773 lines
30 KiB
JSON
773 lines
30 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--57a8944a-ac6c-43ac-8cf4-4ebe950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--57a8944a-ac6c-43ac-8cf4-4ebe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"name": "Expansion on OSINT Lost your iPhone? Be on guard for a perfectly-timed Apple ID phishing attack by Hot For Security",
|
||
|
"published": "2016-08-08T14:48:08Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--57a89578-62b4-4107-8779-4fcb950d210f",
|
||
|
"url--57a89578-62b4-4107-8779-4fcb950d210f",
|
||
|
"observed-data--57a89578-b694-453f-b54c-4eda950d210f",
|
||
|
"url--57a89578-b694-453f-b54c-4eda950d210f",
|
||
|
"observed-data--57a89579-3a20-4d0c-bdba-4761950d210f",
|
||
|
"url--57a89579-3a20-4d0c-bdba-4761950d210f",
|
||
|
"observed-data--57a89579-2474-454c-b304-4098950d210f",
|
||
|
"url--57a89579-2474-454c-b304-4098950d210f",
|
||
|
"indicator--57a89583-d520-41c5-b259-4f7c950d210f",
|
||
|
"indicator--57a89a2a-5fd0-48c5-a663-4b54950d210f",
|
||
|
"indicator--57a89a2a-a4dc-42fd-9289-48e9950d210f",
|
||
|
"indicator--57a89a6f-a260-45ee-ac58-458c950d210f",
|
||
|
"indicator--57a89a6f-1a84-4870-8d47-4b53950d210f",
|
||
|
"indicator--57a89a6f-efac-4647-93db-4a4e950d210f",
|
||
|
"indicator--57a89a6f-cd44-4887-a61b-4f28950d210f",
|
||
|
"indicator--57a89a70-0d94-453e-9739-42e3950d210f",
|
||
|
"indicator--57a89a70-cef0-409a-bda0-4395950d210f",
|
||
|
"indicator--57a89a70-c450-4212-b708-4ead950d210f",
|
||
|
"indicator--57a89a71-0728-4871-8dfa-40e9950d210f",
|
||
|
"indicator--57a89a71-6da4-424e-8b1f-46f5950d210f",
|
||
|
"indicator--57a89a71-bc44-4768-8087-476d950d210f",
|
||
|
"indicator--57a89a71-014c-4e3d-801b-4c7c950d210f",
|
||
|
"indicator--57a89a72-be84-4cad-a2af-4853950d210f",
|
||
|
"indicator--57a89a72-0328-4289-9558-4c70950d210f",
|
||
|
"indicator--57a89a72-2904-4980-9957-42ac950d210f",
|
||
|
"indicator--57a89a72-677c-422a-b98b-4fdc950d210f",
|
||
|
"indicator--57a89a72-4208-4b46-adad-43eb950d210f",
|
||
|
"indicator--57a89b3e-359c-4ae9-92de-4c5c950d210f",
|
||
|
"indicator--57a89b3e-04b8-4dfc-bb2f-4405950d210f",
|
||
|
"indicator--57a89b3e-7b5c-4190-b88e-4468950d210f",
|
||
|
"indicator--57a89b3e-e428-41e7-86d8-4660950d210f",
|
||
|
"indicator--57a89b3f-386c-4b54-a41e-4685950d210f",
|
||
|
"indicator--57a89b3f-f5c4-4db5-a3d3-4c5d950d210f",
|
||
|
"indicator--57a89b3f-436c-45dd-a778-46ba950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57a89578-62b4-4107-8779-4fcb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:21:44.000Z",
|
||
|
"modified": "2016-08-08T14:21:44.000Z",
|
||
|
"first_observed": "2016-08-08T14:21:44Z",
|
||
|
"last_observed": "2016-08-08T14:21:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57a89578-62b4-4107-8779-4fcb950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57a89578-62b4-4107-8779-4fcb950d210f",
|
||
|
"value": "https://www.passivetotal.org/passive/show-iphone-location.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57a89578-b694-453f-b54c-4eda950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:21:44.000Z",
|
||
|
"modified": "2016-08-08T14:21:44.000Z",
|
||
|
"first_observed": "2016-08-08T14:21:44Z",
|
||
|
"last_observed": "2016-08-08T14:21:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57a89578-b694-453f-b54c-4eda950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57a89578-b694-453f-b54c-4eda950d210f",
|
||
|
"value": "https://www.passivetotal.org/passive/5.189.140.84"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57a89579-3a20-4d0c-bdba-4761950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:21:45.000Z",
|
||
|
"modified": "2016-08-08T14:21:45.000Z",
|
||
|
"first_observed": "2016-08-08T14:21:45Z",
|
||
|
"last_observed": "2016-08-08T14:21:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57a89579-3a20-4d0c-bdba-4761950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57a89579-3a20-4d0c-bdba-4761950d210f",
|
||
|
"value": "https://www.passivetotal.org/passive/31.204.153.197"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57a89579-2474-454c-b304-4098950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:21:45.000Z",
|
||
|
"modified": "2016-08-08T14:21:45.000Z",
|
||
|
"first_observed": "2016-08-08T14:21:45Z",
|
||
|
"last_observed": "2016-08-08T14:21:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57a89579-2474-454c-b304-4098950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57a89579-2474-454c-b304-4098950d210f",
|
||
|
"value": "https://www.passivetotal.org/passive/162.210.99.240"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89583-d520-41c5-b259-4f7c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:21:55.000Z",
|
||
|
"modified": "2016-08-08T14:21:55.000Z",
|
||
|
"pattern": "[domain-name:value = 'show-iphone-location.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:21:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a2a-5fd0-48c5-a663-4b54950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:41:46.000Z",
|
||
|
"modified": "2016-08-08T14:41:46.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.140.84']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:41:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a2a-a4dc-42fd-9289-48e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:41:46.000Z",
|
||
|
"modified": "2016-08-08T14:41:46.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.210.99.240']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:41:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a6f-a260-45ee-ac58-458c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:55.000Z",
|
||
|
"modified": "2016-08-08T14:42:55.000Z",
|
||
|
"pattern": "[domain-name:value = 'apple-map-locate.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a6f-1a84-4870-8d47-4b53950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:55.000Z",
|
||
|
"modified": "2016-08-08T14:42:55.000Z",
|
||
|
"pattern": "[domain-name:value = 'findmyiphone-system.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a6f-efac-4647-93db-4a4e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:55.000Z",
|
||
|
"modified": "2016-08-08T14:42:55.000Z",
|
||
|
"pattern": "[domain-name:value = 'alert-support.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a6f-cd44-4887-a61b-4f28950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:55.000Z",
|
||
|
"modified": "2016-08-08T14:42:55.000Z",
|
||
|
"pattern": "[domain-name:value = 'icloudsecurelogin.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a70-0d94-453e-9739-42e3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:56.000Z",
|
||
|
"modified": "2016-08-08T14:42:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'fmi-verify-lost.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a70-cef0-409a-bda0-4395950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:56.000Z",
|
||
|
"modified": "2016-08-08T14:42:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'alert-map.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a70-c450-4212-b708-4ead950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:56.000Z",
|
||
|
"modified": "2016-08-08T14:42:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'apple-support-apple.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a71-0728-4871-8dfa-40e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:57.000Z",
|
||
|
"modified": "2016-08-08T14:42:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'lcloud-location-map.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a71-6da4-424e-8b1f-46f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:57.000Z",
|
||
|
"modified": "2016-08-08T14:42:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'findmyiphones-team.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a71-bc44-4768-8087-476d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:57.000Z",
|
||
|
"modified": "2016-08-08T14:42:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'security-ios.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a71-014c-4e3d-801b-4c7c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:57.000Z",
|
||
|
"modified": "2016-08-08T14:42:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'locationteam-icloud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a72-be84-4cad-a2af-4853950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:58.000Z",
|
||
|
"modified": "2016-08-08T14:42:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'icloud-find.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a72-0328-4289-9558-4c70950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:58.000Z",
|
||
|
"modified": "2016-08-08T14:42:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'icloudview.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a72-2904-4980-9957-42ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:58.000Z",
|
||
|
"modified": "2016-08-08T14:42:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'forum.liveplays.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a72-677c-422a-b98b-4fdc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:58.000Z",
|
||
|
"modified": "2016-08-08T14:42:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'iphone-service.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89a72-4208-4b46-adad-43eb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:42:58.000Z",
|
||
|
"modified": "2016-08-08T14:42:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'fmidevice-location.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:42:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3e-359c-4ae9-92de-4c5c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'rakgrs.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3e-04b8-4dfc-bb2f-4405950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'verify-apple-id.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3e-7b5c-4190-b88e-4468950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'trackingiphonelocation.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3e-e428-41e7-86d8-4660950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:22.000Z",
|
||
|
"modified": "2016-08-08T14:46:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'mmison.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3f-386c-4b54-a41e-4685950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:23.000Z",
|
||
|
"modified": "2016-08-08T14:46:23.000Z",
|
||
|
"pattern": "[domain-name:value = 'verify-iphone-location.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3f-f5c4-4db5-a3d3-4c5d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:23.000Z",
|
||
|
"modified": "2016-08-08T14:46:23.000Z",
|
||
|
"pattern": "[domain-name:value = 'microexperts.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57a89b3f-436c-45dd-a778-46ba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-08-08T14:46:23.000Z",
|
||
|
"modified": "2016-08-08T14:46:23.000Z",
|
||
|
"pattern": "[domain-name:value = 'hamedia.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-08-08T14:46:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|