHITE_S508C.pdf" ,
"content_ref" : "artifact--5a0d6b47-01d4-4bef-b59c-4fcb950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5a0d6b47-01d4-4bef-b59c-4fcb950d210f" ,
"payload_bin" : " J V B E R i 0 x L j Y N J e L j z 9 M N C j E 1 O T Q g M C B v Y m o N P D w v T G l u Z W F y a X p l Z C A x L 0 w g O T M 2 N j I v T y A x N T k 3 L 0 U g M j k x M z E v T i A 4 L 1 Q g O T M x N j E v S C B b I D Q 4 M y A y O T d d P j 4 N Z W 5 k b 2 J q D S A g I C A g I C A g I C A g I C A g D Q o x N j A 2 I D A g b 2 J q D T w 8 L 0 R l Y 29 k Z V B h c m 1 z P D w v Q 29 s d W 1 u c y A 0 L 1 B y Z W R p Y 3 R v c i A x M j 4 + L 0 Z p b H R l c i 9 G b G F 0 Z U R l Y 29 k Z S 9 J R F s 8 R T B E O E Z E O U I x M z Y 3 N E Y 1 Q z F E M k Z E N j B B R U J G O D Q 3 Q 0 E + P E U w N z B F O D E x R U V D N T M y N D E 5 M D h D N D c y N j Y w M z g w M z d E P l 0 v S W 5 k Z X h b M T U 5 N C A y O V 0 v S W 5 m b y A x N T k z I D A g U i 9 M Z W 5 n d G g g N z E v U H J l d i A 5 M z E 2 M i 9 S b 290 I D E 1 O T U g M C B S L 1 N p e m U g M T Y y M y 9 U e X B l L 1 h S Z W Y v V 1 s x I D I g M V 0 + P n N 0 c m V h b Q 0 K a N 5 i Y m Q Q Y G B i Y P 4 D J B j F g Q S D D Y g V A i R Y W U A s R S D B L Q o k m D R B X H U Q q w 4 k 1 g Y k b h k z M D G y n Q J p Y 2 C k n P j / e + k n g A A D A D d 7 C S A N C m V u Z H N 0 c m V h b Q 1 l b m R v Y m o N c 3 R h c n R 4 c m V m D Q o w D Q o l J U V P R g 0 K I C A g I C A g I A 0 K M T Y y M i A w I G 9 i a g 0 8 P C 9 D I D I w N y 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v S S A y M z A v T C A x O T E v T G V u Z 3 R o I D E 5 N S 9 T I D E y N C 9 W I D E 2 O T 4 + c 3 R y Z W F t D Q p o 3 m J g Y G B i Y G A 2 Y 2 B m Y O D P Y O B n Q A B + o B g L E H I 8 E P L c w 8 H A I C T g y W B 0 Y H / D 5 D a j 27 X 7 g Q q E X N O F 3 M K F X K c V a r p C U P p E V b c C B s E I B k Y P B k Y J B g a W B g b B B g Y l I J n B w M D a g G Y K 0 A g R B o Y P S U C a E 4 i 5 Q J Y y K g L t T e P v Y W C Y 78 D I w N i w r j N 1 y i V u H b C D R B k Y v v i B 1 A D d f B v u T D U G x s g 2 i C h D H x C L M T B 81 w T S A g w M S b E M I O + x T A R S m g y M W c s h y h i d A Q I M A N U 6 J w Q N C m V u Z H N 0 c m V h b Q 1 l b m R v Y m o N M T U 5 N S A w I G 9 i a g 0 8 P C 9 B Y 3 J v R m 9 y b S A x N j A 3 I D A g U i 9 M Y W 5 n K G V u K S 9 N Y X J r S W 5 m b z w 8 L 0 1 h c m t l Z C B 0 c n V l P j 4 v T W V 0 Y W R h d G E g M z k g M C B S L 0 9 w Z W 5 B Y 3 R p b 24 g M T U 5 N i A w I F I v U G F n Z U x h Y m V s c y A x N T k w I D A g U i 9 Q Y W d l T G F 5 b 3 V 0 L 1 N p b m d s Z V B h Z 2 U v U G F n Z X M g M T U 5 M i A w I F I v U 3 R y d W N 0 V H J l Z V J v b 3 Q g O D M g M C B S L 1 R 5 c G U v Q 2 F 0 Y W x v Z y 9 W a W V 3 Z X J Q c m V m Z X J l b m N l c z w 8 L 0 N l b n R l c l d p b m R v d y B 0 c n V l L 0 R p c 3 B s Y X l E b 2 N U a X R s Z S B 0 c n V l L 0 Z p d F d p b m R v d y B 0 c n V l P j 4 + P g 1 l b m R v Y m o N M T U 5 N i A w I G 9 i a g 0 8 P C 9 E W z E 1 O T c g M C B S L 1 h Z W i B u d W x s I G 51 b G w g M S 4 w X S 9 T L 0 d v V G 8 + P g 1 l b m R v Y m o N M T U 5 N y A w I G 9 i a g 0 8 P C 9 B b m 5 v d H M g M T Y w O C A w I F I v Q 29 u d G V u d H M g M T Y w M C A w I F I v Q 3 J v c E J v e F s w I D A g N j E y I D c 5 M l 0 v T W V k a W F C b 3 h b M C A w I D Y x M i A 3 O T J d L 1 B h c m V u d C A x N T k y I D A g U i 9 S Z X N v d X J j Z X M 8 P C 9 D b 2 x v c l N w Y W N l P D w v Q 1 M w I D E 2 M T A g M C B S P j 4 v R X h 0 R 1 N 0 Y X R l P D w v R 1 M w I D E 2 M T E g M C B S P j 4 v R m 9 u d D w 8 L 1 Q x X z A g M T Y x N C A w I F I v V F Q w I D E 2 M T Y g M C B S L 1 R U M S A x N j E 4 I D A g U i 9 U V D I g M T Y y M C A w I F I + P i 9 Q c m 9 j U 2 V 0 W y 9 Q R E Y v V G V 4 d C 9 J b W F n Z U N d L 1 h P Y m p l Y 3 Q 8 P C 9 J b T A g M T Y w N S A w I F I + P j 4 + L 1 J v d G F 0 Z S A w L 1 N 0 c n V j d F B h c m V u d H M g M C 9 U Y W J z L 1 M v V H l w Z S 9 Q Y W d l P j 4 N Z W 5 k b 2 J q D T E 1 O T g g M C B v Y m o N P D w v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 Z p c n N 0 I D E 0 M C 9 M Z W 5 n d G g g M T E 4 N C 9 O I D E 1 L 1 R 5 c G U v T 2 J q U 3 R t P j 5 z d H J l Y W 0 N C m j e x F f b b t s 4 E P 0 V P i Y P N i 8 S K W l R G L D j Z h u g a Y M 43 S z W 8 I N q M 7 a w j m R I S t P 8 / c 4 M R U n 2 x s 0 F C y y E s Y a X 4 c x w D g 9 l a U T E B J N G x E y i G J E w K V G R g q l I o y K Z S k h R L N C k B C y I J S o h C 8 M E F e j W M W m G y S g x q E V M N Y Y x U 1 o p 1 B K m 4 j g E T Q k W i C R C T c K y R r E P H / h 0 f M I / 2e0 P C O n m D n 7 W 7 J R P r 2 H g Y 74 s V l m + B v V q e j 4 t l r 6 D x Q r m X Y 9 G / L z I a x g m 81 h g J / 8 r n X 5 n E C h N w C m Z 3 a 6 q + W I 0 m l O i 0 L 8 A k 7 E L A i 0 m M 2 j P 4 L l 52 l k + K c q V L f k t E 2 D s G n N c W S z 42 V w M Y d 9 A 4 L 3 g V 5 B + E t E S 13 Z Z z 8 M 4 G A Y h 0 0E8 B D / a 6 K G C Y R 1 G 0 F z w W V 0 + L O u r t L R 5 z Y K I z x 6 + 1 + j v c 5 b / 7 T y P 87 y o I U x + c X Y 2 S S u 7 w s q E P u C v V + w u 3 V Y W l E s m + W z c N G e X G I 1 y S 3 z 8 W f 8 + q 9 P a 8 m L n x j F t v n n a b W z O F K 926 d K y w L 1 x V f T j t 5 X f Z v k 4 r 7 K 2 P c 3 u 7 i z E u 7 S V Q w K m 6 v w 0 U 0 a j Z g 0 s B L / J 7 m 0 1 u C 7 u 0 7 y d 4 Z C D h u d Z W d V n m 7 R k g n 9 O G 1 V p 3e4 E r i z 5 T f E t z 8 D W Y v Z B 55 I 83 G a r e l P N l Q Y g B Q H D 9 / 8 l 6 D + E 0 6 O F I I m h H U V w i G I 3 h k J j J m R 78 U a d z U u C c 2 k + r O E l D E O W A H I j O F v G R C S k w 5 H V 2 p C O Q j H A 6 f R j c a O j + H l o i z q O + 7 E E 1 v c 69 l P c E A P l a x K K i 3 S Y h 3 r / 3 e b c j 73 R o 2 f y 9 j H 294 T i a 3 R c M 4 T 9 V K j D W 4 d I G 3 g a g 2 Z H / S w p D p Z 1 H Z A b N j B 3 t K B 8 d G f t 86 D Y t T M m Q x x I s J B o i I X F D d X O F e p i L 9 U 25 Z 7 / y G D a p o W A o B 4 H G t c T 4 E z R S 0 M H L V C o X z Y b o j s J e 8 U 5 F E y S A A F J 9 s U n 6 u W Y P W 28 O b 4 + b m Z b l G c E f T / X 74 H Q B 8 R R M e F L h 2 J B n D O u l s i j i d D 8 L N 19 s t l 6 U 1 P p + N S 6 o Y G S k p 9 v 0 3 X F A k X s M Z k U P + c D Y z Q b B E p j t a j a Z k G j 5 + l 9 t n 0 6 G Z d Z u j 2 l n i / p P Z A y t i 9 v q A M o 3 N b L D f 9 S l P f p l r p u n W e o K b + o 0 222 H O f r r Q W G m 9 X 2 / g + o S U d e G F i Z 7 e q i 5 H / 2 A t 6 n U O / u K C d 3 L N p k 1 S 3 r r m Q k z J Z e p V I d v Z Y P l o L p M a x O k i M M 2 x Q L 734 s v C B 4 w X 4 l H a C g H H H Y c k N b X o T J K 8 T P d 6 v g m Z Y C w u 9 T W k t x S E 9 I I d D 2 C P L U F X t E Q z / Z N f N a u 0 Z P G o T 6 / j 4 i R Z N i G 54 Q e 2 G 2 O v p v 6 A n f 6 P s w L X + a W 7 s D S j t E c J z I X y D Y e A S H P Q R r E w O C 4 R v O I z j a Q z D d w u y L f W R 0 E / e w T C M w Q P 1 X s / e j W r 0 R 1 f 92 / F 58 R w f 4 h j P + K 3 w b I Y 9 / Q R x 7 H L Z f d 0 M f P u 5 y Q J C 522 Z / 1 J 0 h 9 x z e v e K F x 0 f V f / 4 L O l Q I J r i o G j D J + G U 6 H E y K 7 e p F 9 E R H 0 C O D d 5 G i d / p e 5 C R v Y 0 Y j 1 H F m P K x F x 4 i + 1 d H K a 6 S / n k P N 4 e X 7 H A 2 K 7 t v u D S Q o n k G m x 2 H / j T H 5 T 4 g u G 9 T o Q 6 P 3 g e E + k / o 29 H 3 Z 7 Y B H 6 Y x / u 75 o / u u g e r K p 691 v 9 M P 54 + P j 8 K E a L G 1 Z D 9 f F j 9 P R 6 B 8 B B g D k G p T c D Q p l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D T E 1 O T k g M C B v Y m o N P D w v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 x l b m d 0 a C A y M T c + P n N 0 c m V h b Q 0 K S I l c k L F u w y A Q h v s C v M O N q T q A s 3 R B l q p 0 8 Z C 2 i p P u B M 4 W U n y g M x 7 y 9 g G S e M g A g v v 4 T x 8 n d 913 R z 6 B / O N g e 0 w w e H K M c 1 j Y I p x x 9 C S a L T h v 0 + N W d z u Z K G Q O 99 c 54 d T R E E B r I Q 8 Z z o m v s P l i b y 7744 d 6 B 4 e D k L / s k D 2 N s D k 2 p / 9 H s V 9 i v O C E l E D V S t v e w W 5 v 4 o + Z E O T a p w K A 5 q 5 h g 8 M 5 G o t s a E S h t 6 o F / W l a g e R e 2 J o 5 D y + P Q S u V z y X z Z C V e / r Y K 2 I U 5 + 9 U B V K 3 i 4 Q n X G c U Q S w r y E u L t J s A A k x 5 t p w 0 K Z W 5 k c 3 R y Z W F t D W V u Z G 9 i a g 0 x N j A w I D A g b 2 J q D T w 8 L 0 Z p b H R
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e08-0298-459d-859f-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : "(header)" ,
"pattern" : "[file:hashes.MD5 = '08697ebe4017d27c904c7117bb109ca8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e08-3238-4c4b-a0d1-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:54.000Z" ,
"modified" : "2017-11-17T12:34:54.000Z" ,
"description" : ".test" ,
"pattern" : "[file:hashes.MD5 = 'cacb1aba3ba5bddfc2f023bb4ff3c54d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e08-a908-4ee6-b576-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : ".rdata" ,
"pattern" : "[file:hashes.MD5 = '0a36c62d9bd091d84219f7d34cf59284']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e08-b020-4b90-bccf-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : ".data" ,
"pattern" : "[file:hashes.MD5 = '5c31589e75fc435a827c73e1b5bb4bca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e08-45f0-4e70-9ce1-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : ".pdata" ,
"pattern" : "[file:hashes.MD5 = 'afc6eebc27a713b8010efe7f16ee8fab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e09-7780-4d52-967d-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : ".rsrc" ,
"pattern" : "[file:hashes.MD5 = '9a33838895830247744985365b8b2948']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6e09-1a98-49dc-a594-7779950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : ".reloc" ,
"pattern" : "[file:hashes.MD5 = 'd5815368ff7a4f0c4b82c70660aa7028']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0ed76f-4cec-4790-ac37-48a502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : "INSTALLATION - Xchecked via VT: e48fe20eb1f5a5887f2ac631fed9ed63" ,
"pattern" : "[file:hashes.SHA256 = 'a606716355035d4a1ea0b15f3bee30aad41a2c32df28c2d468eafd18361d60d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a0ed76f-74c8-4636-b565-4ca302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"first_observed" : "2017-11-17T12:34:55Z" ,
"last_observed" : "2017-11-17T12:34:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a0ed76f-74c8-4636-b565-4ca302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a0ed76f-74c8-4636-b565-4ca302de0b81" ,
"value" : "https://www.virustotal.com/file/a606716355035d4a1ea0b15f3bee30aad41a2c32df28c2d468eafd18361d60d6/analysis/1510823064/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0ed76f-d3ac-4e29-b8f3-43bf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"description" : "INSTALLATION - Xchecked via VT: 1216da2b3d6e64075e8434be1058de06" ,
"pattern" : "[file:hashes.SHA256 = '0a118eb23399000d148186b9079fa59caf4c3faa7e7a8f91533e467ac9b6ff41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-17T12:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a0ed76f-45e4-4d7d-8556-4dca02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-17T12:34:55.000Z" ,
"modified" : "2017-11-17T12:34:55.000Z" ,
"first_observed" : "2017-11-17T12:34:55Z" ,
"last_observed" : "2017-11-17T12:34:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a0ed76f-45e4-4d7d-8556-4dca02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a0ed76f-45e4-4d7d-8556-4dca02de0b81" ,
"value" : "https://www.virustotal.com/file/0a118eb23399000d148186b9079fa59caf4c3faa7e7a8f91533e467ac9b6ff41/analysis/1510822839/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d68b2-c4d0-4721-936b-77bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:30:10.000Z" ,
"modified" : "2017-11-16T10:30:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e48fe20eb1f5a5887f2ac631fed9ed63' AND file:hashes.SHA1 = 'f83f30bd284074d1daaf2e262a280ca780791f2c' AND file:hashes.SSDEEP = '1536:qJhDLw1yDhhzoN/e/C/O/C/a/D/I26251K06Zk/XrqqitM4NvL:qvfw1ahEVOS+Sq7IN251ikzq5tM4NvL' AND file:name = 'E48FE20EB1F5A5887F2AC631FED9ED63' AND file:size = '94208' AND file:x_misp_entropy = '5.49321665686']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:30:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6aa6-a230-4f7b-8ab3-469a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:38:30.000Z" ,
"modified" : "2017-11-16T10:38:30.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.212.132.222') AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:38:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6abb-4910-4c4c-9004-7753950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:38:51.000Z" ,
"modified" : "2017-11-16T10:38:51.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.100.189.174') AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:38:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6ada-a910-4186-90fc-21c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:39:22.000Z" ,
"modified" : "2017-11-16T10:39:22.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '10.10.30.110') AND network-traffic:dst_port = '1992']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:39:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a0d6d2a-464c-4b9c-8406-421c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-11-16T10:49:14.000Z" ,
"modified" : "2017-11-16T10:49:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '1216da2b3d6e64075e8434be1058de06' AND file:hashes.SHA1 = '5ee752a1b2bcdb84243e615cd67397d965b16490' AND file:name = '1216DA2B3D6E64075E8434BE1058DE06' AND file:x_misp_entropy = '6.27082111511' AND file:x_misp_ssdeep = '3072:GxXIbbVcpID+5/MiPDH8QnO3oMc+i+TN85mQLP\r\ngpnejnceJEOED:Gx4bbVZD+5\r\n/MiPDchdi+TN85muP0SlO']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-11-16T10:49:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}