misp-circl-feed/feeds/circl/stix-2.1/561d8626-9214-404c-bc01-4b56950d210b.json

1722 lines
72 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--561d8626-9214-404c-bc01-4b56950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-15T18:54:40.000Z",
"modified": "2016-04-15T18:54:40.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--561d8626-9214-404c-bc01-4b56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-15T18:54:40.000Z",
"modified": "2016-04-15T18:54:40.000Z",
"name": "OSINT New Discovery: Ties Between Corebot and Darknet Crypt Service by Damballa",
"published": "2016-04-15T18:54:51Z",
"object_refs": [
"observed-data--561d8647-3388-47b8-aad1-102e950d210b",
"url--561d8647-3388-47b8-aad1-102e950d210b",
"x-misp-attribute--561d8650-ea88-4d5e-90a8-44d0950d210b",
"indicator--56209554-7df8-416f-88a0-c74e950d210b",
"indicator--56209554-49b0-4cb9-bbdd-c74e950d210b",
"indicator--56209554-4108-4a1a-ad4f-c74e950d210b",
"indicator--56209554-ede8-40c4-94f0-c74e950d210b",
"indicator--56209554-5d50-4202-81a9-c74e950d210b",
"indicator--56209554-83ec-4589-b58d-c74e950d210b",
"indicator--56209554-b320-4329-b149-c74e950d210b",
"indicator--56209554-4208-4c98-ace2-c74e950d210b",
"indicator--56209554-d988-4dde-b1b5-c74e950d210b",
"indicator--56209554-7554-45a5-b046-c74e950d210b",
"indicator--56209554-fa78-4094-8de5-c74e950d210b",
"indicator--56209554-8dac-473e-9b50-c74e950d210b",
"indicator--56209554-d0cc-4f4d-bdce-c74e950d210b",
"indicator--56209554-1770-4d88-ac52-c74e950d210b",
"indicator--56209554-3d44-4a2b-a962-c74e950d210b",
"indicator--56209554-cbc8-4aa4-b399-c74e950d210b",
"indicator--56209554-5e34-4437-8c09-c74e950d210b",
"indicator--56209554-f4ec-4b9e-bab6-c74e950d210b",
"indicator--56209554-bffc-4c96-b7ad-c74e950d210b",
"indicator--56209554-6014-4b92-bfae-c74e950d210b",
"indicator--56209554-d14c-4bd0-86d9-c74e950d210b",
"indicator--56209554-4d10-4ce5-8380-c74e950d210b",
"indicator--56209554-efe4-474f-846f-c74e950d210b",
"indicator--56209554-2eb8-4001-bbb7-c74e950d210b",
"indicator--56209554-d9c0-448d-9653-c74e950d210b",
"indicator--56209554-5e80-4178-becb-c74e950d210b",
"indicator--56209554-021c-4551-a654-c74e950d210b",
"indicator--56209554-aa04-4e4b-adf8-c74e950d210b",
"indicator--56209554-6768-4689-b526-c74e950d210b",
"indicator--56209554-071c-4173-be14-c74e950d210b",
"indicator--56209554-9f64-4d10-ab2f-c74e950d210b",
"indicator--56209554-2744-41fb-943a-c74e950d210b",
"indicator--56209554-9494-47de-8f98-c74e950d210b",
"indicator--56209554-0374-4f7d-96a5-c74e950d210b",
"indicator--56209554-2754-44f8-b36b-c74e950d210b",
"indicator--56209554-3b30-4032-9c61-c74e950d210b",
"indicator--56209554-428c-45c7-9449-c74e950d210b",
"indicator--56209554-3b74-4677-9bc6-c74e950d210b",
"indicator--56209554-345c-4e6d-b816-c74e950d210b",
"indicator--56209554-32bc-47e1-84b7-c74e950d210b",
"indicator--56209554-2e60-41d8-b82b-c74e950d210b",
"indicator--56209554-22fc-4704-a3bb-c74e950d210b",
"indicator--56209554-2fd0-460d-9a58-c74e950d210b",
"indicator--56209554-2c3c-4881-908a-c74e950d210b",
"indicator--56209554-1ee4-4e21-9fdc-c74e950d210b",
"indicator--56209554-244c-4b63-967f-c74e950d210b",
"indicator--56209554-13d4-44ab-a97a-c74e950d210b",
"indicator--56209554-f8d0-4c13-8964-c74e950d210b",
"indicator--562095df-fb74-46cf-97af-c74e950d210b",
"indicator--56209607-4a40-4ec8-aeb4-cc4e950d210b",
"indicator--5620962e-a298-464e-9d7a-4809950d210b",
"indicator--56209642-bcb8-4a13-9498-d019950d210b",
"indicator--5620964e-221c-4fe1-88d8-2adb950d210b",
"indicator--5620966a-96d8-426e-aece-d029950d210b",
"indicator--56209690-55c0-4b92-ac57-d029950d210b",
"indicator--562096db-7088-44c0-a313-c7cc950d210b",
"x-misp-attribute--56209710-51dc-4b96-96d7-d037950d210b",
"x-misp-attribute--56209711-57e4-4b59-bd01-d037950d210b",
"x-misp-attribute--56209711-c024-44a4-9fb6-d037950d210b",
"indicator--56209554-e8bc-4cd4-babb-c74e950d210b",
"indicator--56209554-b83c-4561-a5ae-c74e950d210b",
"indicator--5620974c-9548-4858-9197-4cf7950d210b",
"indicator--5620977e-2010-4191-9021-c7cc950d210b",
"indicator--5620977e-ce50-4007-a577-c7cc950d210b",
"indicator--562097b5-145c-476e-b74e-d06a950d210b",
"indicator--562097b5-73c4-4be4-b4dd-d06a950d210b",
"x-misp-attribute--562097c0-2068-4c5d-9614-d471950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--561d8647-3388-47b8-aad1-102e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-13T22:31:35.000Z",
"modified": "2015-10-13T22:31:35.000Z",
"first_observed": "2015-10-13T22:31:35Z",
"last_observed": "2015-10-13T22:31:35Z",
"number_observed": 1,
"object_refs": [
"url--561d8647-3388-47b8-aad1-102e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--561d8647-3388-47b8-aad1-102e950d210b",
"value": "https://www.damballa.com/corebot-and-darknet/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--561d8650-ea88-4d5e-90a8-44d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-13T22:31:44.000Z",
"modified": "2015-10-13T22:31:44.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Corebot"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-7df8-416f-88a0-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'mvwjg0knary23je.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-49b0-4cb9-bbdd-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'pkdejexati0o4yje.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-4108-4a1a-ad4f-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'o4oxqhwfy678y8o.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-ede8-40c4-94f0-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'e6a6mjqpapulcfm.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-5d50-4202-81a9-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '3narsbobmjm2oho278opyts.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-83ec-4589-b58d-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '3duboxe0mr3hef7nkxuj3jq.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-b320-4329-b149-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ihifg8u6etwpc0ktorc.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-4208-4c98-ace2-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'q4ydijevkvalgrm4o4a.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-d988-4dde-b1b5-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ypipclqtwtuvkxy.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-7554-45a5-b046-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '3jkd5papcfibqjwhipy.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-fa78-4094-8de5-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '16qvklkb3b58sfix54kf5lq.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-8dac-473e-9b50-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'qd3vkb38ydk814y0kbg.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-d0cc-4f4d-bdce-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'kdqjqd5ni0inct1fo2ub38w.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-1770-4d88-ac52-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ex5nah7ponkfq67.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-3d44-4a2b-a962-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'm83t7fi27b3ji0qrcxa.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-cbc8-4aa4-b399-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'klqvut5puxo6wral1xo.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-5e34-4437-8c09-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'wx3nmvo0o03x7pe.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-f4ec-4b9e-bab6-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'q0yfy052w2ihkjox1nsp5n3.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-bffc-4c96-b7ad-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'yvgxmrurslexuty.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-6014-4b92-bfae-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ehsni4523ro414k.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-d14c-4bd0-86d9-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'etsnmxe2gn3hwdq.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-4d10-4ce5-8380-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '3tax5vmj3bep18uh5xmr5p5.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-efe4-474f-846f-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'yt1ng6583vk8av5rwfy.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2eb8-4001-bbb7-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'oxy0qt16mfsfm23fgvo.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-d9c0-448d-9653-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'i8y45hqpcxud7pk2qhq.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-5e80-4178-becb-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ine2gxw4q4klmju.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-021c-4551-a654-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'o8s8i0qt74mjwbi.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-aa04-4e4b-adf8-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'qtidg8khe4mrwr567na.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-6768-4689-b526-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '1rot1ro05p5pc654ktuj74i.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-071c-4173-be14-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'wfe23x16e4khat5vgxo0s8s.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-9f64-4d10-ab2f-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '1vyrexifwt5rqpwvepm.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2744-41fb-943a-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'aj18k8kjobwxm6g.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-9494-47de-8f98-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'qh5datox3r76u8wjqnk.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-0374-4f7d-96a5-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'aryfk0e2cpmrynoj1n7b3r5.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2754-44f8-b36b-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'w6ujkjax343r1t3lq4o.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-3b30-4032-9c61-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '1x1te0o878iponovyja8m87.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-428c-45c7-9449-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '50cr587t3fur5xy6yvw4kxg.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-3b74-4677-9bc6-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'wlytono6mjedgl1ro41pcj7.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-345c-4e6d-b816-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'eb12yjkt58i07ninkt1.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-32bc-47e1-84b7-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'qvc8185616g2ivgf54a.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2e60-41d8-b82b-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = '70mdqloho0gjmxo6oxih1tg.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-22fc-4704-a3bb-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ub70705hu0enined52s.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2fd0-460d-9a58-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ap5todifwjspqp78kxs0e8k.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-2c3c-4881-908a-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'srg8sfw2afit1tw.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-1ee4-4e21-9fdc-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'ytq0olsbahc8ujwhuhs6m0a.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-244c-4b63-967f-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'k2aninsrc0mtqj3.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-13d4-44ab-a97a-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'e4w6irqxcj5p78c.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-f8d0-4c13-8964-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'e6eti6i4u2wfq83r1nq.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562095df-fb74-46cf-97af-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:14:55.000Z",
"modified": "2015-10-16T06:14:55.000Z",
"description": "Suspended online shop",
"pattern": "[domain-name:value = 'btcshop.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209607-4a40-4ec8-aeb4-cc4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:15:35.000Z",
"modified": "2015-10-16T06:15:35.000Z",
"pattern": "[file:name = 'activex.exe' AND file:hashes.MD5 = '3d6a32b20c66f268b03ec6e8521d6bf3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620962e-a298-464e-9d7a-4809950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:16:14.000Z",
"modified": "2015-10-16T06:16:14.000Z",
"pattern": "[url:value = 'incenzo-bardelli.com/activex/activex.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:16:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209642-bcb8-4a13-9498-d019950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:16:34.000Z",
"modified": "2015-10-16T06:16:34.000Z",
"pattern": "[url:value = '177.21.75.140/456/activex.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620964e-221c-4fe1-88d8-2adb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:16:46.000Z",
"modified": "2015-10-16T06:16:46.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.21.75.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:16:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620966a-96d8-426e-aece-d029950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:17:14.000Z",
"modified": "2015-10-16T06:17:14.000Z",
"pattern": "[url:value = 'arijoputane.com/ldr/client.php?family=bank']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209690-55c0-4b92-ac57-d029950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:17:59.000Z",
"modified": "2015-10-16T06:17:59.000Z",
"pattern": "[file:name = 'poc.exe' AND file:hashes.MD5 = '3d6a32b20c66f268b03ec6e8521d6bf3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:17:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562096db-7088-44c0-a313-c7cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:19:07.000Z",
"modified": "2015-10-16T06:19:07.000Z",
"description": "We\u00e2\u20ac\u2122ve been monitoring the btcshop[.]cc infrastructure and its IP address in Poland \u00e2\u20ac\u201c 46.29.18[.]240.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.29.18.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:19:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56209710-51dc-4b96-96d7-d037950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-15T18:53:37.000Z",
"modified": "2016-04-15T18:53:37.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Email registrant whois",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "drake.lampado777@gmail.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56209711-57e4-4b59-bd01-d037950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-15T18:54:40.000Z",
"modified": "2016-04-15T18:54:40.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Email registrant whois",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "ismir.faruh@vfemail.net"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56209711-c024-44a4-9fb6-d037950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-04-15T18:54:27.000Z",
"modified": "2016-04-15T18:54:27.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Email registrant whois",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "mant@teleworm.us"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-e8bc-4cd4-babb-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'qfwd7x38abyje0mrormjyd5.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56209554-b83c-4561-a5ae-c74e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:12:36.000Z",
"modified": "2015-10-16T06:12:36.000Z",
"description": "Domain generated with 3d6a32b20c66f268b03ec6e8521d6bf3 on Sept 21st 2015",
"pattern": "[domain-name:value = 'i6shm0u0o2yhopu8ip1d5f3.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:12:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620974c-9548-4858-9197-4cf7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:21:00.000Z",
"modified": "2015-10-16T06:21:00.000Z",
"description": "The cybercriminals have also created a Darknet version to ensure they can still operate if the web version is taken down:",
"pattern": "[url:value = 'biwvi4oeyo4fflzr.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:21:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620977e-2010-4191-9021-c7cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:21:50.000Z",
"modified": "2015-10-16T06:21:50.000Z",
"description": "The domain names associated to this Online Crypter service are:",
"pattern": "[domain-name:value = 'cfud.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:21:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5620977e-ce50-4007-a577-c7cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:21:50.000Z",
"modified": "2015-10-16T06:21:50.000Z",
"description": "The domain names associated to this Online Crypter service are:",
"pattern": "[domain-name:value = 'apyicrypt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:21:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562097b5-145c-476e-b74e-d06a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:22:45.000Z",
"modified": "2015-10-16T06:22:45.000Z",
"pattern": "[domain-name:value = 'vincenzo-bardelli.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--562097b5-73c4-4be4-b4dd-d06a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:22:45.000Z",
"modified": "2015-10-16T06:22:45.000Z",
"pattern": "[domain-name:value = '0xdead.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-16T06:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--562097c0-2068-4c5d-9614-d471950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-16T06:22:56.000Z",
"modified": "2015-10-16T06:22:56.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "We\u00e2\u20ac\u2122ve recently discussed Corebot malware and its possible ties to btcshop[.]cc, a site selling stolen data.\r\nToday, we have discovered more pieces of the puzzle: two more Corebot samples and an online crypt service."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}