1722 lines
72 KiB
JSON
1722 lines
72 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--561d8626-9214-404c-bc01-4b56950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-04-15T18:54:40.000Z",
|
||
|
"modified": "2016-04-15T18:54:40.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--561d8626-9214-404c-bc01-4b56950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-04-15T18:54:40.000Z",
|
||
|
"modified": "2016-04-15T18:54:40.000Z",
|
||
|
"name": "OSINT New Discovery: Ties Between Corebot and Darknet Crypt Service by Damballa",
|
||
|
"published": "2016-04-15T18:54:51Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--561d8647-3388-47b8-aad1-102e950d210b",
|
||
|
"url--561d8647-3388-47b8-aad1-102e950d210b",
|
||
|
"x-misp-attribute--561d8650-ea88-4d5e-90a8-44d0950d210b",
|
||
|
"indicator--56209554-7df8-416f-88a0-c74e950d210b",
|
||
|
"indicator--56209554-49b0-4cb9-bbdd-c74e950d210b",
|
||
|
"indicator--56209554-4108-4a1a-ad4f-c74e950d210b",
|
||
|
"indicator--56209554-ede8-40c4-94f0-c74e950d210b",
|
||
|
"indicator--56209554-5d50-4202-81a9-c74e950d210b",
|
||
|
"indicator--56209554-83ec-4589-b58d-c74e950d210b",
|
||
|
"indicator--56209554-b320-4329-b149-c74e950d210b",
|
||
|
"indicator--56209554-4208-4c98-ace2-c74e950d210b",
|
||
|
"indicator--56209554-d988-4dde-b1b5-c74e950d210b",
|
||
|
"indicator--56209554-7554-45a5-b046-c74e950d210b",
|
||
|
"indicator--56209554-fa78-4094-8de5-c74e950d210b",
|
||
|
"indicator--56209554-8dac-473e-9b50-c74e950d210b",
|
||
|
"indicator--56209554-d0cc-4f4d-bdce-c74e950d210b",
|
||
|
"indicator--56209554-1770-4d88-ac52-c74e950d210b",
|
||
|
"indicator--56209554-3d44-4a2b-a962-c74e950d210b",
|
||
|
"indicator--56209554-cbc8-4aa4-b399-c74e950d210b",
|
||
|
"indicator--56209554-5e34-4437-8c09-c74e950d210b",
|
||
|
"indicator--56209554-f4ec-4b9e-bab6-c74e950d210b",
|
||
|
"indicator--56209554-bffc-4c96-b7ad-c74e950d210b",
|
||
|
"indicator--56209554-6014-4b92-bfae-c74e950d210b",
|
||
|
"indicator--56209554-d14c-4bd0-86d9-c74e950d210b",
|
||
|
"indicator--56209554-4d10-4ce5-8380-c74e950d210b",
|
||
|
"indicator--56209554-efe4-474f-846f-c74e950d210b",
|
||
|
"indicator--56209554-2eb8-4001-bbb7-c74e950d210b",
|
||
|
"indicator--56209554-d9c0-448d-9653-c74e950d210b",
|
||
|
"indicator--56209554-5e80-4178-becb-c74e950d210b",
|
||
|
"indicator--56209554-021c-4551-a654-c74e950d210b",
|
||
|
"indicator--56209554-aa04-4e4b-adf8-c74e950d210b",
|
||
|
"indicator--56209554-6768-4689-b526-c74e950d210b",
|
||
|
"indicator--56209554-071c-4173-be14-c74e950d210b",
|
||
|
"indicator--56209554-9f64-4d10-ab2f-c74e950d210b",
|
||
|
"indicator--56209554-2744-41fb-943a-c74e950d210b",
|
||
|
"indicator--56209554-9494-47de-8f98-c74e950d210b",
|
||
|
"indicator--56209554-0374-4f7d-96a5-c74e950d210b",
|
||
|
"indicator--56209554-2754-44f8-b36b-c74e950d210b",
|
||
|
"indicator--56209554-3b30-4032-9c61-c74e950d210b",
|
||
|
"indicator--56209554-428c-45c7-9449-c74e950d210b",
|
||
|
"indicator--56209554-3b74-4677-9bc6-c74e950d210b",
|
||
|
"indicator--56209554-345c-4e6d-b816-c74e950d210b",
|
||
|
"indicator--56209554-32bc-47e1-84b7-c74e950d210b",
|
||
|
"indicator--56209554-2e60-41d8-b82b-c74e950d210b",
|
||
|
"indicator--56209554-22fc-4704-a3bb-c74e950d210b",
|
||
|
"indicator--56209554-2fd0-460d-9a58-c74e950d210b",
|
||
|
"indicator--56209554-2c3c-4881-908a-c74e950d210b",
|
||
|
"indicator--56209554-1ee4-4e21-9fdc-c74e950d210b",
|
||
|
"indicator--56209554-244c-4b63-967f-c74e950d210b",
|
||
|
"indicator--56209554-13d4-44ab-a97a-c74e950d210b",
|
||
|
"indicator--56209554-f8d0-4c13-8964-c74e950d210b",
|
||
|
"indicator--562095df-fb74-46cf-97af-c74e950d210b",
|
||
|
"indicator--56209607-4a40-4ec8-aeb4-cc4e950d210b",
|
||
|
"indicator--5620962e-a298-464e-9d7a-4809950d210b",
|
||
|
"indicator--56209642-bcb8-4a13-9498-d019950d210b",
|
||
|
"indicator--5620964e-221c-4fe1-88d8-2adb950d210b",
|
||
|
"indicator--5620966a-96d8-426e-aece-d029950d210b",
|
||
|
"indicator--56209690-55c0-4b92-ac57-d029950d210b",
|
||
|
"indicator--562096db-7088-44c0-a313-c7cc950d210b",
|
||
|
"x-misp-attribute--56209710-51dc-4b96-96d7-d037950d210b",
|
||
|
"x-misp-attribute--56209711-57e4-4b59-bd01-d037950d210b",
|
||
|
"x-misp-attribute--56209711-c024-44a4-9fb6-d037950d210b",
|
||
|
"indicator--56209554-e8bc-4cd4-babb-c74e950d210b",
|
||
|
"indicator--56209554-b83c-4561-a5ae-c74e950d210b",
|
||
|
"indicator--5620974c-9548-4858-9197-4cf7950d210b",
|
||
|
"indicator--5620977e-2010-4191-9021-c7cc950d210b",
|
||
|
"indicator--5620977e-ce50-4007-a577-c7cc950d210b",
|
||
|
"indicator--562097b5-145c-476e-b74e-d06a950d210b",
|
||
|
"indicator--562097b5-73c4-4be4-b4dd-d06a950d210b",
|
||
|
"x-misp-attribute--562097c0-2068-4c5d-9614-d471950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--561d8647-3388-47b8-aad1-102e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-13T22:31:35.000Z",
|
||
|
"modified": "2015-10-13T22:31:35.000Z",
|
||
|
"first_observed": "2015-10-13T22:31:35Z",
|
||
|
"last_observed": "2015-10-13T22:31:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--561d8647-3388-47b8-aad1-102e950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--561d8647-3388-47b8-aad1-102e950d210b",
|
||
|
"value": "https://www.damballa.com/corebot-and-darknet/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--561d8650-ea88-4d5e-90a8-44d0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-13T22:31:44.000Z",
|
||
|
"modified": "2015-10-13T22:31:44.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Corebot"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-7df8-416f-88a0-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'mvwjg0knary23je.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-49b0-4cb9-bbdd-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'pkdejexati0o4yje.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-4108-4a1a-ad4f-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'o4oxqhwfy678y8o.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-ede8-40c4-94f0-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'e6a6mjqpapulcfm.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-5d50-4202-81a9-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '3narsbobmjm2oho278opyts.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-83ec-4589-b58d-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '3duboxe0mr3hef7nkxuj3jq.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-b320-4329-b149-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ihifg8u6etwpc0ktorc.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-4208-4c98-ace2-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'q4ydijevkvalgrm4o4a.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-d988-4dde-b1b5-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ypipclqtwtuvkxy.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-7554-45a5-b046-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '3jkd5papcfibqjwhipy.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-fa78-4094-8de5-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '16qvklkb3b58sfix54kf5lq.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-8dac-473e-9b50-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'qd3vkb38ydk814y0kbg.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-d0cc-4f4d-bdce-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'kdqjqd5ni0inct1fo2ub38w.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-1770-4d88-ac52-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ex5nah7ponkfq67.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-3d44-4a2b-a962-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'm83t7fi27b3ji0qrcxa.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-cbc8-4aa4-b399-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'klqvut5puxo6wral1xo.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-5e34-4437-8c09-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'wx3nmvo0o03x7pe.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-f4ec-4b9e-bab6-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'q0yfy052w2ihkjox1nsp5n3.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-bffc-4c96-b7ad-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'yvgxmrurslexuty.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-6014-4b92-bfae-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ehsni4523ro414k.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-d14c-4bd0-86d9-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'etsnmxe2gn3hwdq.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-4d10-4ce5-8380-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '3tax5vmj3bep18uh5xmr5p5.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-efe4-474f-846f-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'yt1ng6583vk8av5rwfy.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2eb8-4001-bbb7-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'oxy0qt16mfsfm23fgvo.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-d9c0-448d-9653-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'i8y45hqpcxud7pk2qhq.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-5e80-4178-becb-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ine2gxw4q4klmju.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-021c-4551-a654-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'o8s8i0qt74mjwbi.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-aa04-4e4b-adf8-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'qtidg8khe4mrwr567na.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-6768-4689-b526-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '1rot1ro05p5pc654ktuj74i.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-071c-4173-be14-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'wfe23x16e4khat5vgxo0s8s.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-9f64-4d10-ab2f-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '1vyrexifwt5rqpwvepm.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2744-41fb-943a-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'aj18k8kjobwxm6g.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-9494-47de-8f98-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'qh5datox3r76u8wjqnk.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-0374-4f7d-96a5-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'aryfk0e2cpmrynoj1n7b3r5.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2754-44f8-b36b-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'w6ujkjax343r1t3lq4o.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-3b30-4032-9c61-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '1x1te0o878iponovyja8m87.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-428c-45c7-9449-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '50cr587t3fur5xy6yvw4kxg.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-3b74-4677-9bc6-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'wlytono6mjedgl1ro41pcj7.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-345c-4e6d-b816-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'eb12yjkt58i07ninkt1.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-32bc-47e1-84b7-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'qvc8185616g2ivgf54a.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2e60-41d8-b82b-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = '70mdqloho0gjmxo6oxih1tg.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-22fc-4704-a3bb-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ub70705hu0enined52s.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2fd0-460d-9a58-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ap5todifwjspqp78kxs0e8k.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-2c3c-4881-908a-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'srg8sfw2afit1tw.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-1ee4-4e21-9fdc-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'ytq0olsbahc8ujwhuhs6m0a.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-244c-4b63-967f-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'k2aninsrc0mtqj3.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-13d4-44ab-a97a-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'e4w6irqxcj5p78c.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-f8d0-4c13-8964-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'e6eti6i4u2wfq83r1nq.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--562095df-fb74-46cf-97af-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:14:55.000Z",
|
||
|
"modified": "2015-10-16T06:14:55.000Z",
|
||
|
"description": "Suspended online shop",
|
||
|
"pattern": "[domain-name:value = 'btcshop.cc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:14:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209607-4a40-4ec8-aeb4-cc4e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:15:35.000Z",
|
||
|
"modified": "2015-10-16T06:15:35.000Z",
|
||
|
"pattern": "[file:name = 'activex.exe' AND file:hashes.MD5 = '3d6a32b20c66f268b03ec6e8521d6bf3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:15:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620962e-a298-464e-9d7a-4809950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:16:14.000Z",
|
||
|
"modified": "2015-10-16T06:16:14.000Z",
|
||
|
"pattern": "[url:value = 'incenzo-bardelli.com/activex/activex.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:16:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209642-bcb8-4a13-9498-d019950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:16:34.000Z",
|
||
|
"modified": "2015-10-16T06:16:34.000Z",
|
||
|
"pattern": "[url:value = '177.21.75.140/456/activex.exe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:16:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620964e-221c-4fe1-88d8-2adb950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:16:46.000Z",
|
||
|
"modified": "2015-10-16T06:16:46.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.21.75.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:16:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620966a-96d8-426e-aece-d029950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:17:14.000Z",
|
||
|
"modified": "2015-10-16T06:17:14.000Z",
|
||
|
"pattern": "[url:value = 'arijoputane.com/ldr/client.php?family=bank']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:17:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209690-55c0-4b92-ac57-d029950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:17:59.000Z",
|
||
|
"modified": "2015-10-16T06:17:59.000Z",
|
||
|
"pattern": "[file:name = 'poc.exe' AND file:hashes.MD5 = '3d6a32b20c66f268b03ec6e8521d6bf3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:17:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--562096db-7088-44c0-a313-c7cc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:19:07.000Z",
|
||
|
"modified": "2015-10-16T06:19:07.000Z",
|
||
|
"description": "We\u00e2\u20ac\u2122ve been monitoring the btcshop[.]cc infrastructure and its IP address in Poland \u00e2\u20ac\u201c 46.29.18[.]240.",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.29.18.240']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:19:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56209710-51dc-4b96-96d7-d037950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-04-15T18:53:37.000Z",
|
||
|
"modified": "2016-04-15T18:53:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Email registrant whois",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "drake.lampado777@gmail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56209711-57e4-4b59-bd01-d037950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-04-15T18:54:40.000Z",
|
||
|
"modified": "2016-04-15T18:54:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Email registrant whois",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "ismir.faruh@vfemail.net"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56209711-c024-44a4-9fb6-d037950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-04-15T18:54:27.000Z",
|
||
|
"modified": "2016-04-15T18:54:27.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Email registrant whois",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "mant@teleworm.us"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-e8bc-4cd4-babb-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'qfwd7x38abyje0mrormjyd5.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56209554-b83c-4561-a5ae-c74e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:12:36.000Z",
|
||
|
"modified": "2015-10-16T06:12:36.000Z",
|
||
|
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
|
||
|
"pattern": "[domain-name:value = 'i6shm0u0o2yhopu8ip1d5f3.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:12:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620974c-9548-4858-9197-4cf7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:21:00.000Z",
|
||
|
"modified": "2015-10-16T06:21:00.000Z",
|
||
|
"description": "The cybercriminals have also created a Darknet version to ensure they can still operate if the web version is taken down:",
|
||
|
"pattern": "[url:value = 'biwvi4oeyo4fflzr.onion']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:21:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620977e-2010-4191-9021-c7cc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:21:50.000Z",
|
||
|
"modified": "2015-10-16T06:21:50.000Z",
|
||
|
"description": "The domain names associated to this Online Crypter service are:",
|
||
|
"pattern": "[domain-name:value = 'cfud.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:21:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5620977e-ce50-4007-a577-c7cc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:21:50.000Z",
|
||
|
"modified": "2015-10-16T06:21:50.000Z",
|
||
|
"description": "The domain names associated to this Online Crypter service are:",
|
||
|
"pattern": "[domain-name:value = 'apyicrypt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:21:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--562097b5-145c-476e-b74e-d06a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:22:45.000Z",
|
||
|
"modified": "2015-10-16T06:22:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'vincenzo-bardelli.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:22:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--562097b5-73c4-4be4-b4dd-d06a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:22:45.000Z",
|
||
|
"modified": "2015-10-16T06:22:45.000Z",
|
||
|
"pattern": "[domain-name:value = '0xdead.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-10-16T06:22:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--562097c0-2068-4c5d-9614-d471950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-10-16T06:22:56.000Z",
|
||
|
"modified": "2015-10-16T06:22:56.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "We\u00e2\u20ac\u2122ve recently discussed Corebot malware and its possible ties to btcshop[.]cc, a site selling stolen data.\r\nToday, we have discovered more pieces of the puzzle: two more Corebot samples and an online crypt service."
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|