misp-circl-feed/feeds/circl/stix-2.1/5bb5d045-acf8-42ac-97ce-45c5950d210f.json

3379 lines
143 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5bb5d045-acf8-42ac-97ce-45c5950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T09:01:50.000Z",
"modified": "2018-10-04T09:01:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bb5d045-acf8-42ac-97ce-45c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T09:01:50.000Z",
"modified": "2018-10-04T09:01:50.000Z",
"name": "OSINT - Indicators of Compromise for Malware used by APT28",
"published": "2018-10-04T09:03:37Z",
"object_refs": [
"observed-data--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f",
"url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f",
"indicator--5bb5d166-9890-499a-a671-c4b3950d210f",
"indicator--5bb5d167-d8ac-415a-9ca1-c4b3950d210f",
"indicator--5bb5d167-81c4-4f97-b256-c4b3950d210f",
"indicator--5bb5d169-71cc-4869-ae98-c4b3950d210f",
"indicator--5bb5d169-16d8-4961-aa8b-c4b3950d210f",
"indicator--5bb5d16a-a108-4237-b8a8-c4b3950d210f",
"indicator--5bb5d16a-f3cc-4ca9-80d9-c4b3950d210f",
"indicator--5bb5d16a-2780-4012-a411-c4b3950d210f",
"indicator--5bb5d16b-b5d0-47fe-824c-c4b3950d210f",
"indicator--5bb5d16b-bf50-4cea-b981-c4b3950d210f",
"indicator--5bb5d16c-4910-4922-8e60-c4b3950d210f",
"indicator--5bb5d16c-d10c-4be3-a955-c4b3950d210f",
"indicator--5bb5d16d-cf00-4e63-91b3-c4b3950d210f",
"indicator--5bb5d16d-a53c-4321-9eea-c4b3950d210f",
"indicator--5bb5d16e-b670-42a3-add0-c4b3950d210f",
"indicator--5bb5d1ca-3df4-4822-bd62-c1ce950d210f",
"indicator--5bb5d1cb-d934-4924-986f-c1ce950d210f",
"indicator--5bb5d1cc-ee40-470d-b092-c1ce950d210f",
"indicator--5bb5d1cc-c3f0-472c-b8d5-c1ce950d210f",
"indicator--5bb5d1cc-0d70-47be-8c1f-c1ce950d210f",
"indicator--5bb5d1cd-6ee0-4029-9050-c1ce950d210f",
"indicator--5bb5d1cd-57f8-46ca-a83c-c1ce950d210f",
"indicator--5bb5d1ce-df28-4687-b97a-c1ce950d210f",
"indicator--5bb5d1ce-ffa0-4a69-a827-c1ce950d210f",
"indicator--5bb5d1cf-6d5c-4f9a-90a7-c1ce950d210f",
"indicator--5bb5d1cf-9f9c-4d21-bbba-c1ce950d210f",
"indicator--5bb5d1d0-5b5c-4074-bf11-c1ce950d210f",
"indicator--5bb5d1d2-2464-4f9b-95e5-c1ce950d210f",
"indicator--5bb5d1d6-b204-48ce-a655-c1ce950d210f",
"indicator--5bb5d1d7-333c-4291-9538-c1ce950d210f",
"indicator--5bb5d1d7-0da4-4af0-a0e6-c1ce950d210f",
"indicator--5bb5d1d8-73d0-4aaf-a912-c1ce950d210f",
"indicator--5bb5d1d8-09c0-4dcc-b662-c1ce950d210f",
"indicator--5bb5d1d9-6a78-4e6c-b5a1-c1ce950d210f",
"indicator--5bb5d1d9-f01c-43c8-9798-c1ce950d210f",
"indicator--5bb5d1da-c230-40cc-9174-c1ce950d210f",
"indicator--5bb5d1da-2c88-46f0-9d33-c1ce950d210f",
"indicator--5bb5d1db-13ac-464b-93e9-c1ce950d210f",
"indicator--5bb5d1db-2e8c-4af8-bcfe-c1ce950d210f",
"indicator--5bb5d1db-a804-4da6-8a19-c1ce950d210f",
"indicator--5bb5d1dc-b4cc-4d04-8b28-c1ce950d210f",
"indicator--5bb5d1dc-3a0c-44a2-95c1-c1ce950d210f",
"indicator--5bb5d1dd-0614-4c6f-bf02-c1ce950d210f",
"indicator--5bb5d1dd-8474-4dfc-938c-c1ce950d210f",
"indicator--5bb5d1de-7174-4cc8-9a17-c1ce950d210f",
"indicator--5bb5d1de-54c0-43e9-8dc3-c1ce950d210f",
"indicator--5bb5d1df-3b1c-44e7-90b8-c1ce950d210f",
"indicator--5bb5d1df-699c-40dc-b6d5-c1ce950d210f",
"indicator--5bb5d1e0-9604-4c74-849c-c1ce950d210f",
"indicator--5bb5d1e0-2504-4112-88f4-c1ce950d210f",
"indicator--5bb5d1e0-29d8-4e71-bec6-c1ce950d210f",
"indicator--5bb5d1e1-111c-4871-99e8-c1ce950d210f",
"indicator--5bb5d1e4-b89c-4cf8-84d5-c1ce950d210f",
"indicator--5bb5d1e6-e000-49f7-a4ee-c1ce950d210f",
"indicator--5bb5d1e7-e364-4e33-ba48-c1ce950d210f",
"indicator--5bb5d1e8-2464-4d1e-87bd-c1ce950d210f",
"indicator--5bb5d1e8-a384-4de3-805c-c1ce950d210f",
"indicator--5bb5d1e9-567c-45b7-9103-c1ce950d210f",
"indicator--5bb5d244-d7ac-487b-acb8-347d950d210f",
"indicator--5bb5d25b-fbc8-4a6b-9fb8-ef06950d210f",
"indicator--5bb5d27b-901c-4bdb-90f8-c448950d210f",
"indicator--5bb5d2f9-3b6c-4b33-a7ef-c472950d210f",
"indicator--5bb5d2fa-72e4-4f7e-b41d-c472950d210f",
"indicator--5bb5d2fa-5c08-4396-b9cd-c472950d210f",
"indicator--5bb5d2fa-ea80-4f30-99fe-c472950d210f",
"indicator--5bb5d329-86c4-44ba-bf2a-c1ce950d210f",
"indicator--5bb5d329-b624-414f-b52d-c1ce950d210f",
"indicator--5bb5d32c-6704-4d4f-99e8-c1ce950d210f",
"indicator--5bb5d32d-6c70-44bf-87af-c1ce950d210f",
"indicator--5bb5d32d-ef70-4882-ac34-c1ce950d210f",
"indicator--5bb5d32e-2f2c-473d-809a-c1ce950d210f",
"indicator--5bb5d330-9880-45a6-af27-c1ce950d210f",
"indicator--5bb5d331-46c0-4bcc-9db4-c1ce950d210f",
"indicator--5bb5d331-7ce0-4875-aea8-c1ce950d210f",
"indicator--5bb5d331-e3e0-4d37-a87b-c1ce950d210f",
"indicator--5bb5d332-55a0-47ca-97c0-c1ce950d210f",
"indicator--5bb5d332-4c88-48ba-b4da-c1ce950d210f",
"indicator--5bb5d333-90b8-42a7-b2dd-c1ce950d210f",
"indicator--5bb5d333-2b4c-447e-a336-c1ce950d210f",
"indicator--5bb5d334-b85c-4214-a3f9-c1ce950d210f",
"indicator--5bb5d334-0ffc-4ccd-8dca-c1ce950d210f",
"indicator--5bb5d335-40c0-45df-9473-c1ce950d210f",
"indicator--5bb5d335-6358-408b-bbd9-c1ce950d210f",
"indicator--5bb5d378-41b4-4b13-a739-c1cf950d210f",
"indicator--5bb5d3a6-3140-4a82-88ee-ef05950d210f",
"indicator--5bb5d3c9-dfa4-4e25-a4f1-c1bd950d210f",
"indicator--5bb5d3cf-c108-4b0b-bcce-c1bd950d210f",
"indicator--5bb5d3d1-de18-4c22-b9fa-c1bd950d210f",
"indicator--5bb5d3d4-8ef4-4288-8c7a-c1bd950d210f",
"indicator--5bb5d3db-3010-4743-9545-c1bd950d210f",
"indicator--5bb5d3dd-0bd4-4c9c-8b2e-c1bd950d210f",
"indicator--5bb5d43c-dbac-4b0b-8b1d-c1bd950d210f",
"indicator--5bb5d43f-ea80-4cac-a371-c1bd950d210f",
"indicator--5bb5d47b-2248-4fe5-9cde-c472950d210f",
"indicator--5bb5d47e-d378-4536-8004-c472950d210f",
"indicator--5bb5d480-a5a8-471d-986f-c472950d210f",
"indicator--5bb5d484-8ae8-47e3-b684-c472950d210f",
"indicator--5bb5d486-c108-438c-81ac-c472950d210f",
"indicator--5bb5d48f-2934-46d2-a216-c472950d210f",
"indicator--5bb5d4c5-272c-4e74-9c60-fa9a950d210f",
"indicator--5bb5d500-7ee4-45c6-bd0c-c4b1950d210f",
"indicator--5bb5d503-ac48-47ee-af45-c4b1950d210f",
"indicator--5bb5d518-6338-482f-a79c-c448950d210f",
"indicator--caa8d31d-eb67-43f6-8999-5509553133ec",
"x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991",
"indicator--485ae42f-750e-4236-a90f-160868391c0b",
"x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988",
"indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd",
"x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288",
"indicator--0bd5f889-77cf-401b-a393-461130ea63de",
"x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c",
"indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446",
"x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d",
"indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f",
"x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6",
"indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569",
"x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b",
"indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4",
"x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf",
"indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4",
"x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f",
"indicator--a48848a5-0b95-4b22-a285-de582b5e4213",
"x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c",
2023-12-14 14:30:15 +00:00
"relationship--a4d24152-f18d-42f3-9404-a09dd6d28863",
"relationship--6ca06ca1-33a7-4203-ad8e-1d6b420a0814",
"relationship--365e2dd4-dcb2-43a8-8fe8-0feb527035ec",
"relationship--bc3def28-50c4-4438-93ac-86f604ef8216",
"relationship--b8160e2d-15cd-4a1d-9070-d0d9dd88a716",
"relationship--1a798611-1b9c-4648-b68b-20cceac29e24",
"relationship--260a1904-f88d-4223-8c0c-87574e07a6c8",
"relationship--5c12bdc2-76a2-4a11-9f10-e646a785c5ea",
"relationship--7149954c-13e9-477a-a0ac-1d9e8d15a5af",
"relationship--b8ab9ecf-f6c9-4bc0-9736-9482afa6c23b"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"misp-galaxy:tool=\"X-Tunnel\"",
"misp-galaxy:tool=\"X-Agent\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"first_observed": "2018-10-04T08:42:57Z",
"last_observed": "2018-10-04T08:42:57Z",
"number_observed": 1,
"object_refs": [
"url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f",
"value": "https://www.ncsc.gov.uk/alerts/indicators-compromise-malware-used-apt28"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d166-9890-499a-a671-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.5.177.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d167-d8ac-415a-9ca1-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.255.6.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d167-81c4-4f97-b256-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d169-71cc-4869-ae98-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.131.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d169-16d8-4961-aa8b-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.5.177.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16a-a108-4237-b8a8-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16a-f3cc-4ca9-80d9-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16a-2780-4012-a411-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.129.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16b-b5d0-47fe-824c-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'malaytravelgroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16b-bf50-4cea-b981-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'worldimagebucket.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16c-4910-4922-8e60-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'fundseats.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16c-d10c-4be3-a955-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'globaltechengineers.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16d-cf00-4e63-91b3-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'beststreammusic.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16d-a53c-4321-9eea-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'thepiratecinemaclub.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d16e-b670-42a3-add0-c4b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'coindmarket.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1ca-3df4-4822-bd62-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cb-d934-4924-986f-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cc-ee40-470d-b092-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cc-c3f0-472c-b8d5-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.150.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cc-0d70-47be-8c1f-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.37.255.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cd-6ee0-4029-9050-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:39:41.000Z",
"modified": "2018-10-04T08:39:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.12.50.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:39:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cd-57f8-46ca-a83c-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.128.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1ce-df28-4687-b97a-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.144.83.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1ce-ffa0-4a69-a827-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.216.35.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cf-6d5c-4f9a-90a7-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.192.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1cf-9f9c-4d21-bbba-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.216.35.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d0-5b5c-4074-bf11-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.253.41.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d2-2464-4f9b-95e5-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.189.112.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d6-b204-48ce-a655-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.230.124.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d7-333c-4291-9538-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.120.254.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d7-0da4-4af0-a0e6-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:39:51.000Z",
"modified": "2018-10-04T08:39:51.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.81.98.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d8-73d0-4aaf-a912-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d8-09c0-4dcc-b662-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d9-6a78-4e6c-b5a1-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.208.86.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1d9-f01c-43c8-9798-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.128.24.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1da-c230-40cc-9174-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '145.239.67.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1da-2c88-46f0-9d33-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.210.219.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1db-13ac-464b-93e9-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.9.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1db-2e8c-4af8-bcfe-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'creekcounty.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1db-a804-4da6-8a19-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'virtsvc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1dc-b4cc-4d04-8b28-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'moderntips.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1dc-3a0c-44a2-95c1-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'daysheduler.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1dd-0614-4c6f-bf02-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'escochart.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1dd-8474-4dfc-938c-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'loungecinemaclub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1de-7174-4cc8-9a17-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'genericnetworkaddress.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1de-54c0-43e9-8dc3-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'bulgariatripholidays.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1df-3b1c-44e7-90b8-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'georgia-travel.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1df-699c-40dc-b6d5-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'bbcweather.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e0-9604-4c74-849c-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'politicweekend.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e0-2504-4112-88f4-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'truefashionnews.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e0-29d8-4e71-bec6-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'protonhardstorage.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e1-111c-4871-99e8-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'moldtravelgroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e4-b89c-4cf8-84d5-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'iboxmit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e6-e000-49f7-a4ee-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'brownvelocity.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e7-e364-4e33-ba48-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'pointtk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e8-2464-4d1e-87bd-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'narrowpass.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e8-a384-4de3-805c-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'powernoderesources.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d1e9-567c-45b7-9103-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[domain-name:value = 'topcinemaclub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d244-d7ac-487b-acb8-347d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg: \"XAgent Beacon\"; content:\"HTTP/1.1|0d 0a|Accept|3a|text/html,application/xhtml+xml,application/xml|3b|q=0.9,*\";!\"Host|3a| yandex.ru\";; pcre: \"/^(?:GET|POST)\\ /(?:watch|search|find|results|open|search|close)\\/\\?(?:text=|from=|aq=|ai=|ags=|oe=|btnG=|oprnd=|utm=|channel=|itwm=)/\";)]",
"pattern_type": "snort",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d25b-fbc8-4a6b-9fb8-ef06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg:: \"XAgent itwm beacon v1\"; content:\"/?itwm\"; fast_pattern; pcre: \"/itwm=[A-Za-z0-9\\-\\_]{29,35}/\";)]",
"pattern_type": "snort",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d27b-901c-4bdb-90f8-c448950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:42:57.000Z",
"modified": "2018-10-04T08:42:57.000Z",
"description": "X-Agent",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg:: \"XAgent itwm beacon v2\"; content:\"&itwm\"; fast_pattern; pcre: \"/&itwm=[A-Za-z0-9\\-\\_]{29,35}/\";)]",
"pattern_type": "snort",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2018-10-04T08:42:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d2f9-3b6c-4b33-a7ef-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:44:41.000Z",
"modified": "2018-10-04T08:44:41.000Z",
"description": "X-Agent - chost.exe",
"pattern": "[file:hashes.SHA1 = '46e2957e699fae6de1a212dd98ba4e2bb969497d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:44:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d2fa-72e4-4f7e-b41d-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:44:42.000Z",
"modified": "2018-10-04T08:44:42.000Z",
"description": "X-Agent - msoutlook.dll",
"pattern": "[file:hashes.SHA1 = 'c53930772beb2779d932655d6c3de5548810af3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:44:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d2fa-5c08-4396-b9cd-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:44:42.000Z",
"modified": "2018-10-04T08:44:42.000Z",
"description": "X-Agent - Samp_(16).file",
"pattern": "[file:hashes.SHA1 = 'fa695e88c87843ca0ba9fc04b176899ff90e9ac5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:44:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d2fa-ea80-4f30-99fe-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:44:42.000Z",
"modified": "2018-10-04T08:44:42.000Z",
"description": "X-Agent - outlook.dll",
"pattern": "[file:hashes.SHA1 = '046a8adc2ef0f68107e96babc59f41b6f0a57803']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:44:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d329-86c4-44ba-bf2a-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:29.000Z",
"modified": "2018-10-04T08:45:29.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.151.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d329-b624-414f-b52d-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:29.000Z",
"modified": "2018-10-04T08:45:29.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d32c-6704-4d4f-99e8-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:32.000Z",
"modified": "2018-10-04T08:45:32.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d32d-6c70-44bf-87af-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:33.000Z",
"modified": "2018-10-04T08:45:33.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.208.10.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d32d-ef70-4882-ac34-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:33.000Z",
"modified": "2018-10-04T08:45:33.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.151.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d32e-2f2c-473d-809a-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:34.000Z",
"modified": "2018-10-04T08:45:34.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.149.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d330-9880-45a6-af27-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:36.000Z",
"modified": "2018-10-04T08:45:36.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.131.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d331-46c0-4bcc-9db4-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:37.000Z",
"modified": "2018-10-04T08:45:37.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.201']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d331-7ce0-4875-aea8-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:37.000Z",
"modified": "2018-10-04T08:45:37.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.43.158.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d331-e3e0-4d37-a87b-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:37.000Z",
"modified": "2018-10-04T08:45:37.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.204.124.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d332-55a0-47ca-97c0-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:38.000Z",
"modified": "2018-10-04T08:45:38.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d332-4c88-48ba-b4da-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:38.000Z",
"modified": "2018-10-04T08:45:38.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.183.107.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d333-90b8-42a7-b2dd-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:39.000Z",
"modified": "2018-10-04T08:45:39.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.191.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d333-2b4c-447e-a336-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:39.000Z",
"modified": "2018-10-04T08:45:39.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d334-b85c-4214-a3f9-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:40.000Z",
"modified": "2018-10-04T08:45:40.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.37.104.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d334-0ffc-4ccd-8dca-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:40.000Z",
"modified": "2018-10-04T08:45:40.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.113.131.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d335-40c0-45df-9473-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:41.000Z",
"modified": "2018-10-04T08:45:41.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.129.121']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d335-6358-408b-bbd9-c1ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:45:41.000Z",
"modified": "2018-10-04T08:45:41.000Z",
"description": "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.128.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:45:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d378-41b4-4b13-a739-c1cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:46:48.000Z",
"modified": "2018-10-04T08:46:48.000Z",
"description": "The Snort rule provided may detect false positives due to CompuTrace/Lojack being legitimate software. The NCSC highly recommend 4 of 8network administrators assess their environment for the presence of CompuTrace/Lojack and adjust the signatures accordingly to exclude the legitimate use of CompuTrace.",
"pattern": "[alert tcp any any <> any any (flow: established; msg: \"APT28 -CompuTrace_Beacon_UserAgent\"; content: \"|0d0a|TagId|3a| \";fast_pattern; content: \"POST / \"; content:!\"namequery.com\";content:!\"Host: 209.53.113.\"; content:!\"dnssearch.org\";content:!\"Cookie:\"; content:!\"fnbcorporate.co.za\";content:!\"207.6.98.\"; pcre: \"/Mozilla\\/[0-9]{1,2}.[0-9]{1,2}\\(compatible\\; MSIE [0-9]{1,2}.[0-9]{1,2}\\;\\)\\x0d\\x0a/\";)]",
"pattern_type": "snort",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2018-10-04T08:46:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3a6-3140-4a82-88ee-ef05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:47:34.000Z",
"modified": "2018-10-04T08:47:34.000Z",
"description": "SHA-1 hash of a CompuTrace file used by APT28 - filename dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55dll",
"pattern": "[file:hashes.SHA1 = 'd70db6a6d660aae58ccfc688a2890391fd873bfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:47:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3c9-dfa4-4e25-a4f1-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:59.000Z",
"modified": "2018-10-04T08:48:59.000Z",
"description": "XTUNNEL - picturecrawling.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.163.0.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3cf-c108-4b0b-bcce-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:15.000Z",
"modified": "2018-10-04T08:48:15.000Z",
"description": "XTUNNEL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3d1-de18-4c22-b9fa-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:17.000Z",
"modified": "2018-10-04T08:48:17.000Z",
"description": "XTUNNEL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.149.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3d4-8ef4-4288-8c7a-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:20.000Z",
"modified": "2018-10-04T08:48:20.000Z",
"description": "XTUNNEL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.145.128.80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3db-3010-4743-9545-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:27.000Z",
"modified": "2018-10-04T08:48:27.000Z",
"description": "XTUNNEL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.37.226.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d3dd-0bd4-4c9c-8b2e-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:48:29.000Z",
"modified": "2018-10-04T08:48:29.000Z",
"description": "XTUNNEL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.238']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:48:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d43c-dbac-4b0b-8b1d-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:50:04.000Z",
"modified": "2018-10-04T08:50:04.000Z",
"description": "gpu.dll - XTUNNEL",
"pattern": "[file:hashes.MD5 = '8dbe37dfb0d498f96fb7f1e09e9e5c8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:50:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d43f-ea80-4cac-a371-c1bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:50:07.000Z",
"modified": "2018-10-04T08:50:07.000Z",
"description": "lncstnt.exe - XTUNNEL",
"pattern": "[file:hashes.MD5 = '5086989639aed17227b8d6b041ef3163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:50:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d47b-2248-4fe5-9cde-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:07.000Z",
"modified": "2018-10-04T08:51:07.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.111.243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d47e-d378-4536-8004-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:10.000Z",
"modified": "2018-10-04T08:51:10.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.104.21.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d480-a5a8-471d-986f-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:12.000Z",
"modified": "2018-10-04T08:51:12.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.241.68.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d484-8ae8-47e3-b684-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:16.000Z",
"modified": "2018-10-04T08:51:16.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d486-c108-438c-81ac-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:18.000Z",
"modified": "2018-10-04T08:51:18.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d48f-2934-46d2-a216-c472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:51:27.000Z",
"modified": "2018-10-04T08:51:27.000Z",
"description": "following IP addresses have been used for ZEBROCY victim communications",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.124.132.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:51:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d4c5-272c-4e74-9c60-fa9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:52:21.000Z",
"modified": "2018-10-04T08:52:21.000Z",
"description": "ZEBROCY victim communication",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg: \"APT28 - Web/request -FILE- content-type\"; content: \"-FILE-\"; pcre: \"/[A-Z0-9\\-]{16}-FILE-[^\\r\\n]+.tmp/\"]",
"pattern_type": "snort",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2018-10-04T08:52:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d500-7ee4-45c6-bd0c-c4b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:53:20.000Z",
"modified": "2018-10-04T08:53:20.000Z",
"description": "ZEBROCY file",
"pattern": "[file:hashes.SHA1 = '913ac13ff245baeff843a99dc2cbc1ff5f8c025c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:53:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d503-ac48-47ee-af45-c4b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:53:23.000Z",
"modified": "2018-10-04T08:53:23.000Z",
"description": "ZEBROCY file",
"pattern": "[file:hashes.SHA1 = 'b758c7775d9bcdc0473fc2e738b32f05b464b175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:53:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bb5d518-6338-482f-a79c-c448950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:53:44.000Z",
"modified": "2018-10-04T08:53:44.000Z",
"description": "UpnP Error Handler",
"pattern": "[file:hashes.SHA1 = '3e7dfe9a8d5955a825cb51cb6eec0cd07c569b41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:53:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--caa8d31d-eb67-43f6-8999-5509553133ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:55:27.000Z",
"modified": "2018-10-04T08:55:27.000Z",
"pattern": "[file:hashes.MD5 = '5086989639aed17227b8d6b041ef3163' AND file:hashes.SHA1 = '5fa9f62b9616849e1f23ae3582f7d72eff030768' AND file:hashes.SHA256 = 'c5f8236e578a2b877fe538b2ef6f4aeceeb1b9cb73bba4d02fd368a5eb85cfab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:55:35.000Z",
"modified": "2018-10-04T08:55:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-21T16:46:48",
"category": "Other",
"uuid": "6223a185-c824-4867-a415-02ecf1749930"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c5f8236e578a2b877fe538b2ef6f4aeceeb1b9cb73bba4d02fd368a5eb85cfab/analysis/1537548408/",
"category": "External analysis",
"uuid": "b8dfbb91-e70f-4d1d-b69f-068f90e5409e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/64",
"category": "Other",
"uuid": "f4b84a8a-267d-4055-83ed-6bb5df945245"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--485ae42f-750e-4236-a90f-160868391c0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:55:47.000Z",
"modified": "2018-10-04T08:55:47.000Z",
"pattern": "[file:hashes.MD5 = '8dbe37dfb0d498f96fb7f1e09e9e5c8f' AND file:hashes.SHA1 = '4c1f39ae7ac7cafc3554790b0d3cdc0136dc43d2' AND file:hashes.SHA256 = 'fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:55:56.000Z",
"modified": "2018-10-04T08:55:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-24T12:43:53",
"category": "Other",
"uuid": "e05a496d-23ad-431f-9c3c-c7ad8b72c262"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a/analysis/1537793033/",
"category": "External analysis",
"uuid": "3681b6d3-8233-42cb-b947-5ec748df0093"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/66",
"category": "Other",
"uuid": "4a94b98c-18f3-43d2-87d2-5c0c83bd195b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:09.000Z",
"modified": "2018-10-04T08:56:09.000Z",
"pattern": "[file:hashes.MD5 = '10036063be45f92a9a743425fbf5abc7' AND file:hashes.SHA1 = 'd70db6a6d660aae58ccfc688a2890391fd873bfb' AND file:hashes.SHA256 = '3f48dbbf86f29e01809550f4272a894ff4b09bd48b0637bd6745db84d2cec2b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:18.000Z",
"modified": "2018-10-04T08:56:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-04T03:26:52",
"category": "Other",
"uuid": "1d1dcb0e-2b06-4bc5-a54f-71b6903a983a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3f48dbbf86f29e01809550f4272a894ff4b09bd48b0637bd6745db84d2cec2b6/analysis/1538623612/",
"category": "External analysis",
"uuid": "b98a15e8-cce7-4837-ac91-ad987e0c4628"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/67",
"category": "Other",
"uuid": "cef987d3-50f2-441d-9432-25bd46fe2aa9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bd5f889-77cf-401b-a393-461130ea63de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:29.000Z",
"modified": "2018-10-04T08:56:29.000Z",
"pattern": "[file:hashes.MD5 = 'd29899195c604f0615885bc6c2fdf7a8' AND file:hashes.SHA1 = 'fa695e88c87843ca0ba9fc04b176899ff90e9ac5' AND file:hashes.SHA256 = '86a588672837afdc1900ad9e78c7d0ae7a842bdd972dbdc5bdff2574a37f5acc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:34.000Z",
"modified": "2018-10-04T08:56:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-27T00:32:44",
"category": "Other",
"uuid": "49596d84-c139-4047-b2ef-cce2037c1751"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/86a588672837afdc1900ad9e78c7d0ae7a842bdd972dbdc5bdff2574a37f5acc/analysis/1532651564/",
"category": "External analysis",
"uuid": "af68e965-cc52-439f-a26b-e179ad304d05"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/61",
"category": "Other",
"uuid": "0441ed29-7eb2-4777-a467-ca297b1c6789"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:46.000Z",
"modified": "2018-10-04T08:56:46.000Z",
"pattern": "[file:hashes.MD5 = 'fc0cb1dbab4bc6504e644f311d9bb4a1' AND file:hashes.SHA1 = 'c53930772beb2779d932655d6c3de5548810af3d' AND file:hashes.SHA256 = 'a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:56:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:56:54.000Z",
"modified": "2018-10-04T08:56:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-03T09:59:52",
"category": "Other",
"uuid": "c1ff0d67-f8df-497f-95b6-2ffd6bf7176e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402/analysis/1530611992/",
"category": "External analysis",
"uuid": "02324d5a-0a2a-4a8f-b65e-cf774956dddd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/65",
"category": "Other",
"uuid": "5e788972-1d3d-4b9a-95f7-3fb76db9715d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:04.000Z",
"modified": "2018-10-04T08:57:04.000Z",
"pattern": "[file:hashes.MD5 = 'b50640a28a1d4f2acdce93adf2ea326c' AND file:hashes.SHA1 = 'b758c7775d9bcdc0473fc2e738b32f05b464b175' AND file:hashes.SHA256 = '2b19497db8cb05cd3d22996efe5af8eac0f2ea51e80f606b7b8a79dfaa2f58e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:10.000Z",
"modified": "2018-10-04T08:57:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-11T00:23:21",
"category": "Other",
"uuid": "37ca8cc3-2a4e-4acc-8f95-3411382dc8b0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2b19497db8cb05cd3d22996efe5af8eac0f2ea51e80f606b7b8a79dfaa2f58e2/analysis/1536625401/",
"category": "External analysis",
"uuid": "81ac484b-e234-4312-bb47-ded2265b8b8e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/68",
"category": "Other",
"uuid": "f29b012f-ca21-41b2-9b40-6697832b2a12"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:25.000Z",
"modified": "2018-10-04T08:57:25.000Z",
"pattern": "[file:hashes.MD5 = '4fa6cd01571905b9c7c8fc9a359b655e' AND file:hashes.SHA1 = '46e2957e699fae6de1a212dd98ba4e2bb969497d' AND file:hashes.SHA256 = 'b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:57:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:32.000Z",
"modified": "2018-10-04T08:57:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-04T10:08:34",
"category": "Other",
"uuid": "cdaedd02-5290-470f-b143-be59989f1464"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6/analysis/1536055714/",
"category": "External analysis",
"uuid": "34363d3f-d54e-41ed-9dfe-4ba2b8b9214b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/65",
"category": "Other",
"uuid": "212837d3-8b9c-4da8-b2ba-0cee22d2760a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:48.000Z",
"modified": "2018-10-04T08:57:48.000Z",
"pattern": "[file:hashes.MD5 = '961e79a33f432ea96d2c8bf9eb010006' AND file:hashes.SHA1 = '913ac13ff245baeff843a99dc2cbc1ff5f8c025c' AND file:hashes.SHA256 = 'a15a4e21fe3b06870d52f7383ef45e4ac0dde727b02b3d340f0ba6346b43add1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:57:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:57:57.000Z",
"modified": "2018-10-04T08:57:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-03T17:22:50",
"category": "Other",
"uuid": "4c862a8c-164a-4e20-beac-21a28e57f450"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a15a4e21fe3b06870d52f7383ef45e4ac0dde727b02b3d340f0ba6346b43add1/analysis/1538587370/",
"category": "External analysis",
"uuid": "3c5c3a4d-27ce-40af-8115-b07e34311568"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/68",
"category": "Other",
"uuid": "44a8fce4-4591-47c1-a599-0ff5195b2167"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:58:11.000Z",
"modified": "2018-10-04T08:58:11.000Z",
"pattern": "[file:hashes.MD5 = '809cbf6cfded8d571d20fe27d6cf91f9' AND file:hashes.SHA1 = '046a8adc2ef0f68107e96babc59f41b6f0a57803' AND file:hashes.SHA256 = '001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:58:17.000Z",
"modified": "2018-10-04T08:58:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-21T12:27:14",
"category": "Other",
"uuid": "ecf40020-4547-44fb-8bd8-b0294caa709a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d/analysis/1529584034/",
"category": "External analysis",
"uuid": "388a0d75-ae89-475d-af6f-2d1e1c741581"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"uuid": "e1c92c53-6e9a-41c2-9b7d-c0b75c75ed20"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a48848a5-0b95-4b22-a285-de582b5e4213",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:58:31.000Z",
"modified": "2018-10-04T08:58:31.000Z",
"pattern": "[file:hashes.MD5 = 'be6f600e05d6d958a9f614fc415ecba1' AND file:hashes.SHA1 = '3e7dfe9a8d5955a825cb51cb6eec0cd07c569b41' AND file:hashes.SHA256 = 'a6576282d17cca390e35306a423dcb5ac9276c28eaba63f74001757edc3688df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-04T08:58:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-04T08:58:43.000Z",
"modified": "2018-10-04T08:58:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-24T15:03:55",
"category": "Other",
"uuid": "6afd14d5-aaa2-4e91-8b35-67b241367c28"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a6576282d17cca390e35306a423dcb5ac9276c28eaba63f74001757edc3688df/analysis/1535123035/",
"category": "External analysis",
"uuid": "fc3ea1a9-30c5-4b9b-9521-779263a44955"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/67",
"category": "Other",
"uuid": "5f106e2c-460a-4bf1-ac69-cd1ab771761b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--a4d24152-f18d-42f3-9404-a09dd6d28863",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--caa8d31d-eb67-43f6-8999-5509553133ec",
"target_ref": "x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--6ca06ca1-33a7-4203-ad8e-1d6b420a0814",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--485ae42f-750e-4236-a90f-160868391c0b",
"target_ref": "x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--365e2dd4-dcb2-43a8-8fe8-0feb527035ec",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd",
"target_ref": "x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--bc3def28-50c4-4438-93ac-86f604ef8216",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0bd5f889-77cf-401b-a393-461130ea63de",
"target_ref": "x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--b8160e2d-15cd-4a1d-9070-d0d9dd88a716",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446",
"target_ref": "x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--1a798611-1b9c-4648-b68b-20cceac29e24",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f",
"target_ref": "x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--260a1904-f88d-4223-8c0c-87574e07a6c8",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569",
"target_ref": "x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--5c12bdc2-76a2-4a11-9f10-e646a785c5ea",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:58.000Z",
"modified": "2018-10-04T08:58:58.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4",
"target_ref": "x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--7149954c-13e9-477a-a0ac-1d9e8d15a5af",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:59.000Z",
"modified": "2018-10-04T08:58:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4",
"target_ref": "x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--b8ab9ecf-f6c9-4bc0-9736-9482afa6c23b",
2023-04-21 14:44:17 +00:00
"created": "2018-10-04T08:58:59.000Z",
"modified": "2018-10-04T08:58:59.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a48848a5-0b95-4b22-a285-de582b5e4213",
"target_ref": "x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}