adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56c44d9a-a738-4a22-9306-058c950d210f.json

759 lines
32 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56c44d9a-a738-4a22-9306-058c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:59.000Z",
"modified": "2016-02-17T14:42:59.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56c44d9a-a738-4a22-9306-058c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:59.000Z",
"modified": "2016-02-17T14:42:59.000Z",
"name": "OSINT - Dridex Actors Get In the Ransomware Game With \"Locky\"",
"published": "2016-02-17T16:09:30Z",
"object_refs": [
"observed-data--56c44e27-8b0c-481f-9f2c-659e950d210f",
"url--56c44e27-8b0c-481f-9f2c-659e950d210f",
"x-misp-attribute--56c44e47-c110-4aab-ad9b-659b950d210f",
"indicator--56c44e7f-356c-4509-a371-42d5950d210f",
"indicator--56c44e7f-c92c-4116-bed0-44e3950d210f",
"indicator--56c44e7f-7424-4a58-b009-4a0b950d210f",
"indicator--56c44e80-4168-4412-883a-4373950d210f",
"indicator--56c44e80-6c6c-46db-bdf2-4377950d210f",
"indicator--56c44ec8-ddf0-4c29-b765-42bc950d210f",
"indicator--56c44ec8-2100-442b-9b8a-44e1950d210f",
"indicator--56c44ec8-60b4-4512-af9e-4771950d210f",
"indicator--56c44ec9-245c-4ef1-9ebb-4cb8950d210f",
"indicator--56c44ec9-bc18-4f00-be97-4f40950d210f",
"indicator--56c44ec9-d334-4804-b8aa-4780950d210f",
"indicator--56c44eca-a00c-462a-9c72-469a950d210f",
"indicator--56c44eed-24dc-4e71-8a5d-4167950d210f",
"indicator--56c44eed-6f04-498d-89ad-4371950d210f",
"indicator--56c44eee-6b80-412d-b219-4781950d210f",
"indicator--56c44eee-d6e4-4edc-a889-459a950d210f",
"indicator--56c44eee-07f4-452b-b63e-4091950d210f",
"indicator--56c44eef-8e00-4b72-8271-49ee950d210f",
"indicator--56c44eef-b904-4b5e-ac3d-4827950d210f",
"indicator--56c44f11-3b1c-410d-9ab2-4d31950d210f",
"indicator--56c44f11-56b4-4280-a544-470e950d210f",
"indicator--56c44f11-960c-40ea-b988-4a98950d210f",
"indicator--56c44f12-8278-4076-b08d-4c22950d210f",
"indicator--56c44f6a-4084-4283-8701-659d950d210f",
"indicator--56c44f6b-de78-4b97-b34e-659d950d210f",
"indicator--56c44f6b-5f08-4d9f-b024-659d950d210f",
"indicator--56c44f6b-176c-49ba-8548-659d950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56c44e27-8b0c-481f-9f2c-659e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:40:39.000Z",
"modified": "2016-02-17T10:40:39.000Z",
"first_observed": "2016-02-17T10:40:39Z",
"last_observed": "2016-02-17T10:40:39Z",
"number_observed": 1,
"object_refs": [
"url--56c44e27-8b0c-481f-9f2c-659e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56c44e27-8b0c-481f-9f2c-659e950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56c44e47-c110-4aab-ad9b-659b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:46:24.000Z",
"modified": "2016-02-17T10:46:24.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Proofpoint researchers have discovered a new ransomware named \"Locky\" being distributed via MS Word documents with malicious macros. While a variety of new ransomware has appeared since the end of 2015, Locky stands out because it is being delivered by the same actor behind many of the Dridex campaigns we have tracked over the last year."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44e7f-356c-4509-a371-42d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:42:07.000Z",
"modified": "2016-02-17T10:42:07.000Z",
"description": "Payment URIs (Locky asks user to click these links)",
"pattern": "[url:value = 'http://6dtxgqam4crv6rr6.tor2web.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44e7f-c92c-4116-bed0-44e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:42:07.000Z",
"modified": "2016-02-17T10:42:07.000Z",
"description": "Payment URIs (Locky asks user to click these links)",
"pattern": "[url:value = 'http://6dtxgqam4crv6rr6.onion.to']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44e7f-7424-4a58-b009-4a0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:42:07.000Z",
"modified": "2016-02-17T10:42:07.000Z",
"description": "Payment URIs (Locky asks user to click these links)",
"pattern": "[url:value = 'http://6dtxgqam4crv6rr6.onion.cab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44e80-4168-4412-883a-4373950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:42:08.000Z",
"modified": "2016-02-17T10:42:08.000Z",
"description": "Payment URIs (Locky asks user to click these links)",
"pattern": "[url:value = 'http://6dtxgqam4crv6rr6.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44e80-6c6c-46db-bdf2-4377950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:42:08.000Z",
"modified": "2016-02-17T10:42:08.000Z",
"description": "Payment URIs (Locky asks user to click these links)",
"pattern": "[url:value = 'https://6dtxgqam4crv6rr6.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec8-ddf0-4c29-b765-42bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:20.000Z",
"modified": "2016-02-17T10:43:20.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://109.234.38.35/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec8-2100-442b-9b8a-44e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:20.000Z",
"modified": "2016-02-17T10:43:20.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://lneqqkvxxogomu.eu/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec8-60b4-4512-af9e-4771950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:20.000Z",
"modified": "2016-02-17T10:43:20.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://qpdar.pw/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec9-245c-4ef1-9ebb-4cb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:21.000Z",
"modified": "2016-02-17T10:43:21.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://ydbayd.de/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec9-bc18-4f00-be97-4f40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:21.000Z",
"modified": "2016-02-17T10:43:21.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://ssojravpf.be/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44ec9-d334-4804-b8aa-4780950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:21.000Z",
"modified": "2016-02-17T10:43:21.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://gioaqjklhoxf.eu/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eca-a00c-462a-9c72-469a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:22.000Z",
"modified": "2016-02-17T10:43:22.000Z",
"description": "Locky C2",
"pattern": "[url:value = 'http://txlmnqnunppnpuq.ru/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eed-24dc-4e71-8a5d-4167950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:57.000Z",
"modified": "2016-02-17T10:43:57.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://www.iglobali.com/34gf5y/r34f3345g.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eed-6f04-498d-89ad-4371950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:57.000Z",
"modified": "2016-02-17T10:43:57.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://www.southlife.church/34gf5y/r34f3345g.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eee-6b80-412d-b219-4781950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:58.000Z",
"modified": "2016-02-17T10:43:58.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://www.villaggio.airwave.at/34gf5y/r34f3345g.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eee-d6e4-4edc-a889-459a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:58.000Z",
"modified": "2016-02-17T10:43:58.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://www.jesusdenazaret.com.ve/34gf5y/r34f3345g.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eee-07f4-452b-b63e-4091950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:58.000Z",
"modified": "2016-02-17T10:43:58.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://66.133.129.5/~chuckgilbert/09u8h76f/65fg67n']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eef-8e00-4b72-8271-49ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:59.000Z",
"modified": "2016-02-17T10:43:59.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://173.214.183.81/~tomorrowhope/09u8h76f/65fg67n']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44eef-b904-4b5e-ac3d-4827950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:43:59.000Z",
"modified": "2016-02-17T10:43:59.000Z",
"description": "Payloads downloaded by macro",
"pattern": "[url:value = 'http://iynus.net/~test/09u8h76f/65fg67n']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f11-3b1c-410d-9ab2-4d31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:59.000Z",
"modified": "2016-02-17T14:42:59.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\Locky']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T14:42:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Persistence mechanism"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f11-56b4-4280-a544-470e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:58.000Z",
"modified": "2016-02-17T14:42:58.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Locky\\\\id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T14:42:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Persistence mechanism"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f11-960c-40ea-b988-4a98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:58.000Z",
"modified": "2016-02-17T14:42:58.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Locky\\\\pubkey']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T14:42:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Persistence mechanism"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f12-8278-4076-b08d-4c22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T14:42:58.000Z",
"modified": "2016-02-17T14:42:58.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Locky\\\\paytext']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T14:42:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Persistence mechanism"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f6a-4084-4283-8701-659d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:46:30.000Z",
"modified": "2016-02-17T10:46:30.000Z",
"description": "Locky also appears to generate DGA traffic for command and control (the list of domains below were unregistered at the time of investigation) - See more at: https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky#sthash.MoLx2rvu.dpuf",
"pattern": "[domain-name:value = 'vkrdbsrqpi.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:46:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f6b-de78-4b97-b34e-659d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:46:03.000Z",
"modified": "2016-02-17T10:46:03.000Z",
"description": "Locky also appears to generate DGA traffic for command and control (the list of domains below were unregistered at the time of investigation) - See more at: https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky#sthash.MoLx2rvu.dpuf",
"pattern": "[domain-name:value = 'jaomjlyvwxgdt.fr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:46:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f6b-5f08-4d9f-b024-659d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:46:03.000Z",
"modified": "2016-02-17T10:46:03.000Z",
"description": "Locky also appears to generate DGA traffic for command and control (the list of domains below were unregistered at the time of investigation) - See more at: https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky#sthash.MoLx2rvu.dpuf",
"pattern": "[domain-name:value = 'wpogw.it']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:46:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c44f6b-176c-49ba-8548-659d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-17T10:46:03.000Z",
"modified": "2016-02-17T10:46:03.000Z",
"description": "Locky also appears to generate DGA traffic for command and control (the list of domains below were unregistered at the time of investigation) - See more at: https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky#sthash.MoLx2rvu.dpuf",
"pattern": "[domain-name:value = 'ofhhoowfmnuihyd.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-17T10:46:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink