2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5b645c85-3a4c-4a54-9b17-6b840acd0835",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T14:36:32.000Z",
|
|
|
|
"modified": "2018-08-03T14:36:32.000Z",
|
|
|
|
"name": "Synovus Financial",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5b645c85-3a4c-4a54-9b17-6b840acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T14:36:32.000Z",
|
|
|
|
"modified": "2018-08-03T14:36:32.000Z",
|
|
|
|
"name": "Phishing Domains, MALWAREMESSIAGH",
|
|
|
|
"published": "2018-08-03T14:38:36Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5b645cc0-7568-43a0-813b-6ca50acd0835",
|
|
|
|
"url--5b645cc0-7568-43a0-813b-6ca50acd0835",
|
|
|
|
"indicator--5b645cdc-6940-4fc1-b15c-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-bca0-4ea9-b547-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-b33c-4c2b-924f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-0690-4336-8e22-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-61f4-49a2-b202-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-b0fc-4b2e-8070-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-3e20-479a-8c14-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-bc08-494c-9dd0-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-08b8-400a-a137-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-6e68-42b2-ab39-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-d418-4529-af24-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-89dc-46a5-9491-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-f374-4295-96fe-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-fc90-4f34-bc91-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-bd84-492b-b374-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-07dc-4f00-9be0-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-998c-456f-ab56-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-a414-4e38-9e04-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-1a90-4125-b1b8-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-9b98-4eac-9caf-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-0bd4-49fb-b13a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-0284-4e15-a463-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-6eb4-44f2-a356-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-b330-4744-815a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-0a24-4438-b1a9-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-5520-4792-8c07-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-c3cc-4c2e-87e3-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-0cf8-43ec-8c7d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-7adc-4a30-bcac-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-cd04-4178-912c-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-58fc-4b55-b7a6-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-f430-4a84-ac5f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-65fc-4481-9f1d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-d038-4e27-a5b7-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-cec8-4acc-a0fc-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-7f14-43fe-a608-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-eaa0-4d94-b8e0-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-2fe4-4a50-92cd-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-a728-4928-a00a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-12b4-4415-b924-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-28f4-46ce-a4b1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-88c8-4823-9d30-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-ffe0-40f6-9f9d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-e1c0-4ab8-9ab5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-eb3c-4c17-8228-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-2970-4880-9fd3-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-b5cc-408f-aabf-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-60ec-4463-abba-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-4f70-48f4-ae9f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-2028-4383-9933-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-8294-477f-8a33-beaf0acd0835",
|
|
|
|
"indicator--5b645cdc-57fc-4731-90b5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-022c-4a59-be06-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-00fc-4f7d-acb1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0644-4ca9-8943-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-6cbc-4220-9a4e-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-d528-4118-8526-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-4a14-455a-87cf-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a72c-4ec4-8190-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2578-4f64-96ca-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-c640-4d96-9c68-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7434-481f-be50-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-e984-4f68-b53a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7a90-4f07-a9dc-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-8988-4d11-9191-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-19cc-4849-9558-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3a58-4cbb-b65f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7894-4950-8f67-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-cb20-4d5c-ae32-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-fae8-4840-b76b-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2024-4a3a-ae1a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-f2d0-45e7-8634-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-d774-42fa-abc3-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-1ac4-49ae-849f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-1074-478d-8af9-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-5748-4b2b-abe1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7db0-44b8-862b-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-addc-409d-ae74-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-d5d4-4e26-9439-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0150-4c35-9752-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2ccc-4b06-97ae-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3f88-4479-8357-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3db4-44f4-9ffa-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9428-40c2-8b95-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-57fc-44a3-93da-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-6564-4081-9277-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-47b0-413a-b184-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-73f4-4047-8fde-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0ec4-4c13-94c5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-271c-410d-babf-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a374-410b-90c0-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0280-4b7d-8db2-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2c6c-4b3e-bb3a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9f64-4538-97dc-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-e5d4-41ee-a2d2-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-1fc4-4812-868d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3c04-4369-95b5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9a48-4e79-b8c1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-6ee8-4b35-b8c1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-aa68-4d69-8cb7-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-391c-4801-839f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a318-4493-ac94-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-af54-43bf-8bad-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-fb3c-4eaa-aca8-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2974-41ae-baef-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3974-422f-9fdd-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a690-431e-8fc9-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-e4cc-4fad-b85d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3118-4735-946e-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a0f0-4b03-92d4-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-865c-4222-9827-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-eae0-408f-951f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-b66c-405c-b858-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-28b8-4ba3-a81e-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-68e8-4635-9e5b-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9720-4ef6-9cc2-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-ea74-49c9-9209-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3530-416a-ae6a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a954-45bc-ab07-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-6940-476e-915e-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-acf4-4a8e-8f54-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0368-487b-bea4-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-458c-436c-b28a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-cd78-41b0-a2fe-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-f37c-4cf9-a46f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0dc8-42d4-abc5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-69b4-4a7c-936a-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-f2f0-4a6a-b041-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9bd0-49fe-b682-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-b360-4e5f-87ee-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-b5b4-4294-b0cc-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-ac10-46a3-a255-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a888-4b68-921d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-d148-44e0-952f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-1498-4a87-b96b-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-4cf8-4e3a-81df-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-874c-4324-afef-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a664-4867-8414-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-cdf8-49ee-8f83-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-00e0-4b01-8903-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-b000-4863-b333-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-fd14-4e3d-b1c8-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2250-4f41-bbbe-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-c748-44d9-b0b6-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-c698-4a17-b471-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-1e9c-4c53-92bb-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7354-4db2-999d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-fbcc-4ca0-9bed-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-79b4-4fe4-9299-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-0588-45bf-8b97-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-5814-47c8-bc94-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-a3fc-44e8-a007-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-f87c-4f6d-8c1d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9f68-460d-8e0f-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-ab80-412d-9268-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-d88c-47e0-b454-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-2e9c-4bd0-beb5-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-7cdc-4519-8e21-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-df08-4616-96d3-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-46ac-4572-a243-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-3f3c-4e68-9de1-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-9998-4650-ad0d-beaf0acd0835",
|
|
|
|
"indicator--5b645cdd-ba24-490a-b120-beaf0acd0835",
|
|
|
|
"indicator--5b645cde-4e74-46e7-9589-beaf0acd0835",
|
|
|
|
"indicator--5b645cde-6d4c-4f1d-80bb-beaf0acd0835",
|
|
|
|
"indicator--5b645cde-20b8-44a8-94a7-beaf0acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"PasteBin: MALWAREMESSIAGH",
|
|
|
|
"veris:action:social:variety=\"Phishing\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b645cc0-7568-43a0-813b-6ca50acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:48.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:48.000Z",
|
|
|
|
"first_observed": "2018-08-03T13:47:48Z",
|
|
|
|
"last_observed": "2018-08-03T13:47:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b645cc0-7568-43a0-813b-6ca50acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b645cc0-7568-43a0-813b-6ca50acd0835",
|
|
|
|
"value": "https://pastebin.com/4QkJuuVC"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-6940-4fc1-b15c-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'acces-your-appleid.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-bca0-4ea9-b547-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'aid-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-b33c-4c2b-924f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-center-com.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-0690-4336-8e22-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-center-services.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-61f4-49a2-b202-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-center-services.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-b0fc-4b2e-8070-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-code.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-3e20-479a-8c14-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-com-support.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-bc08-494c-9dd0-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-hitta-min-iphone-support-id27945.xyz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-08b8-400a-a137-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-icloud-suporte.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-6e68-42b2-ab39-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-icloud-suporte.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-d418-4529-af24-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-icloud.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-89dc-46a5-9491-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-lcloud-id.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-f374-4295-96fe-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-ld.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-fc90-4f34-bc91-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-location-online.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-bd84-492b-b374-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-location-online.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-07dc-4f00-9be0-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-online-us.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-998c-456f-ab56-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-reset-password-now.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-a414-4e38-9e04-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-reset-password-now.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-1a90-4125-b1b8-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-securee-us.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-9b98-4eac-9caf-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-securee-us.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-0bd4-49fb-b13a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-sign.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-0284-4e15-a463-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-suport.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-6eb4-44f2-a356-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'apple-support-manager.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-b330-4744-815a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'applebk.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-0a24-4438-b1a9-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'applecare.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-5520-4792-8c07-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'applecare.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-c3cc-4c2e-87e3-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'applecenter.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-0cf8-43ec-8c7d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'appleinc.eu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-7adc-4a30-bcac-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'appleld-lcloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-cd04-4178-912c-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'appleld-location.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-58fc-4b55-b7a6-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'applelmy.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-f430-4a84-ac5f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ar-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-65fc-4481-9f1d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'area-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-d038-4e27-a5b7-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'assistance-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-cec8-4acc-a0fc-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auth-apple-account.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-7f14-43fe-a608-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auth-apple-account.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-eaa0-4d94-b8e0-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auth-icloud.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-2fe4-4a50-92cd-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auth-lcloud-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-a728-4928-a00a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auth-lcloud-apple.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-12b4-4415-b924-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'auto-locate-myiphone.me']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-28f4-46ce-a4b1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:01.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:01.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'autodiscover.findmyphone.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-88c8-4823-9d30-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'buscar-mi-iphone.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-ffe0-40f6-9f9d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'buscarmiphone.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-e1c0-4ab8-9ab5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'check-icloud-apple.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-eb3c-4c17-8228-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'check-icloud-location.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-2970-4880-9fd3-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-appletracker.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-b5cc-408f-aabf-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-appstore.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-60ec-4463-abba-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-auth.email']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-4f70-48f4-ae9f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-auth.website']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-2028-4383-9933-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-authentication.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-8294-477f-8a33-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-device.support']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdc-57fc-4731-90b5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-findmyphone.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-022c-4a59-be06-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-iphone.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-00fc-4f7d-acb1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-security.co']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0644-4ca9-8943-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com-security.veryrare.club']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-6cbc-4220-9a4e-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com.applecenter.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-d528-4118-8526-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com.findmyiphone.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-4a14-455a-87cf-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com.findmyphone.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a72c-4ec4-8190-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'com.fmi.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2578-4f64-96ca-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:05.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:05.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'cpanel.icloudsupport.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-c640-4d96-9c68-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'dropboxme.xyz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7434-481f-be50-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'eu-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-e984-4f68-b53a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:04.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:04.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'faktura-app.store']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7a90-4f07-a9dc-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'find-location.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-8988-4d11-9191-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'find-lphone.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-19cc-4849-9558-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'find-verify.link']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3a58-4cbb-b65f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'findmy-phone.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7894-4950-8f67-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'findmy-phone.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-cb20-4d5c-ae32-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'findmydevicelocation.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-fae8-4840-b76b-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'flndmydevice.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2024-4a3a-ae1a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'getsupport-apple-online.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-f2d0-45e7-8634-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'hsbcbank-my.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-d774-42fa-abc3-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'i-device.link']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-1ac4-49ae-849f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'i-support-apple.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-1074-478d-8af9-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ibuscarphone.me']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-5748-4b2b-abe1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-beta.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7db0-44b8-862b-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-find-suporte.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-addc-409d-ae74-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-findmyiphone-online.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-d5d4-4e26-9439-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-form.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0150-4c35-9752-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-id.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2ccc-4b06-97ae-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:03.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:03.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-location-us.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3f88-4479-8357-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:02.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:02.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-login-support-us.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3db4-44f4-9ffa-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-login-support.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9428-40c2-8b95-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-online-suporte.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-57fc-44a3-93da-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-online-suporte.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-6564-4081-9277-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-ph.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-47b0-413a-b184-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-server-findmyiphone.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-73f4-4047-8fde-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-server-online.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0ec4-4c13-94c5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-services-online-us.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-271c-410d-babf-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloud-support-br.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a374-410b-90c0-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:05.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:05.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[file:name = 'icloud.observer']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0280-4b7d-8db2-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloudmaps.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2c6c-4b3e-bb3a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'icloudsupport.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9f64-4538-97dc-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'id-apple.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-e5d4-41ee-a2d2-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'idevice-info.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-1fc4-4812-868d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'iganalytics.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3c04-4369-95b5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ii-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9a48-4e79-b8c1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ii-apple.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-6ee8-4b35-b8c1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ii-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-aa68-4d69-8cb7-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'inside-paypal.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-391c-4801-839f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ios-track.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a318-4493-ac94-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'iphonemaps.mobi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-af54-43bf-8bad-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'jamalhost.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-fb3c-4eaa-aca8-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'lcloud-ld.live']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2974-41ae-baef-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'lcloudgps.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3974-422f-9fdd-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ld-apple-support.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a690-431e-8fc9-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'ld-apple.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-e4cc-4fad-b85d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'localiza-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3118-4735-946e-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'locate-idevices.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a0f0-4b03-92d4-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'locate-idevices.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-865c-4222-9827-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'locateidforlostdevices-icloudsupportdevice.work']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-eae0-408f-951f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'locates-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-b66c-405c-b858-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-fmi-services.site']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-28b8-4ba3-a81e-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-in-appleld.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-68e8-4635-9e5b-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-in-appleld.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9720-4ef6-9cc2-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-in-paypal.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-ea74-49c9-9209-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-ln-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3530-416a-ae6a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'log-ln-location.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a954-45bc-ab07-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'login-apple.store']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-6940-476e-915e-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:56.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:56.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'login-appleid-us.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-acf4-4a8e-8f54-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'login-icloud-id.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0368-487b-bea4-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'login-map.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-458c-436c-b28a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'login-to-appleid.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-cd78-41b0-a2fe-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'lostdevicelocation.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-f37c-4cf9-a46f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:57.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:57.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'lstloc.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0dc8-42d4-abc5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'manage-appleld-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-69b4-4a7c-936a-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'manage-appleld.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-f2f0-4a6a-b041-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'mask-sms.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9bd0-49fe-b682-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'mein-iphone-suchen.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-b360-4e5f-87ee-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'online-check.ml']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-b5b4-4294-b0cc-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'paypal-management.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-ac10-46a3-a255-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'paypal-mangement.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a888-4b68-921d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'paypal-mangement.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-d148-44e0-952f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'paypal-mangement.jamalhost.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-1498-4a87-b96b-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 's2-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-4cf8-4e3a-81df-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'searching-your-iphone-location.today']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-874c-4324-afef-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'secin.site']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a664-4867-8414-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'secure-lioyds.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-cdf8-49ee-8f83-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'server.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-00e0-4b01-8903-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'service-apple.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-b000-4863-b333-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'short-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-fd14-4e3d-b1c8-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'sigin.site']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2250-4f41-bbbe-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'sign-ln-lcloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-c748-44d9-b0b6-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-appleid-eu.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-c698-4a17-b471-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:00.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:00.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-appleid-online.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-1e9c-4c53-92bb-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-appleid-us.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7354-4db2-999d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-appleid-usa.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-fbcc-4ca0-9bed-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-id-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-79b4-4fe4-9299-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-into-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-0588-45bf-8b97-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signin-lcloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-5814-47c8-bc94-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'signinlcloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-a3fc-44e8-a007-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'suporte-iphone.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-f87c-4f6d-8c1d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-apple-lcloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9f68-460d-8e0f-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-en.ch']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-ab80-412d-9268-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-fmi-cloud.link']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-d88c-47e0-b454-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-id-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-2e9c-4bd0-beb5-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:58.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:58.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-id-apple.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-7cdc-4519-8e21-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'support-online-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-df08-4616-96d3-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'supports-id-apple.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-46ac-4572-a243-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'trackmyiphone.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-3f3c-4e68-9de1-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'trackmylphone.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-9998-4650-ad0d-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'trova-il-mio-iphone.ooo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cdd-ba24-490a-b120-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'upsms.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cde-4e74-46e7-9589-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'view-location-icloud.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cde-6d4c-4f1d-80bb-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:47:59.000Z",
|
|
|
|
"modified": "2018-08-03T13:47:59.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'view-location-icloud.hostitasap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:47:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b645cde-20b8-44a8-94a7-beaf0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-08-03T13:48:05.000Z",
|
|
|
|
"modified": "2018-08-03T13:48:05.000Z",
|
|
|
|
"description": "Phishing",
|
|
|
|
"pattern": "[domain-name:value = 'view-location-id.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-08-03T13:48:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"veris:action:social:variety=\"Phishing\"",
|
|
|
|
"diamond-model:Infrastructure"
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|