2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d2cae34-7564-4049-b9c4-4ae902de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d2cae34-7564-4049-b9c4-4ae902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"name" : "OSINT - SWEED: Exposing years of Agent Tesla campaigns" ,
"published" : "2019-07-15T17:08:58Z" ,
"object_refs" : [
"observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81" ,
"url--5d2cae46-6b2c-4405-84c0-aac302de0b81" ,
"x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81" ,
"indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81" ,
"indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81" ,
"indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81" ,
"indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81" ,
"indicator--5d2cae9b-fe6c-438e-b707-427202de0b81" ,
"indicator--5d2cae9b-5870-4176-a210-4b6202de0b81" ,
"indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81" ,
"indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81" ,
"indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81" ,
"indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81" ,
"indicator--5d2cae9c-2630-4021-82aa-426c02de0b81" ,
"indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81" ,
"indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81" ,
"indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81" ,
"indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81" ,
"indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81" ,
"indicator--5d2cae9c-e824-4946-afd5-44d602de0b81" ,
"indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81" ,
"indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81" ,
"indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81" ,
"indicator--5d2cae9c-e814-4e45-b039-471702de0b81" ,
"indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81" ,
"indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81" ,
"indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81" ,
"indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81" ,
"indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81" ,
"indicator--5d2cae9c-616c-437e-a2ac-443002de0b81" ,
"indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81" ,
"indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81" ,
"indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81" ,
"indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81" ,
"indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81" ,
"indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81" ,
"indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81" ,
"indicator--5d2cae9c-ee10-46ac-a202-403702de0b81" ,
"indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81" ,
"indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81" ,
"indicator--5d2cae9c-4b40-4b91-8181-496802de0b81" ,
"indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81" ,
"indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81" ,
"indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81" ,
"indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81" ,
"indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81" ,
"indicator--5d2cae9c-1588-4f6c-8060-436302de0b81" ,
"indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81" ,
"indicator--5d2cae9c-f130-492c-92f9-464f02de0b81" ,
"indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81" ,
"indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81" ,
"indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81" ,
"indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81" ,
"indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81" ,
"indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81" ,
"indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81" ,
"indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81" ,
"indicator--5d2cae9d-608c-4017-87be-481a02de0b81" ,
"indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81" ,
"indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81" ,
"indicator--5d2cae9d-c658-4335-a822-407e02de0b81" ,
"indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81" ,
"observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81" ,
"x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81" ,
"indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81" ,
"indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81" ,
"indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81" ,
"indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81" ,
"indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81" ,
"indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81" ,
"indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81" ,
"indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81" ,
"indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81" ,
"indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81" ,
"indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81" ,
"indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81" ,
"indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81" ,
"indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81" ,
"indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81" ,
"indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81" ,
"indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81" ,
"indicator--5d2cb2ec-561c-4376-b159-46e102de0b81" ,
"indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81" ,
"indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81" ,
"indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81" ,
"indicator--5d2cb2ec-0100-4c07-902f-484302de0b81" ,
"indicator--5d2caf42-e134-4c02-8eda-45d702de0b81" ,
"indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81" ,
"indicator--90a459a2-ebdb-4229-9b32-7e02479444cf" ,
"x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b" ,
"indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3" ,
"x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65" ,
"indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47" ,
"x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad" ,
"indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81" ,
"indicator--5d2cb071-13f4-4927-b73c-409902de0b81" ,
"indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81" ,
"indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81" ,
"indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81" ,
"indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63" ,
"x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1" ,
"x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a" ,
"indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde" ,
"x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7" ,
"indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5" ,
"x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9" ,
"indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf" ,
"x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6" ,
"x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e" ,
"indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4" ,
"x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c" ,
2024-04-05 12:15:17 +00:00
"relationship--ca00d857-1c74-4fba-a369-0a538f4bb3f2" ,
"relationship--9930f14c-0b2b-4b87-a9de-f93dfe9e0040" ,
"relationship--7443460a-e107-4ba0-bb41-cd0c1d42543e" ,
"relationship--371e0f3b-678c-47c9-a6aa-572d5c9bc494" ,
"relationship--7219d933-54a5-4ec9-904f-e8703a04f95e" ,
"relationship--8f2f92e2-e224-4555-9760-24a8ad99aee6" ,
"relationship--e00c1a95-d6d8-428e-8e7e-d48eb0a3d0d2" ,
"relationship--03ce1a59-721c-425f-8ee9-321f59b8ad9b" ,
"relationship--1e7464b1-ee96-42bd-bf4e-ae8eb2bd195b" ,
"relationship--c3ea4344-018b-4f6e-bd6f-b99d1c5916ec"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"75\"" ,
"misp-galaxy:malpedia=\"Agent Tesla\"" ,
"misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"" ,
"misp-galaxy:tool=\"Agent Tesla\"" ,
"workflow:todo=\"create-missing-misp-galaxy-cluster\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:48:06.000Z" ,
"modified" : "2019-07-15T16:48:06.000Z" ,
"first_observed" : "2019-07-15T16:48:06Z" ,
"last_observed" : "2019-07-15T16:48:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5d2cae46-6b2c-4405-84c0-aac302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5d2cae46-6b2c-4405-84c0-aac302de0b81" ,
"value" : "https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:48:31.000Z" ,
"modified" : "2019-07-15T16:48:31.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling \"SWEED,\" including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our research, SWEED \u00e2\u20ac\u201d which has been operating since at least 2017 \u00e2\u20ac\u201d primarily targets their victims with stealers and remote access trojans.\r\n\r\nSWEED remains consistent across most of their campaigns in their use of spear-phishing emails with malicious attachments. While these campaigns have featured a myriad of different types of malicious documents, the actor primarily tries to infect its victims with a packed version of Agent Tesla \u00e2\u20ac\u201d an information stealer that's been around since at least 2014. The version of Agent Tesla that SWEED is using differs slightly from what we've seen in the past in the way that it is packed, as well as how it infects the system. In this post, we'll run down each campaign we're able to connect to SWEED, and talk about some of the actor's tactics, techniques and procedures (TTPs)."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:24.000Z" ,
"modified" : "2019-07-15T16:49:24.000Z" ,
"pattern" : "[domain-name:value = 'sweeddehacklord.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweed-office.comie.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweed-viki.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-fe6c-438e-b707-427202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice-olamide.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-5870-4176-a210-4b6202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice-chuks.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'www.sweedoffice-kc.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice-kc.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:31.000Z" ,
"modified" : "2019-07-15T16:49:31.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice-goodman.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'sweedoffice-bosskobi.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-2630-4021-82aa-426c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'www.sweedoffice-olamide.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'www.sweedoffice-chuks.duckdns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'aelna.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'candqre.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'spedaqinterfreight.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'worldjaquar.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-e824-4946-afd5-44d602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'zurieh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'aiaininsurance.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'aidanube.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'anernostat.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-e814-4e45-b039-471702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'blssleel.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'bwayachtng.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'cablsol.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'catalanoshpping.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'cawus-coskunsu.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'crosspoiimeri.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-616c-437e-a2ac-443002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'dougiasbarwick.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'erieil.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'etqworld.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'evegreen-shipping.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'gufageneys.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'hybru.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'intermodaishipping.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'jltqroup.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-ee10-46ac-a202-403702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'jyexports.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'kayneslnterconnection.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'kn-habour.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-4b40-4b91-8181-496802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'leocouriercompany.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'lnnovalues.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'mglt-mea.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'mti-transt.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'profbuiiders.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'quycarp.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-1588-4f6c-8060-436302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'regionaitradeinspections.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'repotc.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-f130-492c-92f9-464f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'rsaqencies.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'samhwansleel.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'serec.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'snapqata.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:32.000Z" ,
"modified" : "2019-07-15T16:49:32.000Z" ,
"pattern" : "[domain-name:value = 'sukrltiv.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'supe-lab.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'usarmy-mill.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'virdtech.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'willistoweswatson.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-608c-4017-87be-481a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'xlnya-cn.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'zarpac.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'oralbdentaltreatment.tk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cae9d-c658-4335-a822-407e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:49:33.000Z" ,
"modified" : "2019-07-15T16:49:33.000Z" ,
"pattern" : "[domain-name:value = 'wlttraco.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:53:37.000Z" ,
"modified" : "2019-07-15T16:53:37.000Z" ,
"description" : "Agent Tesla - Campaign #1" ,
"pattern" : "[file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:53:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:37.000Z" ,
"modified" : "2019-07-15T17:02:37.000Z" ,
"first_observed" : "2019-07-15T17:02:37Z" ,
"last_observed" : "2019-07-15T17:02:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9" ,
"value" : "198.54.125.61"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:38.000Z" ,
"modified" : "2019-07-15T17:02:38.000Z" ,
"first_observed" : "2019-07-15T17:02:38Z" ,
"last_observed" : "2019-07-15T17:02:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9" ,
"value" : "84.38.134.121"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:40.000Z" ,
"modified" : "2019-07-15T17:02:40.000Z" ,
"first_observed" : "2019-07-15T17:02:40Z" ,
"last_observed" : "2019-07-15T17:02:40Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9" ,
"value" : "185.26.122.68"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:41.000Z" ,
"modified" : "2019-07-15T17:02:41.000Z" ,
"first_observed" : "2019-07-15T17:02:41Z" ,
"last_observed" : "2019-07-15T17:02:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9" ,
"value" : "208.91.197.91"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:42.000Z" ,
"modified" : "2019-07-15T17:02:42.000Z" ,
"first_observed" : "2019-07-15T17:02:42Z" ,
"last_observed" : "2019-07-15T17:02:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9" ,
"value" : "154.80.172.212"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:43.000Z" ,
"modified" : "2019-07-15T17:02:43.000Z" ,
"first_observed" : "2019-07-15T17:02:43Z" ,
"last_observed" : "2019-07-15T17:02:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9" ,
"value" : "46.21.144.100"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:46.000Z" ,
"modified" : "2019-07-15T17:02:46.000Z" ,
"first_observed" : "2019-07-15T17:02:46Z" ,
"last_observed" : "2019-07-15T17:02:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9" ,
"value" : "151.80.88.242"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:47.000Z" ,
"modified" : "2019-07-15T17:02:47.000Z" ,
"first_observed" : "2019-07-15T17:02:47Z" ,
"last_observed" : "2019-07-15T17:02:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9" ,
"value" : "209.99.40.222"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:52.000Z" ,
"modified" : "2019-07-15T17:02:52.000Z" ,
"first_observed" : "2019-07-15T17:02:52Z" ,
"last_observed" : "2019-07-15T17:02:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"src_ref" : "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9" ,
"value" : "209.99.40.223"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:05:31.000Z" ,
"modified" : "2019-07-15T17:05:31.000Z" ,
"pattern" : "[windows-registry-key:key = 'HKCU\\\\Software\\\\Classes\\\\ms-settings\\\\shell\\\\open\\\\command']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:05:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:06:09.000Z" ,
"modified" : "2019-07-15T17:06:09.000Z" ,
"labels" : [
"misp:type=\"whois-registrant-email\"" ,
"misp:category=\"Social network\""
] ,
"x_misp_category" : "Social network" ,
"x_misp_type" : "whois-registrant-email" ,
"x_misp_value" : "aaras480@gmail.com"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:06:57.000Z" ,
"modified" : "2019-07-15T17:06:57.000Z" ,
"description" : "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:" ,
"pattern" : "[url:value = 'http://aelna.com/file/chuks.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:06:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:06:58.000Z" ,
"modified" : "2019-07-15T17:06:58.000Z" ,
"description" : "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:" ,
"pattern" : "[url:value = 'http://aelna.com/file/sweed.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:06:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:06:58.000Z" ,
"modified" : "2019-07-15T17:06:58.000Z" ,
"description" : "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:" ,
"pattern" : "[url:value = 'http://aelna.com/file/duke.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:06:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/2/chuks.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/6/chuks.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/5/goodman.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/1/chuks.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/1/hipkid.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/5/sweed.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:30.000Z" ,
"modified" : "2019-07-15T17:07:30.000Z" ,
"description" : "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf" ,
"pattern" : "[url:value = 'sodimodisfrance.cf/2/duke.boys.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'sweed-office.comie.ru/goodman/panel']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'sweed-office.comie.ru/kc/panel/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/omee/panel/login.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-client/humble1/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-client/sima/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/omee/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/kc/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-561c-4376-b159-46e102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/olamide/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/jamil/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-client/niggab/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-client/humble2/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb2ec-0100-4c07-902f-484302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:07:56.000Z" ,
"modified" : "2019-07-15T17:07:56.000Z" ,
"description" : "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:" ,
"pattern" : "[url:value = 'wlttraco.com/sweed-office/harry/panel/post.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2caf42-e134-4c02-8eda-45d702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:52:18.000Z" ,
"modified" : "2019-07-15T16:52:18.000Z" ,
"description" : " Campaign #1" ,
"pattern" : "[file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd' AND file:name = 'Java_Updater.zip']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:52:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:53:00.000Z" ,
"modified" : "2019-07-15T16:53:00.000Z" ,
"description" : " Campaign #1" ,
"pattern" : "[file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08' AND file:name = 'P-O of Jun2017.zip']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:53:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:54:12.000Z" ,
"modified" : "2019-07-15T16:54:12.000Z" ,
"pattern" : "[file:hashes.MD5 = '1be08ed45c512f6daab34519995dda63' AND file:hashes.SHA1 = '4a4fa608ccdbae42ef3ed708b08b6bbacda20908' AND file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:54:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:54:13.000Z" ,
"modified" : "2019-07-15T16:54:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-26T19:06:29" ,
"category" : "Other" ,
"comment" : "Agent Tesla - Campaign #1" ,
"uuid" : "af28189f-7f1d-41a8-8c73-c9ea120555ca"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f/analysis/1522091189/" ,
"category" : "External analysis" ,
"comment" : "Agent Tesla - Campaign #1" ,
"uuid" : "80f8f1b1-1a11-44ca-9efa-a09ab8cc83d5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/66" ,
"category" : "Payload installation" ,
"comment" : "Agent Tesla - Campaign #1" ,
"uuid" : "eea81aef-999f-4df6-8f60-eec0e32da997"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bf58485904f69fb91b11cd802f6d76ca' AND file:hashes.SHA1 = 'ae8f8bb3e7cfdeed7317b6eea7ef0cec4113b519' AND file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:54:13.000Z" ,
"modified" : "2019-07-15T16:54:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-06-22T12:36:27" ,
"category" : "Other" ,
"uuid" : "65f4da1c-0f6c-4b4a-a272-75e00434483e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/" ,
"category" : "Payload delivery" ,
"uuid" : "842578a7-27e5-4718-bb4c-479b7cb369ac"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "9/59" ,
"category" : "Payload delivery" ,
"uuid" : "5df2aec9-e3a5-48b2-a5f6-bd1ac1a30d9e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a313f809b1faf1643e0201e29cb4cbc0' AND file:hashes.SHA1 = '2dd851466760b8b35226e83b2bfa36a379c03db6' AND file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:54:14.000Z" ,
"modified" : "2019-07-15T16:54:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-12T13:33:10" ,
"category" : "Other" ,
"uuid" : "553d5faf-a8ce-445a-82a9-3e17363cd1da"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/" ,
"category" : "Payload delivery" ,
"uuid" : "c14e58b2-77a5-46d7-ab6d-9afbf6ab18c7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/66" ,
"category" : "Payload delivery" ,
"uuid" : "0161d30e-d327-4df9-a166-658673b5b49a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:55:41.000Z" ,
"modified" : "2019-07-15T16:55:41.000Z" ,
"description" : " Campaign #2" ,
"pattern" : "[file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97' AND file:name = 'Java sample']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:55:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb071-13f4-4927-b73c-409902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:57:21.000Z" ,
"modified" : "2019-07-15T16:57:21.000Z" ,
"description" : " Campaign #3" ,
"pattern" : "[file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b' AND file:name = 'New Order For Quotation.ppsx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:57:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T16:58:21.000Z" ,
"modified" : "2019-07-15T16:58:21.000Z" ,
"description" : " Campaign #4" ,
"pattern" : "[file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671' AND file:name = 'SETTLEMENT OF OUTSTANDING.xlsx']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T16:58:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:00:53.000Z" ,
"modified" : "2019-07-15T17:00:53.000Z" ,
"description" : " Campaign #5" ,
"pattern" : "[file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075' AND file:name = 'Request and specification of our new order.xls']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:00:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:01:51.000Z" ,
"modified" : "2019-07-15T17:01:51.000Z" ,
"description" : " Campaign #5" ,
"pattern" : "[file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f' AND file:name = 'Agent Tesla']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:01:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"pattern" : "[file:hashes.MD5 = '8e0b8b5200e879d7a4a62df5ea30253a' AND file:hashes.SHA1 = '50c9dea7c3b2f396f22612f14dae00880ceffa9a' AND file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-15T06:00:54" ,
"category" : "Other" ,
"uuid" : "dabea056-538d-4442-b633-26c8a44edf75"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075/analysis/1563170454/" ,
"category" : "Payload delivery" ,
"uuid" : "f41b268d-f903-4aa4-b5ba-1e19066d5e42"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/60" ,
"category" : "Payload delivery" ,
"uuid" : "4cc2f15c-563f-4209-9583-41628ba52ea3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-12T13:33:10" ,
"category" : "Other" ,
"uuid" : "5f522c75-9e97-494d-9194-a6b93776287a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/" ,
"category" : "Payload delivery" ,
"uuid" : "ad0b5f4e-0fff-4f75-be53-6265f58c29c1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/66" ,
"category" : "Payload delivery" ,
"uuid" : "356ef8ff-0235-4e8f-bb33-8249a5caf79e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:03.000Z" ,
"modified" : "2019-07-15T17:02:03.000Z" ,
"pattern" : "[file:hashes.MD5 = '675b17eed5c3c5e0bb5ab937753672bb' AND file:hashes.SHA1 = '72d382cbf08d3f3fe2429eceed8a706b1b44fd65' AND file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:04.000Z" ,
"modified" : "2019-07-15T17:02:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-18T19:17:10" ,
"category" : "Other" ,
"uuid" : "aa822b4a-e563-4929-b1ba-7bf06ac4c469"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b/analysis/1542568630/" ,
"category" : "Payload delivery" ,
"uuid" : "4c438a43-6d73-412c-b2d0-0c36ee8a04c0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/56" ,
"category" : "Payload delivery" ,
"uuid" : "e4e98012-9f66-4620-a3a9-2d899b277a8e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:04.000Z" ,
"modified" : "2019-07-15T17:02:04.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f082f44b0f4e52c44a6116e34ecb2a78' AND file:hashes.SHA1 = 'a2b75fce3fc2baf11eae550d05aa1fbe170be546' AND file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:04.000Z" ,
"modified" : "2019-07-15T17:02:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-18T19:12:47" ,
"category" : "Other" ,
"uuid" : "d0b8bb66-599a-448b-a8b5-674d8fdb2cb2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671/analysis/1542568367/" ,
"category" : "Payload delivery" ,
"uuid" : "e872a407-273f-4376-a8a1-49e69b57e6e7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/59" ,
"category" : "Payload delivery" ,
"uuid" : "934ba945-fbe4-4884-ad0d-dc8fa9cd8a20"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:04.000Z" ,
"modified" : "2019-07-15T17:02:04.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fc23bd61f8af13293fd960e6cb202145' AND file:hashes.SHA1 = 'd3e1421263a60abd5e58a49c3f02282710917210' AND file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:04.000Z" ,
"modified" : "2019-07-15T17:02:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-18T02:08:00" ,
"category" : "Other" ,
"uuid" : "89006026-47b7-45f8-ac3c-64326ebbe3ca"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f/analysis/1560823680/" ,
"category" : "Payload delivery" ,
"uuid" : "9cbf73dd-b749-4402-9737-395a241e805d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "45/66" ,
"category" : "Payload delivery" ,
"uuid" : "d602cb8b-f80f-4839-aab8-eaadae303222"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:05.000Z" ,
"modified" : "2019-07-15T17:02:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-06-22T12:36:27" ,
"category" : "Other" ,
"uuid" : "5cbc4dea-fefe-4d73-ac3a-99c822b7118b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/" ,
"category" : "Payload delivery" ,
"uuid" : "8c6cfdd3-0eff-4938-a5d3-1ae36045c254"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "9/59" ,
"category" : "Payload delivery" ,
"uuid" : "2cf448aa-f7c9-48a8-825e-4a5ee6733ec5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:05.000Z" ,
"modified" : "2019-07-15T17:02:05.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bcfe2c56500d6f58e8e3f4b5a35fb155' AND file:hashes.SHA1 = 'f36b3a4353cddc2909f534a5dbf4f631c4c941a9' AND file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-15T17:02:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-15T17:02:05.000Z" ,
"modified" : "2019-07-15T17:02:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-15T07:22:45" ,
"category" : "Other" ,
"uuid" : "ba91dac5-b7af-42b4-a351-b43c4cb949ea"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97/analysis/1542266565/" ,
"category" : "Payload delivery" ,
"uuid" : "891da064-eda3-4824-94a3-6d7950aedd8c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/58" ,
"category" : "Payload delivery" ,
"uuid" : "b2320be1-2302-421d-8aa1-07110023f45a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--ca00d857-1c74-4fba-a369-0a538f4bb3f2" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T16:54:14.000Z" ,
"modified" : "2019-07-15T16:54:14.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf" ,
"target_ref" : "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--9930f14c-0b2b-4b87-a9de-f93dfe9e0040" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T16:54:15.000Z" ,
"modified" : "2019-07-15T16:54:15.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3" ,
"target_ref" : "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--7443460a-e107-4ba0-bb41-cd0c1d42543e" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:05.000Z" ,
"modified" : "2019-07-15T17:02:05.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3" ,
"target_ref" : "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--371e0f3b-678c-47c9-a6aa-572d5c9bc494" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T16:54:15.000Z" ,
"modified" : "2019-07-15T16:54:15.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47" ,
"target_ref" : "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--7219d933-54a5-4ec9-904f-e8703a04f95e" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47" ,
"target_ref" : "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--8f2f92e2-e224-4555-9760-24a8ad99aee6" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63" ,
"target_ref" : "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--e00c1a95-d6d8-428e-8e7e-d48eb0a3d0d2" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde" ,
"target_ref" : "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--03ce1a59-721c-425f-8ee9-321f59b8ad9b" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5" ,
"target_ref" : "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--1e7464b1-ee96-42bd-bf4e-ae8eb2bd195b" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf" ,
"target_ref" : "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--c3ea4344-018b-4f6e-bd6f-b99d1c5916ec" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-15T17:02:06.000Z" ,
"modified" : "2019-07-15T17:02:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4" ,
"target_ref" : "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}