adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/58c302f0-3068-4b0a-91c2-463f02de0b81.json

7190 lines
288 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58c302f0-3068-4b0a-91c2-463f02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-04-27T06:10:41.000Z",
"modified": "2020-04-27T06:10:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58c302f0-3068-4b0a-91c2-463f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-04-27T06:10:41.000Z",
"modified": "2020-04-27T06:10:41.000Z",
"name": "OSINT - Pulling Back the Curtains on EncodedCommand PowerShell Attacks",
"published": "2020-04-27T06:11:09Z",
"object_refs": [
"observed-data--58c302fd-0780-4809-b83f-48fc02de0b81",
"url--58c302fd-0780-4809-b83f-48fc02de0b81",
"x-misp-attribute--58c30314-4298-403f-bea6-49c002de0b81",
"indicator--58c30347-6984-44c1-9ec8-46ac02de0b81",
"indicator--58c30348-3fe0-48d8-bd6b-498902de0b81",
"indicator--58c30349-afd4-4524-a197-4f5f02de0b81",
"indicator--58c3034a-13b4-4dea-9328-4ccb02de0b81",
"indicator--58c30389-5158-43db-92ff-4ae402de0b81",
"indicator--58c303ab-575c-4649-8bb3-4c4002de0b81",
"indicator--58c303c2-f874-457c-8b39-46f202de0b81",
"indicator--58c303c3-17bc-42ec-b86e-413e02de0b81",
"indicator--58c303c4-ce1c-436d-9db9-4e4202de0b81",
"indicator--58c303c5-1d14-4175-b8e1-438002de0b81",
"indicator--58c303c6-f5f8-402d-9d98-465d02de0b81",
"indicator--58c303d6-5398-4638-8472-475102de0b81",
"indicator--58c303f0-a098-4bef-8dd5-40d202de0b81",
"indicator--58c30404-6e78-4b65-963e-487102de0b81",
"indicator--58c30405-e940-4c9a-8609-495f02de0b81",
"indicator--58c30406-01b8-4c4c-90b5-408902de0b81",
"indicator--58c30418-8014-4f64-929c-417b02de0b81",
"indicator--58c30419-31b8-4207-9409-41ef02de0b81",
"indicator--58c3041a-0030-48af-b220-4fef02de0b81",
"indicator--58c3041b-6968-4648-9cd5-458602de0b81",
"indicator--58c3041c-b4c0-457f-bd72-46d002de0b81",
"indicator--58c3041d-ef0c-4efd-a910-4f3302de0b81",
"indicator--58c3042d-e7f4-4ab3-81fb-417902de0b81",
"indicator--58c30472-a2f8-40f5-870b-421a02de0b81",
"indicator--58c30473-f550-4671-94d7-428302de0b81",
"indicator--58c30474-32a8-429c-a995-428702de0b81",
"indicator--58c30476-ee10-4aa6-872c-431602de0b81",
"indicator--58c30477-5194-4e68-a5a8-483a02de0b81",
"indicator--58c30478-fa2c-41ec-8cef-447202de0b81",
"indicator--58c30479-28b8-4837-91c4-435202de0b81",
"indicator--58c3047a-7460-4d13-9253-4bb502de0b81",
"indicator--58c3047b-5d80-4b9e-bc0e-47e202de0b81",
"indicator--58c304a2-c920-48e8-8b03-4ca602de0b81",
"indicator--58c304a3-0de8-4565-aeca-44f902de0b81",
"indicator--58c304a4-b17c-411a-bd19-4f5d02de0b81",
"indicator--58c304a6-858c-4afc-b6a7-437202de0b81",
"indicator--58c304a7-4d6c-427a-bbaf-4f9402de0b81",
"indicator--58c304a8-c404-4758-97fe-413602de0b81",
"indicator--58c304a9-b9c4-434e-a2d8-44e902de0b81",
"indicator--58c304aa-4814-4706-b5e5-43e702de0b81",
"indicator--58c304ab-9e88-4d87-9ae0-405102de0b81",
"indicator--58c304ac-5944-4807-88fe-4e2a02de0b81",
"indicator--58c304ad-4710-4d73-8360-425202de0b81",
"indicator--58c304ae-00e0-4b1a-aba4-4c2602de0b81",
"indicator--58c304af-1238-447c-bb08-4ec602de0b81",
"indicator--58c304b0-c6ac-4eb8-b740-432002de0b81",
"indicator--58c304b1-9ad0-4227-ac10-485c02de0b81",
"indicator--58c304b2-933c-4d7e-83e4-443502de0b81",
"indicator--58c304b3-a7b4-4182-9f5d-496e02de0b81",
"indicator--58c304b4-c8dc-41c1-a481-46af02de0b81",
"indicator--58c304b5-c070-4eee-b76e-41db02de0b81",
"indicator--58c304b6-da1c-4692-8f4c-4da302de0b81",
"indicator--58c304c9-501c-4f71-bcda-4b3302de0b81",
"indicator--58c304ca-c8e4-483d-a5c7-4fc302de0b81",
"indicator--58c304cb-01ec-454b-992a-4e1d02de0b81",
"indicator--58c304cc-90f8-4ec0-bea1-4c5602de0b81",
"indicator--58c304cd-56b4-4a7c-b09a-461802de0b81",
"indicator--58c304ce-f654-4fb5-9073-464b02de0b81",
"indicator--58c30558-3a64-4a4e-8a62-490302de0b81",
"indicator--58c30559-a8f8-488f-bdca-402602de0b81",
"indicator--58c30559-a8f8-4350-aa7b-458702de0b81",
"indicator--58c3055a-6a84-4e22-a6a9-4e2a02de0b81",
"indicator--58c3055c-19bc-4f16-b6d7-403802de0b81",
"indicator--58c3055d-9e58-4fa5-99d2-4f8902de0b81",
"indicator--58c3055e-8648-4315-a471-422102de0b81",
"indicator--58c3055f-c210-41ab-b60c-447b02de0b81",
"indicator--58c30560-ed78-41d4-9de5-466702de0b81",
"indicator--58c30561-63a8-47c6-9342-46cc02de0b81",
"indicator--58c30562-b708-4088-8cc8-4cfc02de0b81",
"indicator--58c30563-5dd8-4f0d-874b-4bb602de0b81",
"indicator--58c30564-5bf8-468c-9eba-4bbc02de0b81",
"indicator--58c30565-c7dc-4ca0-ab43-41c502de0b81",
"indicator--58c30566-2620-4a73-9635-4b8002de0b81",
"indicator--58c30567-c740-44b6-b34c-440c02de0b81",
"indicator--58c30568-4748-4205-9f6e-4f8802de0b81",
"indicator--58c30569-7ac8-449f-8898-495d02de0b81",
"indicator--58c3056a-b9b0-4723-84cb-442e02de0b81",
"indicator--58c3056b-98c8-4ad4-8fa3-46fd02de0b81",
"indicator--58c3056c-a288-4291-ace8-430f02de0b81",
"indicator--58c3056d-7044-4a58-96a7-4ca702de0b81",
"indicator--58c3056e-744c-4286-bf99-470302de0b81",
"indicator--58c3056f-d424-4ac5-8514-443b02de0b81",
"indicator--58c30570-88d4-4aa8-9f16-413e02de0b81",
"indicator--58c30571-b920-4b2f-a0e9-47b302de0b81",
"indicator--58c30572-eee8-4e68-bc98-4fa102de0b81",
"indicator--58c30573-2f08-477e-9bb4-49bf02de0b81",
"indicator--58c30574-dd58-47c1-83e9-436f02de0b81",
"indicator--58c30575-a420-4f56-ad1e-4c6f02de0b81",
"indicator--58c30576-2d68-490b-9782-443502de0b81",
"indicator--58c30577-9b18-4551-b0f0-4ccc02de0b81",
"indicator--58c30578-a908-4d42-8494-43ba02de0b81",
"indicator--58c30579-e658-4b3b-b503-488802de0b81",
"indicator--58c3057a-e8a4-4748-bcd4-47e902de0b81",
"indicator--58c3057b-6bc4-4e0f-8e56-442f02de0b81",
"indicator--58c3057c-8220-450c-af01-48a702de0b81",
"indicator--58c3057d-b430-4db6-9357-40f302de0b81",
"indicator--58c3057e-9d70-4993-8062-45b802de0b81",
"indicator--58c3057f-9d18-4940-ab3b-41b902de0b81",
"indicator--58c30580-aaa4-4f2e-8d52-4f4a02de0b81",
"indicator--58c30581-48cc-4a37-9192-48e202de0b81",
"indicator--58c30582-01f0-4220-8197-4cf902de0b81",
"indicator--58c30583-7d94-4660-9fd7-49f002de0b81",
"indicator--58c30584-512c-4f30-9354-43a202de0b81",
"indicator--58c30585-1ce0-4744-99fd-403a02de0b81",
"indicator--58c30586-ac80-489a-a854-46d302de0b81",
"indicator--58c30587-b3c4-4c82-902c-402802de0b81",
"indicator--58c30588-8bc8-4215-bf80-4e6302de0b81",
"indicator--58c30589-e01c-4fea-aa07-45a902de0b81",
"indicator--58c3058a-3864-4e5e-8c38-47fa02de0b81",
"indicator--58c3058b-ec7c-4443-9f42-4a3a02de0b81",
"indicator--58c3058c-d198-430e-90d4-497d02de0b81",
"indicator--58c3058d-6d40-4007-98d9-4e9a02de0b81",
"indicator--58c3058e-8054-4a05-ac3e-486902de0b81",
"indicator--58c3058f-7eb4-4ecb-99e0-451502de0b81",
"indicator--58c30590-f6cc-493a-9449-470d02de0b81",
"indicator--58c30591-fffc-4f77-83a0-46a902de0b81",
"indicator--58c30592-d8cc-40aa-be53-4e4b02de0b81",
"indicator--58c30593-2e38-4640-a08d-4d1302de0b81",
"indicator--58c30594-70cc-4cfa-98c0-4c4302de0b81",
"indicator--58c30595-69b4-470f-a741-4b5b02de0b81",
"indicator--58c30596-fbc4-4735-a5dc-487402de0b81",
"indicator--58c30597-d934-4766-ac02-423c02de0b81",
"indicator--58c30597-31dc-42e1-b3b9-4e5002de0b81",
"indicator--58c30598-6c34-453a-8037-40f102de0b81",
"indicator--58c30599-f630-4d25-904c-4d9702de0b81",
"indicator--58c3059a-97b0-4e23-9a60-498602de0b81",
"indicator--58c3059b-26cc-4df5-a15b-4b9702de0b81",
"indicator--58c3059b-4d10-4dda-855e-4f5d02de0b81",
"indicator--58c3059c-8b7c-4097-ad97-46d502de0b81",
"indicator--58c3059d-52ac-4f53-ac9e-4a5f02de0b81",
"indicator--58c3059e-3490-4e62-9870-40c902de0b81",
"indicator--58c3059f-3c3c-4e9b-9fe0-497f02de0b81",
"indicator--58c305a0-8124-41e9-844d-4fa602de0b81",
"indicator--58c305a1-8c64-44cb-86d7-45ec02de0b81",
"indicator--58c305a2-f4b8-44b6-b8ea-4c1302de0b81",
"indicator--58c305a3-8c74-497e-9f50-41d202de0b81",
"indicator--58c305a4-6e18-4919-aa4d-437902de0b81",
"indicator--58c305a5-f988-4801-9ee9-4fa502de0b81",
"indicator--58c305a6-f868-4c54-9f5a-47a202de0b81",
"indicator--58c305a7-bcc4-4be2-b178-446302de0b81",
"indicator--58c305a7-b1ac-489d-b7cf-4d7702de0b81",
"indicator--58c305a8-e864-4858-9e53-434002de0b81",
"indicator--58c305a9-8cb8-4583-9777-447502de0b81",
"indicator--58c305aa-290c-4209-8acf-487b02de0b81",
"indicator--58c305ab-9ed8-4c35-b47c-490502de0b81",
"indicator--58c305ac-4230-422e-bd08-411a02de0b81",
"indicator--58c305ad-72d0-420a-9197-46a702de0b81",
"indicator--58c305ae-e854-4040-b8fd-4dc302de0b81",
"indicator--58c305af-ebf4-48ac-8b99-409102de0b81",
"indicator--58c305b0-b98c-429e-92fa-49e002de0b81",
"indicator--58c305b1-cc30-41a5-b3e7-429702de0b81",
"indicator--58c305b2-26fc-4127-a66a-468d02de0b81",
"indicator--58c305b2-fec4-4616-9ee1-4a5e02de0b81",
"indicator--58c305b3-6384-4940-970a-4dbc02de0b81",
"indicator--58c305b4-3cf4-4d47-9efa-465a02de0b81",
"indicator--58c305b5-1470-4afa-b1ac-49e102de0b81",
"indicator--58c305b6-8cdc-4723-b84f-4f5a02de0b81",
"indicator--58c305b7-f698-4026-8cdd-427f02de0b81",
"indicator--58c305b7-df6c-4aa5-bd52-435702de0b81",
"indicator--58c305b8-fd00-4154-a70c-443b02de0b81",
"indicator--58c305b9-f6b8-4c16-8b50-44d502de0b81",
"indicator--58c305ba-a070-45fc-821c-4c9102de0b81",
"indicator--58c305bb-aaa0-46c0-88c4-496d02de0b81",
"indicator--58c305bb-c840-4625-b8ac-4ad202de0b81",
"indicator--58c30603-1cbc-4ef1-9685-44c402de0b81",
"indicator--58c30604-9ff8-4de8-950f-431002de0b81",
"indicator--58c30605-781c-4fd9-8f41-4c7702de0b81",
"indicator--58c30605-0b8c-4739-8b68-461102de0b81",
"indicator--58c30606-be0c-4d62-ac0d-420f02de0b81",
"indicator--58c30607-9b68-493b-a7ae-401e02de0b81",
"indicator--58c30608-5b9c-4ae9-a4e8-409b02de0b81",
"indicator--58c30609-4af4-44df-a1d5-484f02de0b81",
"indicator--58c3060a-c508-4119-99e0-451402de0b81",
"indicator--58c3060b-fcd4-4d56-978e-4be402de0b81",
"indicator--58c3060c-84b0-4757-915f-424502de0b81",
"indicator--58c3060d-e590-4f17-97f6-4b5e02de0b81",
"indicator--58c3060e-f64c-4503-a8a0-4db402de0b81",
"indicator--58c3060f-a8d0-49c1-9b60-415502de0b81",
"indicator--58c30610-c99c-40c5-a9d3-4b2202de0b81",
"indicator--58c30611-f9c4-4529-a937-488f02de0b81",
"indicator--58c30612-79f8-4366-8f25-43e402de0b81",
"indicator--58c30613-9398-4630-b5a7-41b602de0b81",
"indicator--58c30614-1320-494e-9c7f-4efe02de0b81",
"indicator--58c30614-5cdc-469c-a9e8-438102de0b81",
"indicator--58c30615-8838-40ba-9301-480a02de0b81",
"indicator--58c30615-7608-4bee-a4e3-4e9702de0b81",
"indicator--58c30616-6e50-48ba-85f0-40d602de0b81",
"indicator--58c30617-78d8-43b1-832f-46b402de0b81",
"indicator--58c30618-4740-4fe7-87b3-43ae02de0b81",
"indicator--58c30618-6b28-444d-984c-4e0902de0b81",
"indicator--58c30619-38e8-4b79-929d-49dc02de0b81",
"indicator--58c30619-1edc-4cab-9c02-415902de0b81",
"indicator--58c3061a-c500-4983-b816-498b02de0b81",
"indicator--58c3061a-f814-4a4f-a990-4d1702de0b81",
"indicator--58c3061b-269c-4d0b-abe9-4d6d02de0b81",
"indicator--58c3061b-527c-4e15-bcef-470c02de0b81",
"indicator--58c3061c-7c9c-4abf-b2d8-4e1402de0b81",
"indicator--58c3061d-4bd0-4301-8441-432402de0b81",
"indicator--58c3061e-6460-4c89-80a8-487102de0b81",
"indicator--58c3061e-4ad4-4ba9-b46d-4f2a02de0b81",
"indicator--58c3061f-6470-4051-b459-4ac002de0b81",
"indicator--58c3061f-2e1c-4cc6-998a-4fe802de0b81",
"indicator--58c30620-9178-4ba5-8450-421b02de0b81",
"indicator--58c30620-6678-43db-8b36-489702de0b81",
"indicator--58c30620-b4a4-446d-a5fd-45eb02de0b81",
"indicator--58c30621-0a58-4fa7-a723-4a8102de0b81",
"indicator--58c30621-4a4c-4f0e-a522-415702de0b81",
"indicator--58c30622-e56c-49b3-a7bc-483902de0b81",
"indicator--58c30623-6090-48c3-80da-48e302de0b81",
"indicator--58c30624-bb30-4aef-ad95-42b402de0b81",
"indicator--58c30624-20b4-4731-bb39-454002de0b81",
"indicator--58c30625-f13c-45d7-b693-4bf802de0b81",
"indicator--58c30625-bec4-46d8-80e4-4edc02de0b81",
"indicator--58c30626-f024-4934-82c9-47e202de0b81",
"indicator--58c30626-cbbc-4826-8976-46fc02de0b81",
"indicator--58c30627-2660-4ffe-81ec-430302de0b81",
"indicator--58c30627-5220-405d-b0da-442802de0b81",
"indicator--58c30628-ccc0-4d39-857a-496302de0b81",
"indicator--58c30628-a9b0-4a17-b617-423502de0b81",
"indicator--58c30629-f264-43f8-b8c4-432c02de0b81",
"indicator--58c30629-b354-46b9-8358-474c02de0b81",
"indicator--58c3062a-0e10-47b0-9bb6-42b802de0b81",
"indicator--58c3062b-6f34-4519-a43d-4eb102de0b81",
"indicator--58c3062b-75a4-4847-ac49-4a6d02de0b81",
"indicator--58c3062c-a848-4693-8860-416e02de0b81",
"indicator--58c3062c-b068-446e-a6b5-419902de0b81",
"indicator--58c3062d-4108-4f56-918c-47f502de0b81",
"indicator--58c3062d-b03c-43f0-bfa9-498d02de0b81",
"indicator--58c3062f-ef68-4a16-ad9e-430602de0b81",
"indicator--58c3062f-5174-4139-bcfd-471302de0b81",
"indicator--58c30630-1eac-42ca-99d5-435d02de0b81",
"indicator--58c30630-fa70-42be-a71b-467602de0b81",
"indicator--58c30631-30f4-4a18-bf64-455702de0b81",
"indicator--58c30632-8b90-42b6-93ad-451f02de0b81",
"indicator--58c30633-1020-4ccd-91ce-44f202de0b81",
"indicator--58c30633-8e54-47b8-b28f-4abc02de0b81",
"indicator--58c30634-18ac-4e15-b27c-40de02de0b81",
"indicator--58c30635-d264-48f7-8806-431402de0b81",
"indicator--58c30635-5380-4945-9f4a-4e5f02de0b81",
"indicator--58c30636-4bac-4e22-a14d-401502de0b81",
"indicator--58c30636-4de0-49b0-b6fb-4ea602de0b81",
"indicator--58c30637-c948-4017-b818-457c02de0b81",
"indicator--58c30638-e680-40f5-85c8-446002de0b81",
"indicator--58c30638-8cac-4bf0-b8e8-46e602de0b81",
"indicator--58c30638-27d8-4dbd-b925-42d202de0b81",
"indicator--58c30639-34c8-4795-aa8d-4a3902de0b81",
"indicator--58c30639-7278-40df-adc1-458902de0b81",
"indicator--58c3063a-3500-42c2-9728-401602de0b81",
"indicator--58c3063a-f32c-4911-939c-490a02de0b81",
"indicator--58c3063b-950c-4462-a1f2-496102de0b81",
"indicator--58c3063b-abc8-4f21-80fe-458a02de0b81",
"indicator--58c3063c-0034-43f6-8062-4a9102de0b81",
"indicator--58c3063c-eccc-46cd-b57f-4db002de0b81",
"indicator--58c3063d-3cdc-4f48-b8cd-4efa02de0b81",
"indicator--58c3063d-9d84-4e84-bcf3-4cab02de0b81",
"indicator--58c3063e-3cac-4db2-84c0-486102de0b81",
"indicator--58c3063f-e838-4fe3-8868-4efe02de0b81",
"indicator--58c3063f-9fdc-412e-9861-414102de0b81",
"indicator--58c30640-1414-406d-ab1b-483302de0b81",
"indicator--58c30640-0e94-401d-a112-48db02de0b81",
"indicator--58c30641-4a84-4be4-a373-4cb602de0b81",
"indicator--58c30642-2f14-4658-8ecc-480f02de0b81",
"indicator--58c30643-61a4-428b-a33f-422f02de0b81",
"indicator--58c30643-dde8-44c8-9649-4ae702de0b81",
"indicator--58c30644-8e88-4fcf-8aa7-4ed202de0b81",
"indicator--58c30645-6bac-4b95-9849-40db02de0b81",
"indicator--58c30645-0dd8-4b82-b20a-4df602de0b81",
"indicator--58c30646-6e0c-4a32-8d07-4ae502de0b81",
"indicator--58c30646-a9e0-4ecb-aaba-48ce02de0b81",
"indicator--58c30647-2844-4319-bc3b-447e02de0b81",
"indicator--58c30648-30f8-41a6-a9dd-4a7202de0b81",
"indicator--58c30648-d464-44f9-bee9-4c0e02de0b81",
"indicator--58c30649-c284-409d-8890-437102de0b81",
"indicator--58c3064a-7a4c-4e6c-83d8-443202de0b81",
"indicator--58c3064a-4fc8-49fe-8e35-4f4b02de0b81",
"indicator--58c3064b-1168-484a-83da-48ec02de0b81",
"indicator--58c3064b-3368-435b-9771-462d02de0b81",
"indicator--58c3064c-c0c0-4fc0-9837-4f7202de0b81",
"indicator--58c3064c-f154-4ce6-bf4e-4fc002de0b81",
"indicator--58c3064d-1c28-4756-a978-44d802de0b81",
"indicator--58c3064d-6f98-4aa1-b69e-450602de0b81",
"indicator--58c3064e-02c0-4f1a-a93f-440902de0b81",
"indicator--58c3064e-e54c-41a3-bb19-4dc702de0b81",
"indicator--58c3064f-d348-4403-88a2-42dd02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58c302fd-0780-4809-b83f-48fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:48:50.000Z",
"modified": "2017-03-10T19:48:50.000Z",
"first_observed": "2017-03-10T19:48:50Z",
"last_observed": "2017-03-10T19:48:50Z",
"number_observed": 1,
"object_refs": [
"url--58c302fd-0780-4809-b83f-48fc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58c302fd-0780-4809-b83f-48fc02de0b81",
"value": "http://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58c30314-4298-403f-bea6-49c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:48:51.000Z",
"modified": "2017-03-10T19:48:51.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "PowerShell has continued to gain in popularity over the past few years as the framework continues to mature, so it\u00e2\u20ac\u2122s no surprise we\u00e2\u20ac\u2122re seeing it in more attacks. PowerShell offers attackers a wide range of capabilities natively on the system and with a quick look at the landscape of malicious PowerShell tools flooding out; you have a decent indicator of its growth.\r\n\r\nMicrosoft has done a fantastic job in later versions of PowerShell by giving multiple ways to log PowerShell activity (Transcription, ScriptBlock, etc) so there has been a shift to try and further obfuscate attacks at runtime."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30347-6984-44c1-9ec8-46ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:49:27.000Z",
"modified": "2017-03-10T19:49:27.000Z",
"description": "Meterpreter RHTTP",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.56.248.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:49:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30348-3fe0-48d8-bd6b-498902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:49:28.000Z",
"modified": "2017-03-10T19:49:28.000Z",
"description": "Meterpreter RHTTP",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.109.8.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:49:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30349-afd4-4524-a197-4f5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:49:29.000Z",
"modified": "2017-03-10T19:49:29.000Z",
"description": "Meterpreter RHTTP",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.112.221.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:49:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3034a-13b4-4dea-9328-4ccb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:49:30.000Z",
"modified": "2017-03-10T19:49:30.000Z",
"description": "Meterpreter RHTTP",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.160.254.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:49:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30389-5158-43db-92ff-4ae402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:50:33.000Z",
"modified": "2017-03-10T19:50:33.000Z",
"description": "SHA1 Hashtag",
"pattern": "[url:value = 'http://212.83.186.207/?i=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303ab-575c-4649-8bb3-4c4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:07.000Z",
"modified": "2017-03-10T19:51:07.000Z",
"description": "Layers of Obfuscation",
"pattern": "[url:value = 'http://ec2-35-167-185-55.us-west-2.compute.amazonaws.com:8080/anSfrf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303c2-f874-457c-8b39-46f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:30.000Z",
"modified": "2017-03-10T19:51:30.000Z",
"description": "AMSI Bypass",
"pattern": "[url:value = 'http://35.165.38.15:80/login/process.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303c3-17bc-42ec-b86e-413e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:31.000Z",
"modified": "2017-03-10T19:51:31.000Z",
"description": "AMSI Bypass",
"pattern": "[url:value = 'http://amazonsdeliveries.com:80/account/login.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303c4-ce1c-436d-9db9-4e4202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:32.000Z",
"modified": "2017-03-10T19:51:32.000Z",
"description": "AMSI Bypass",
"pattern": "[url:value = 'http://35.164.97.4:80/admin/get.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303c5-1d14-4175-b8e1-438002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:33.000Z",
"modified": "2017-03-10T19:51:33.000Z",
"description": "AMSI Bypass",
"pattern": "[url:value = 'http://162.253.133.189:443/login/process.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303c6-f5f8-402d-9d98-465d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:34.000Z",
"modified": "2017-03-10T19:51:34.000Z",
"description": "AMSI Bypass",
"pattern": "[url:value = 'http://162.253.133.189:443/admin/get.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303d6-5398-4638-8472-475102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:51:50.000Z",
"modified": "2017-03-10T19:51:50.000Z",
"description": "PowerWorm",
"pattern": "[url:value = 'http://powerwormjqj42hu.onion/get.php?s=setup&amp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:51:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c303f0-a098-4bef-8dd5-40d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:16.000Z",
"modified": "2017-03-10T19:52:16.000Z",
"description": "Downloader Kraken",
"pattern": "[url:value = 'http://kulup.isikun.edu.tr/Kraken.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30404-6e78-4b65-963e-487102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:36.000Z",
"modified": "2017-03-10T19:52:36.000Z",
"description": "Downloader Proxy",
"pattern": "[url:value = 'http://54.213.195.138/s2.txt?u=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30405-e940-4c9a-8609-495f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:37.000Z",
"modified": "2017-03-10T19:52:37.000Z",
"description": "Downloader Proxy",
"pattern": "[url:value = 'http://www.bcbs-arizona.org/s2.txt?u=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30406-01b8-4c4c-90b5-408902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:38.000Z",
"modified": "2017-03-10T19:52:38.000Z",
"description": "Downloader Proxy",
"pattern": "[url:value = 'http://www.bcbsarizona.org/s2.txt?u=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30418-8014-4f64-929c-417b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:56.000Z",
"modified": "2017-03-10T19:52:56.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'l.ns.topbrains.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30419-31b8-4207-9409-41ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:57.000Z",
"modified": "2017-03-10T19:52:57.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'p.s.os.ns.rankingplac.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3041a-0030-48af-b220-4fef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:58.000Z",
"modified": "2017-03-10T19:52:58.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'l.ns.huawel.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3041b-6968-4648-9cd5-458602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:52:59.000Z",
"modified": "2017-03-10T19:52:59.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'p.s.pn.ns.sse.net.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:52:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3041c-b4c0-457f-bd72-46d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:53:00.000Z",
"modified": "2017-03-10T19:53:00.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'p.s.rk.ns.rankingplac.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:53:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3041d-ef0c-4efd-a910-4f3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:53:01.000Z",
"modified": "2017-03-10T19:53:01.000Z",
"description": "TXT C2",
"pattern": "[domain-name:value = 'p.s.w2.ns.rankingplac.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:53:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3042d-e7f4-4ab3-81fb-417902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:53:17.000Z",
"modified": "2017-03-10T19:53:17.000Z",
"description": "BITSTransfer",
"pattern": "[url:value = 'http://94.102.50.39/keyt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:53:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30472-a2f8-40f5-870b-421a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:26.000Z",
"modified": "2017-03-10T19:54:26.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://84.200.84.187/Google Update Check.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30473-f550-4671-94d7-428302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:27.000Z",
"modified": "2017-03-10T19:54:27.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://52.183.79.94:80/TYBMkTfsQ']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30474-32a8-429c-a995-428702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:28.000Z",
"modified": "2017-03-10T19:54:28.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://76.74.127.38/default-nco.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30476-ee10-4aa6-872c-431602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:30.000Z",
"modified": "2017-03-10T19:54:30.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'https://wowyy.ga/counter.php?c=pdfxpl+']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30477-5194-4e68-a5a8-483a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:31.000Z",
"modified": "2017-03-10T19:54:31.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://192.168.137.241:8080/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30478-fa2c-41ec-8cef-447202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:32.000Z",
"modified": "2017-03-10T19:54:32.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://91.120.23.152/wizz.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30479-28b8-4837-91c4-435202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:33.000Z",
"modified": "2017-03-10T19:54:33.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://93.171.205.35:8080/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3047a-7460-4d13-9253-4bb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:34.000Z",
"modified": "2017-03-10T19:54:34.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'http://cannot.loginto.me/googlehelper.ps1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3047b-5d80-4b9e-bc0e-47e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:54:35.000Z",
"modified": "2017-03-10T19:54:35.000Z",
"description": "Downloader IEXDS",
"pattern": "[url:value = 'https://invesco.online/aaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:54:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a2-c920-48e8-8b03-4ca602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:14.000Z",
"modified": "2017-03-10T19:55:14.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://198.50.137.173/a.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a3-0de8-4565-aeca-44f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:15.000Z",
"modified": "2017-03-10T19:55:15.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://201.130.72.171/andac.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a4-b17c-411a-bd19-4f5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:16.000Z",
"modified": "2017-03-10T19:55:16.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://worldnit.com/miracle.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a6-858c-4afc-b6a7-437202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:18.000Z",
"modified": "2017-03-10T19:55:18.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://www.amspeconline.com/123/nana.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a7-4d6c-427a-bbaf-4f9402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:19.000Z",
"modified": "2017-03-10T19:55:19.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://198.50.137.173/b.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a8-c404-4758-97fe-413602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:20.000Z",
"modified": "2017-03-10T19:55:20.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://31.184.234.74/crypted/1080qw.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304a9-b9c4-434e-a2d8-44e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:21.000Z",
"modified": "2017-03-10T19:55:21.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://alonqood.com/abacom.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304aa-4814-4706-b5e5-43e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:22.000Z",
"modified": "2017-03-10T19:55:22.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://alonqood.com/ezeke.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ab-9e88-4d87-9ae0-405102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:23.000Z",
"modified": "2017-03-10T19:55:23.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://alonqood.com/lumia.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ac-5944-4807-88fe-4e2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:24.000Z",
"modified": "2017-03-10T19:55:24.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://alonqood.com/nano.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ad-4710-4d73-8360-425202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:25.000Z",
"modified": "2017-03-10T19:55:25.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://alonqood.com/obi.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ae-00e0-4b1a-aba4-4c2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:26.000Z",
"modified": "2017-03-10T19:55:26.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://snthostings.com/billing//includes/db/dannyfinal.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304af-1238-447c-bb08-4ec602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:27.000Z",
"modified": "2017-03-10T19:55:27.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://worldnit.com/abu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b0-c6ac-4eb8-b740-432002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:28.000Z",
"modified": "2017-03-10T19:55:28.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://worldnit.com/guyo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b1-9ad0-4227-ac10-485c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:29.000Z",
"modified": "2017-03-10T19:55:29.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://worldnit.com/vc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b2-933c-4d7e-83e4-443502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:30.000Z",
"modified": "2017-03-10T19:55:30.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://www.amspeconline.com/123/nach.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b3-a7b4-4182-9f5d-496e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:31.000Z",
"modified": "2017-03-10T19:55:31.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://www.amspeconline.com/123/nazy.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b4-c8dc-41c1-a481-46af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:32.000Z",
"modified": "2017-03-10T19:55:32.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'http://www.macwizinfo.com/zap/manage/may2.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b5-c070-4eee-b76e-41db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:33.000Z",
"modified": "2017-03-10T19:55:33.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'https://a.pomf.cat/bvudaf.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304b6-da1c-4692-8f4c-4da302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:34.000Z",
"modified": "2017-03-10T19:55:34.000Z",
"description": "Downloader DFSP DPL",
"pattern": "[url:value = 'https://a.pomf.cat/qebhhu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304c9-501c-4f71-bcda-4b3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:53.000Z",
"modified": "2017-03-10T19:55:53.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://93.174.94.135/~kali/ketty.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ca-c8e4-483d-a5c7-4fc302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:54.000Z",
"modified": "2017-03-10T19:55:54.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://94.102.52.13/~yahoo/stchost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304cb-01ec-454b-992a-4e1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:55.000Z",
"modified": "2017-03-10T19:55:55.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://93.174.94.137/~rama/jusched.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304cc-90f8-4ec0-bea1-4c5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:56.000Z",
"modified": "2017-03-10T19:55:56.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://94.102.52.13/~harvy/scvhost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304cd-56b4-4a7c-b09a-461802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:57.000Z",
"modified": "2017-03-10T19:55:57.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://10.10.01.10/bahoo/stchost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c304ce-f654-4fb5-9073-464b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:55:58.000Z",
"modified": "2017-03-10T19:55:58.000Z",
"description": "Downloader DFSP 2X",
"pattern": "[url:value = 'http://93.174.94.135/~harvy/verfgt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:55:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30558-3a64-4a4e-8a62-490302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:16.000Z",
"modified": "2017-03-10T19:58:16.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://95.211.139.88:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30559-a8f8-488f-bdca-402602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:17.000Z",
"modified": "2017-03-10T19:58:17.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://46.101.90.248:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30559-a8f8-4350-aa7b-458702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:17.000Z",
"modified": "2017-03-10T19:58:17.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://microsoft-update7.myvnc.com:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3055a-6a84-4e22-a6a9-4e2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:18.000Z",
"modified": "2017-03-10T19:58:18.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://145.131.7.190:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3055c-19bc-4f16-b6d7-403802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:20.000Z",
"modified": "2017-03-10T19:58:20.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://52.39.227.108:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3055d-9e58-4fa5-99d2-4f8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:21.000Z",
"modified": "2017-03-10T19:58:21.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://vanesa.ddns.net:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3055e-8648-4315-a471-422102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:22.000Z",
"modified": "2017-03-10T19:58:22.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://polygon.1dn0.xyz/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3055f-c210-41ab-b60c-447b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:23.000Z",
"modified": "2017-03-10T19:58:23.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://159.203.18.172:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30560-ed78-41d4-9de5-466702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:24.000Z",
"modified": "2017-03-10T19:58:24.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://dsecti0n.gotdns.ch:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30561-63a8-47c6-9342-46cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:25.000Z",
"modified": "2017-03-10T19:58:25.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://69.20.66.229:9443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30562-b708-4088-8cc8-4cfc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:26.000Z",
"modified": "2017-03-10T19:58:26.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://50.3.74.72:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30563-5dd8-4f0d-874b-4bb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:27.000Z",
"modified": "2017-03-10T19:58:27.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://205.232.71.92:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30564-5bf8-468c-9eba-4bbc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:28.000Z",
"modified": "2017-03-10T19:58:28.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://hop.wellsfargolegal.com/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30565-c7dc-4ca0-ab43-41c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:29.000Z",
"modified": "2017-03-10T19:58:29.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://ciagov.gotdns.ch:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30566-2620-4a73-9635-4b8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:30.000Z",
"modified": "2017-03-10T19:58:30.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://chgvaswks045.efgz.efg.corp:888/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30567-c740-44b6-b34c-440c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:31.000Z",
"modified": "2017-03-10T19:58:31.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://ads.mygoogle-analytics.com:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30568-4748-4205-9f6e-4f8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:32.000Z",
"modified": "2017-03-10T19:58:32.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://84.200.84.185:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30569-7ac8-449f-8898-495d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:33.000Z",
"modified": "2017-03-10T19:58:33.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://84.14.146.74:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056a-b9b0-4723-84cb-442e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:34.000Z",
"modified": "2017-03-10T19:58:34.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://66.11.115.25:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056b-98c8-4ad4-8fa3-46fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:35.000Z",
"modified": "2017-03-10T19:58:35.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://64.137.176.174:12345/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056c-a288-4291-ace8-430f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:36.000Z",
"modified": "2017-03-10T19:58:36.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://52.28.242.165:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056d-7044-4a58-96a7-4ca702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:37.000Z",
"modified": "2017-03-10T19:58:37.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://52.19.131.17:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056e-744c-4286-bf99-470302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:38.000Z",
"modified": "2017-03-10T19:58:38.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://23.239.12.15:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3056f-d424-4ac5-8514-443b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:39.000Z",
"modified": "2017-03-10T19:58:39.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://212.99.114.202:443/count.php?user=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30570-88d4-4aa8-9f16-413e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:40.000Z",
"modified": "2017-03-10T19:58:40.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://188.68.59.11:8081/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30571-b920-4b2f-a0e9-47b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:41.000Z",
"modified": "2017-03-10T19:58:41.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://185.117.72.45:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30572-eee8-4e68-bc98-4fa102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:42.000Z",
"modified": "2017-03-10T19:58:42.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://163.172.175.132:8089/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30573-2f08-477e-9bb4-49bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:43.000Z",
"modified": "2017-03-10T19:58:43.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://159.203.89.248:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30574-dd58-47c1-83e9-436f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:44.000Z",
"modified": "2017-03-10T19:58:44.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://14.144.144.66:8081/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30575-a420-4f56-ad1e-4c6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:45.000Z",
"modified": "2017-03-10T19:58:45.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://103.238.227.201:7788/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30576-2d68-490b-9782-443502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:46.000Z",
"modified": "2017-03-10T19:58:46.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://www.enterprizehost.com:9443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30577-9b18-4551-b0f0-4ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:47.000Z",
"modified": "2017-03-10T19:58:47.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://sixeight.av-update.com:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30578-a908-4d42-8494-43ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:48.000Z",
"modified": "2017-03-10T19:58:48.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://remote-01.web-access.us/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30579-e658-4b3b-b503-488802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:49.000Z",
"modified": "2017-03-10T19:58:49.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://msauth.net/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057a-e8a4-4748-bcd4-47e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:50.000Z",
"modified": "2017-03-10T19:58:50.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://metrowifi.no-ip.org:8443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057b-6bc4-4e0f-8e56-442f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:51.000Z",
"modified": "2017-03-10T19:58:51.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://megalon.trustwave.com:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057c-8220-450c-af01-48a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:52.000Z",
"modified": "2017-03-10T19:58:52.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://mail.microsoft-invites.com/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057d-b430-4db6-9357-40f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:53.000Z",
"modified": "2017-03-10T19:58:53.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://logexpert.eu/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057e-9d70-4993-8062-45b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:54.000Z",
"modified": "2017-03-10T19:58:54.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://host-101.ipsec.io/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3057f-9d18-4940-ab3b-41b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:55.000Z",
"modified": "2017-03-10T19:58:55.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://93.176.84.45:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30580-aaa4-4f2e-8d52-4f4a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:56.000Z",
"modified": "2017-03-10T19:58:56.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://93.176.84.34:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30581-48cc-4a37-9192-48e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:57.000Z",
"modified": "2017-03-10T19:58:57.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://66.60.224.82:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30582-01f0-4220-8197-4cf902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:58.000Z",
"modified": "2017-03-10T19:58:58.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://66.192.70.39:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30583-7d94-4660-9fd7-49f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:58:59.000Z",
"modified": "2017-03-10T19:58:59.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://66.192.70.38:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:58:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30584-512c-4f30-9354-43a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:00.000Z",
"modified": "2017-03-10T19:59:00.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://52.86.125.177:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30585-1ce0-4744-99fd-403a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:01.000Z",
"modified": "2017-03-10T19:59:01.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://50.251.57.67:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30586-ac80-489a-a854-46d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:02.000Z",
"modified": "2017-03-10T19:59:02.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://46.101.203.156:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30587-b3c4-4c82-902c-402802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:03.000Z",
"modified": "2017-03-10T19:59:03.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://46.101.185.146:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30588-8bc8-4215-bf80-4e6302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:04.000Z",
"modified": "2017-03-10T19:59:04.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://45.63.109.205:8443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30589-e01c-4fea-aa07-45a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:05.000Z",
"modified": "2017-03-10T19:59:05.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://172.30.18.11:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058a-3864-4e5e-8c38-47fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:06.000Z",
"modified": "2017-03-10T19:59:06.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://146.148.58.157:8088/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058b-ec7c-4443-9f42-4a3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:07.000Z",
"modified": "2017-03-10T19:59:07.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://108.61.211.36/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058c-d198-430e-90d4-497d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:08.000Z",
"modified": "2017-03-10T19:59:08.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://107.170.132.24:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058d-6d40-4007-98d9-4e9a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:09.000Z",
"modified": "2017-03-10T19:59:09.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'https://104.131.182.177:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058e-8054-4a05-ac3e-486902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:10.000Z",
"modified": "2017-03-10T19:59:10.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://sparta34.no-ip.biz:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3058f-7eb4-4ecb-99e0-451502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:11.000Z",
"modified": "2017-03-10T19:59:11.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://securetx.ddns.net:3333/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30590-f6cc-493a-9449-470d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:12.000Z",
"modified": "2017-03-10T19:59:12.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://pie32.mooo.com:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30591-fffc-4f77-83a0-46a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:13.000Z",
"modified": "2017-03-10T19:59:13.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://m.jdirving.email:21/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30592-d8cc-40aa-be53-4e4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:14.000Z",
"modified": "2017-03-10T19:59:14.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://kooks.ddns.net:4444:4444/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30593-2e38-4640-a08d-4d1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:15.000Z",
"modified": "2017-03-10T19:59:15.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://kernel32.ddns.net:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30594-70cc-4cfa-98c0-4c4302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:16.000Z",
"modified": "2017-03-10T19:59:16.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://home.rzepka.se/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30595-69b4-470f-a741-4b5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:17.000Z",
"modified": "2017-03-10T19:59:17.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://192.ho4x.com:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30596-fbc4-4735-a5dc-487402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:18.000Z",
"modified": "2017-03-10T19:59:18.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://ec2-35-167-185-55.us-west-2.compute.amazonaws.com:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30597-d934-4766-ac02-423c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:19.000Z",
"modified": "2017-03-10T19:59:19.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://amazonsdeliveries.com/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30597-31dc-42e1-b3b9-4e5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:19.000Z",
"modified": "2017-03-10T19:59:19.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://ahyses.ddns.net:4444/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30598-6c34-453a-8037-40f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:20.000Z",
"modified": "2017-03-10T19:59:20.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://98.103.103.170:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30599-f630-4d25-904c-4d9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:21.000Z",
"modified": "2017-03-10T19:59:21.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://98.103.103.168:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059a-97b0-4e23-9a60-498602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:22.000Z",
"modified": "2017-03-10T19:59:22.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://93.187.43.200:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059b-26cc-4df5-a15b-4b9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:23.000Z",
"modified": "2017-03-10T19:59:23.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://84.200.2.13:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059b-4d10-4dda-855e-4f5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:23.000Z",
"modified": "2017-03-10T19:59:23.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://78.229.133.134:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059c-8b7c-4097-ad97-46d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:24.000Z",
"modified": "2017-03-10T19:59:24.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://68.66.9.76/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059d-52ac-4f53-ac9e-4a5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:25.000Z",
"modified": "2017-03-10T19:59:25.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://52.36.245.145:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059e-3490-4e62-9870-40c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:26.000Z",
"modified": "2017-03-10T19:59:26.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://52.28.250.99:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3059f-3c3c-4e9b-9fe0-497f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:27.000Z",
"modified": "2017-03-10T19:59:27.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://52.196.119.113:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a0-8124-41e9-844d-4fa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:28.000Z",
"modified": "2017-03-10T19:59:28.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://50.251.57.67:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a1-8c64-44cb-86d7-45ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:29.000Z",
"modified": "2017-03-10T19:59:29.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://47.88.17.109:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a2-f4b8-44b6-b8ea-4c1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:30.000Z",
"modified": "2017-03-10T19:59:30.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://46.246.87.205/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a3-8c74-497e-9f50-41d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:31.000Z",
"modified": "2017-03-10T19:59:31.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://41.230.232.65:5552:5552/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a4-6e18-4919-aa4d-437902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:32.000Z",
"modified": "2017-03-10T19:59:32.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://24.111.1.135:22/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a5-f988-4801-9ee9-4fa502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:33.000Z",
"modified": "2017-03-10T19:59:33.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://23.116.90.9:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a6-f868-4c54-9f5a-47a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:34.000Z",
"modified": "2017-03-10T19:59:34.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://222.230.139.166:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a7-bcc4-4be2-b178-446302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:35.000Z",
"modified": "2017-03-10T19:59:35.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://197.85.191.186:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a7-b1ac-489d-b7cf-4d7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:35.000Z",
"modified": "2017-03-10T19:59:35.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://197.85.191.186:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a8-e864-4858-9e53-434002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:36.000Z",
"modified": "2017-03-10T19:59:36.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://192.241.129.69:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305a9-8cb8-4583-9777-447502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:37.000Z",
"modified": "2017-03-10T19:59:37.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://191.101.31.118:8081/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305aa-290c-4209-8acf-487b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:38.000Z",
"modified": "2017-03-10T19:59:38.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://187.228.46.144:8888/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305ab-9ed8-4c35-b47c-490502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:39.000Z",
"modified": "2017-03-10T19:59:39.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://187.177.151.80:12345/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305ac-4230-422e-bd08-411a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:40.000Z",
"modified": "2017-03-10T19:59:40.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://166.78.124.106:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305ad-72d0-420a-9197-46a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:41.000Z",
"modified": "2017-03-10T19:59:41.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://163.172.151.90:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305ae-e854-4040-b8fd-4dc302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:42.000Z",
"modified": "2017-03-10T19:59:42.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://149.56.178.124:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305af-ebf4-48ac-8b99-409102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:43.000Z",
"modified": "2017-03-10T19:59:43.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://139.59.12.202:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b0-b98c-429e-92fa-49e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:44.000Z",
"modified": "2017-03-10T19:59:44.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:500/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b1-cc30-41a5-b3e7-429702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:45.000Z",
"modified": "2017-03-10T19:59:45.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3138/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b2-26fc-4127-a66a-468d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:46.000Z",
"modified": "2017-03-10T19:59:46.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3137/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b2-fec4-4616-9ee1-4a5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:46.000Z",
"modified": "2017-03-10T19:59:46.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3136/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b3-6384-4940-970a-4dbc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:47.000Z",
"modified": "2017-03-10T19:59:47.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3135/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b4-3cf4-4d47-9efa-465a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:48.000Z",
"modified": "2017-03-10T19:59:48.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3133/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b5-1470-4afa-b1ac-49e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:49.000Z",
"modified": "2017-03-10T19:59:49.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://138.121.170.12:3031/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b6-8cdc-4723-b84f-4f5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:50.000Z",
"modified": "2017-03-10T19:59:50.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://137.117.188.120:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b7-f698-4026-8cdd-427f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:51.000Z",
"modified": "2017-03-10T19:59:51.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://11.79.40.53:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b7-df6c-4aa5-bd52-435702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:51.000Z",
"modified": "2017-03-10T19:59:51.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://108.61.217.22:443/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b8-fd00-4154-a70c-443b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:52.000Z",
"modified": "2017-03-10T19:59:52.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://104.233.102.23:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305b9-f6b8-4c16-8b50-44d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:53.000Z",
"modified": "2017-03-10T19:59:53.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://104.145.225.3:8081/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305ba-a070-45fc-821c-4c9102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:54.000Z",
"modified": "2017-03-10T19:59:54.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://104.131.154.119:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305bb-aaa0-46c0-88c4-496d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:55.000Z",
"modified": "2017-03-10T19:59:55.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://104.130.51.215:80/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c305bb-c840-4625-b8ac-4ad202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T19:59:55.000Z",
"modified": "2017-03-10T19:59:55.000Z",
"description": "PowerShell Empire",
"pattern": "[url:value = 'http://100.100.100.100:8080/index.asp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T19:59:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30603-1cbc-4ef1-9685-44c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:07.000Z",
"modified": "2017-03-10T20:01:07.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://94.102.53.238/~yahoo/csrsv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30604-9ff8-4de8-950f-431002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:08.000Z",
"modified": "2017-03-10T20:01:08.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://89.248.170.218/~yahoo/csrsv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30605-781c-4fd9-8f41-4c7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:09.000Z",
"modified": "2017-03-10T20:01:09.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://94.102.58.30/~trevor/winx64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30605-0b8c-4739-8b68-461102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:09.000Z",
"modified": "2017-03-10T20:01:09.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://80.82.64.45/~yakar/msvmonr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30606-be0c-4d62-ac0d-420f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:10.000Z",
"modified": "2017-03-10T20:01:10.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://89.248.166.140/~zebra/iesecv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30607-9b68-493b-a7ae-401e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:11.000Z",
"modified": "2017-03-10T20:01:11.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://cajos.in/0x/1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30608-5b9c-4ae9-a4e8-409b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:12.000Z",
"modified": "2017-03-10T20:01:12.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://93.174.94.137/~karma/scvhost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30609-4af4-44df-a1d5-484f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:13.000Z",
"modified": "2017-03-10T20:01:13.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl7.data.hu/get/0/9507148/Patload.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060a-c508-4119-99e0-451402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:14.000Z",
"modified": "2017-03-10T20:01:14.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://nikil.tk/p1/Pa_001.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060b-fcd4-4d56-978e-4be402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:15.000Z",
"modified": "2017-03-10T20:01:15.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.45.193.17/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060c-84b0-4757-915f-424502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:16.000Z",
"modified": "2017-03-10T20:01:16.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.27.28/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060d-e590-4f17-97f6-4b5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:17.000Z",
"modified": "2017-03-10T20:01:17.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/xsakpo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060e-f64c-4503-a8a0-4db402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:18.000Z",
"modified": "2017-03-10T20:01:18.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.27.35/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3060f-a8d0-49c1-9b60-415502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:19.000Z",
"modified": "2017-03-10T20:01:19.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.macwizinfo.com/updates/anna.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30610-c99c-40c5-a9d3-4b2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:20.000Z",
"modified": "2017-03-10T20:01:20.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/opera.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30611-f9c4-4529-a937-488f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:21.000Z",
"modified": "2017-03-10T20:01:21.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://doc.cherrycoffeeequipment.com/nw/logo.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30612-79f8-4366-8f25-43e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:22.000Z",
"modified": "2017-03-10T20:01:22.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.25.142/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30613-9398-4630-b5a7-41b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:23.000Z",
"modified": "2017-03-10T20:01:23.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.117.75.43/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30614-1320-494e-9c7f-4efe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:24.000Z",
"modified": "2017-03-10T20:01:24.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.106.122.64/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30614-5cdc-469c-a9e8-438102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:24.000Z",
"modified": "2017-03-10T20:01:24.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.25.243/file.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30615-8838-40ba-9301-480a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:25.000Z",
"modified": "2017-03-10T20:01:25.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.27.32/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30615-7608-4bee-a4e3-4e9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:25.000Z",
"modified": "2017-03-10T20:01:25.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.141.27.34/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30616-6e50-48ba-85f0-40d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:26.000Z",
"modified": "2017-03-10T20:01:26.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://andersonken4791.pserver.ru/doc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30617-78d8-43b1-832f-46b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:27.000Z",
"modified": "2017-03-10T20:01:27.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://boisedelariviere.com/backup/css/newconfig.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30618-4740-4fe7-87b3-43ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:28.000Z",
"modified": "2017-03-10T20:01:28.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://brokelimiteds.in/wp-admin/css/upload/Order.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30618-6b28-444d-984c-4e0902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:28.000Z",
"modified": "2017-03-10T20:01:28.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl7.data.hu/get/0/9499830/money.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30619-38e8-4b79-929d-49dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:29.000Z",
"modified": "2017-03-10T20:01:29.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://fetzhost.net/files/044ae4aa5e0f2e8df02bd41bdc2670b0.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30619-1edc-4cab-9c02-415902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:29.000Z",
"modified": "2017-03-10T20:01:29.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://hnng.moe/f/InX']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061a-c500-4983-b816-498b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:30.000Z",
"modified": "2017-03-10T20:01:30.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://hnng.moe/f/Iot']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061a-f814-4a4f-a990-4d1702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:30.000Z",
"modified": "2017-03-10T20:01:30.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://labid.com.my/m/m1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061b-269c-4d0b-abe9-4d6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:31.000Z",
"modified": "2017-03-10T20:01:31.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://labid.com.my/power/powex.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061b-527c-4e15-bcef-470c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:31.000Z",
"modified": "2017-03-10T20:01:31.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://labid.com.my/spe/spendy.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061c-7c9c-4abf-b2d8-4e1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:32.000Z",
"modified": "2017-03-10T20:01:32.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://lvrxd.3eeweb.com/nano/Calculator.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061d-4bd0-4301-8441-432402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:33.000Z",
"modified": "2017-03-10T20:01:33.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://matkalv.5gbfree.com/loso/fasoo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061e-6460-4c89-80a8-487102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:34.000Z",
"modified": "2017-03-10T20:01:34.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://net.gethost.pw/windro.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061e-4ad4-4ba9-b46d-4f2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:34.000Z",
"modified": "2017-03-10T20:01:34.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://nikil.tk/i1/iz_001.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061f-6470-4051-b459-4ac002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:35.000Z",
"modified": "2017-03-10T20:01:35.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://rgho.st/68lJcGFLW']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3061f-2e1c-4cc6-998a-4fe802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:35.000Z",
"modified": "2017-03-10T20:01:35.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://rgho.st/6hrkjYlX4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30620-9178-4ba5-8450-421b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:36.000Z",
"modified": "2017-03-10T20:01:36.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://toxicsolutions.ru/upload/praisefud.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30620-6678-43db-8b36-489702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:36.000Z",
"modified": "2017-03-10T20:01:36.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/KUKU.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30620-b4a4-446d-a5fd-45eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:36.000Z",
"modified": "2017-03-10T20:01:36.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/kundelo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30621-0a58-4fa7-a723-4a8102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:37.000Z",
"modified": "2017-03-10T20:01:37.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/operamini.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30621-4a4c-4f0e-a522-415702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:37.000Z",
"modified": "2017-03-10T20:01:37.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.wealthandhealthops.com/modules/mod_easyblogquickpost/lawdsijdoef.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30622-e56c-49b3-a7bc-483902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:38.000Z",
"modified": "2017-03-10T20:01:38.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/drktzz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30623-6090-48c3-80da-48e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:39.000Z",
"modified": "2017-03-10T20:01:39.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/dwnysn.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30624-bb30-4aef-ad95-42b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:40.000Z",
"modified": "2017-03-10T20:01:40.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/hsmqrh.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30624-20b4-4731-bb39-454002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:40.000Z",
"modified": "2017-03-10T20:01:40.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/mjnspx.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30625-f13c-45d7-b693-4bf802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:41.000Z",
"modified": "2017-03-10T20:01:41.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/pabfzv.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30625-bec4-46d8-80e4-4edc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:41.000Z",
"modified": "2017-03-10T20:01:41.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/qolcls.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30626-f024-4934-82c9-47e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:42.000Z",
"modified": "2017-03-10T20:01:42.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/tpaesb.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30626-cbbc-4826-8976-46fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:42.000Z",
"modified": "2017-03-10T20:01:42.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/ultxkr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30627-2660-4ffe-81ec-430302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:43.000Z",
"modified": "2017-03-10T20:01:43.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/vhcwbo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30627-5220-405d-b0da-442802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:43.000Z",
"modified": "2017-03-10T20:01:43.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/vjadwb.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30628-ccc0-4d39-857a-496302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:44.000Z",
"modified": "2017-03-10T20:01:44.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/wopkwj.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30628-a9b0-4a17-b617-423502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:44.000Z",
"modified": "2017-03-10T20:01:44.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/yspcsr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30629-f264-43f8-b8c4-432c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:45.000Z",
"modified": "2017-03-10T20:01:45.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://www.dropbox.com/s/gx6kxkfi7ky2j6f/Dropbox.exe?dl=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30629-b354-46b9-8358-474c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:45.000Z",
"modified": "2017-03-10T20:01:45.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://www.dropbox.com/s/gx6kxkfi7ky2j6f/Dropbox.exe?dl=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062a-0e10-47b0-9bb6-42b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:46.000Z",
"modified": "2017-03-10T20:01:46.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.106.122.62/file.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062b-6f34-4519-a43d-4eb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:47.000Z",
"modified": "2017-03-10T20:01:47.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://185.45.193.169/update.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062b-75a4-4847-ac49-4a6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:47.000Z",
"modified": "2017-03-10T20:01:47.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://aircraftpns.com/_layout/images/sysmonitor.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062c-a848-4693-8860-416e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:48.000Z",
"modified": "2017-03-10T20:01:48.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://allbestunlockerpro.com/flash.player.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062c-b068-446e-a6b5-419902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:48.000Z",
"modified": "2017-03-10T20:01:48.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://anonfile.xyz/f/3d0a4fb54941eb10214f3c1a5fb3ed99.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062d-4108-4f56-918c-47f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:49.000Z",
"modified": "2017-03-10T20:01:49.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://anonfile.xyz/f/921e1b3c55168c2632318b6d22a7bfe6.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062d-b03c-43f0-bfa9-498d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:49.000Z",
"modified": "2017-03-10T20:01:49.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://brokelimiteds.in/wp-admin/css/upload/ken1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062f-ef68-4a16-ad9e-430602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:51.000Z",
"modified": "2017-03-10T20:01:51.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://danhviet.com.vn/app/p2.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3062f-5174-4139-bcfd-471302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:51.000Z",
"modified": "2017-03-10T20:01:51.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://danhviet.com.vn/z/v/doc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30630-1eac-42ca-99d5-435d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:52.000Z",
"modified": "2017-03-10T20:01:52.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://daratad.5gbfree.com/uses/word.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30630-fa70-42be-a71b-467602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:52.000Z",
"modified": "2017-03-10T20:01:52.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl2.data.hu/get/0/9589621/k000.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30631-30f4-4a18-bf64-455702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:53.000Z",
"modified": "2017-03-10T20:01:53.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl3.data.hu/get/0/9535517/yhaooo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30632-8b90-42b6-93ad-451f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:53.000Z",
"modified": "2017-03-10T20:01:53.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl3.data.hu/get/0/9551162/ske.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30633-1020-4ccd-91ce-44f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:54.000Z",
"modified": "2017-03-10T20:01:54.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://ddl7.data.hu/get/0/9552103/PFIfdp.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30633-8e54-47b8-b28f-4abc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:55.000Z",
"modified": "2017-03-10T20:01:55.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://getlohnumceders.honor.es/kimt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30634-18ac-4e15-b27c-40de02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:56.000Z",
"modified": "2017-03-10T20:01:56.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://hinrichsen.de/assets/win1/win1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30635-d264-48f7-8806-431402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:57.000Z",
"modified": "2017-03-10T20:01:57.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://icbg-iq.com/Scripts/kinetics/categories/3rmax.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30635-5380-4945-9f4a-4e5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:57.000Z",
"modified": "2017-03-10T20:01:57.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://khoun-legal.com/download/ctob.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30636-4bac-4e22-a14d-401502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:58.000Z",
"modified": "2017-03-10T20:01:58.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://kiana.com/flowplayer/aquafresh.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30636-4de0-49b0-b6fb-4ea602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:58.000Z",
"modified": "2017-03-10T20:01:58.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://kiana.com/flowplayer/aquafresh.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30637-c948-4017-b818-457c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:01:59.000Z",
"modified": "2017-03-10T20:01:59.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://matkalv.5gbfree.com/calab/calafile.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30638-e680-40f5-85c8-446002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:00.000Z",
"modified": "2017-03-10T20:02:00.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://matkalv.5gbfree.com/noza/odeee.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30638-8cac-4bf0-b8e8-46e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:00.000Z",
"modified": "2017-03-10T20:02:00.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://matkalv.5gbfree.com/owee/owe.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30638-27d8-4dbd-b925-42d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:00.000Z",
"modified": "2017-03-10T20:02:00.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://matkalv.5gbfree.com/vosa/doc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30639-34c8-4795-aa8d-4a3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:01.000Z",
"modified": "2017-03-10T20:02:01.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://nikil.tk/b1/bo_001.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30639-7278-40df-adc1-458902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:01.000Z",
"modified": "2017-03-10T20:02:01.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://nikil.tk/k1/ik_001.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063a-3500-42c2-9728-401602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:02.000Z",
"modified": "2017-03-10T20:02:02.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://sukem.zapto.org/word.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063a-f32c-4911-939c-490a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:02.000Z",
"modified": "2017-03-10T20:02:02.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://trolda.5gbfree.com/fosee/doc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063b-950c-4462-a1f2-496102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:03.000Z",
"modified": "2017-03-10T20:02:03.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/aba.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063b-abc8-4f21-80fe-458a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:03.000Z",
"modified": "2017-03-10T20:02:03.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/abacoss.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063c-0034-43f6-8062-4a9102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:04.000Z",
"modified": "2017-03-10T20:02:04.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/abuchi.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063c-eccc-46cd-b57f-4db002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:04.000Z",
"modified": "2017-03-10T20:02:04.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/com.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063d-3cdc-4f48-b8cd-4efa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:05.000Z",
"modified": "2017-03-10T20:02:05.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/compu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063d-9d84-4e84-bcf3-4cab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:05.000Z",
"modified": "2017-03-10T20:02:05.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/comu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063e-3cac-4db2-84c0-486102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:06.000Z",
"modified": "2017-03-10T20:02:06.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/firefox32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063f-e838-4fe3-8868-4efe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:07.000Z",
"modified": "2017-03-10T20:02:07.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/igbo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3063f-9fdc-412e-9861-414102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:07.000Z",
"modified": "2017-03-10T20:02:07.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/immo.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30640-1414-406d-ab1b-483302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:08.000Z",
"modified": "2017-03-10T20:02:08.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/kele.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30640-0e94-401d-a112-48db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:08.000Z",
"modified": "2017-03-10T20:02:08.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/kelle.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30641-4a84-4be4-a373-4cb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:09.000Z",
"modified": "2017-03-10T20:02:09.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/kells.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30642-2f14-4658-8ecc-480f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:10.000Z",
"modified": "2017-03-10T20:02:10.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/nigga.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30643-61a4-428b-a33f-422f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:11.000Z",
"modified": "2017-03-10T20:02:11.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/office.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30643-dde8-44c8-9649-4ae702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:11.000Z",
"modified": "2017-03-10T20:02:11.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/pony.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30644-8e88-4fcf-8aa7-4ed202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:12.000Z",
"modified": "2017-03-10T20:02:12.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/seccrypt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30645-6bac-4b95-9849-40db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:12.000Z",
"modified": "2017-03-10T20:02:12.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://worldnit.com/sect.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30645-0dd8-4b82-b20a-4df602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:13.000Z",
"modified": "2017-03-10T20:02:13.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.athensheartcenter.com/crm/cgi-bin/lnm.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30646-6e0c-4a32-8d07-4ae502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:14.000Z",
"modified": "2017-03-10T20:02:14.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.bryonz.com/emotions/files/lnwe.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30646-a9e0-4ecb-aaba-48ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:14.000Z",
"modified": "2017-03-10T20:02:14.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.fluidsystems.ml/P1/Pa_001.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30647-2844-4319-bc3b-447e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:15.000Z",
"modified": "2017-03-10T20:02:15.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.macwizinfo.com/updates/eter.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30648-30f8-41a6-a9dd-4a7202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:16.000Z",
"modified": "2017-03-10T20:02:16.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.matrimonioadvisor.it/pariglia.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30648-d464-44f9-bee9-4c0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:16.000Z",
"modified": "2017-03-10T20:02:16.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.matrimonioadvisor.it/pariglia.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c30649-c284-409d-8890-437102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:17.000Z",
"modified": "2017-03-10T20:02:17.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.pelicanlinetravels.com/images/xvcbkty.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064a-7a4c-4e6c-83d8-443202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:18.000Z",
"modified": "2017-03-10T20:02:18.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.telemedia.co.za/wp-content/ozone/slim.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064a-4fc8-49fe-8e35-4f4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:18.000Z",
"modified": "2017-03-10T20:02:18.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.wealthandhealthops.com/modules/mod_easybloglist/kntgszu.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064b-1168-484a-83da-48ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:19.000Z",
"modified": "2017-03-10T20:02:19.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'http://www.wvhmedicine.ru/1/P2.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064b-3368-435b-9771-462d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:19.000Z",
"modified": "2017-03-10T20:02:19.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://1fichier.com/?hfshjhm0yf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064c-c0c0-4fc0-9837-4f7202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:20.000Z",
"modified": "2017-03-10T20:02:20.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://1fichier.com/?v8w3g736hj']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064c-f154-4ce6-bf4e-4fc002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:20.000Z",
"modified": "2017-03-10T20:02:20.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/jfyywz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064d-1c28-4756-a978-44d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:21.000Z",
"modified": "2017-03-10T20:02:21.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/klckcp.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064d-6f98-4aa1-b69e-450602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:21.000Z",
"modified": "2017-03-10T20:02:21.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://a.pomf.cat/yhggkj.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064e-02c0-4f1a-a93f-440902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:22.000Z",
"modified": "2017-03-10T20:02:22.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://dryversdocumentgritsettings.com/javaupdat3s2016.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064e-e54c-41a3-bb19-4dc702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:22.000Z",
"modified": "2017-03-10T20:02:22.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://megadl.fr/?b5r5bstqd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c3064f-d348-4403-88a2-42dd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-10T20:02:23.000Z",
"modified": "2017-03-10T20:02:23.000Z",
"description": "Downloader DFSP",
"pattern": "[url:value = 'https://srv-file1.gofile.io/download/SJLKaG/84.200.65.20/wscript.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-10T20:02:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink