adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59f04995-3b8c-4cf0-b555-4b26950d210f.json

1914 lines
77 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59f04995-3b8c-4cf0-b555-4b26950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-22T21:19:35.000Z",
"modified": "2017-11-22T21:19:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59f04995-3b8c-4cf0-b555-4b26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-22T21:19:35.000Z",
"modified": "2017-11-22T21:19:35.000Z",
"name": "OSINT - Return of Not Petya as Bad Rabbit Diskcoder, yes those two are the same!",
"published": "2017-12-28T13:20:09Z",
"object_refs": [
"observed-data--59f0499f-b1d4-4da8-898e-4056950d210f",
"url--59f0499f-b1d4-4da8-898e-4056950d210f",
"x-misp-attribute--59f05077-adb0-40d3-a7f1-406b950d210f",
"indicator--59f0509f-97d4-477e-9349-4cd1950d210f",
"indicator--59f054ab-fda4-41b0-98bb-457a950d210f",
"indicator--59f056b0-0130-4778-a935-4593950d210f",
"indicator--59f056b0-ad74-4138-b75d-4100950d210f",
"indicator--59f056b0-9f1c-4216-ad97-4547950d210f",
"indicator--59f056b0-dc48-4b00-964c-425e950d210f",
"indicator--59f056b0-c98c-4630-8693-4131950d210f",
"indicator--59f056b0-ba70-439d-832f-49f9950d210f",
"indicator--59f056b0-0534-45e3-8533-4f37950d210f",
"indicator--59f056b0-86a8-4522-b0b7-4f39950d210f",
"indicator--59f056b0-1820-4e76-bf84-4b93950d210f",
"indicator--59f056b0-dc18-40b2-b1d1-4f5a950d210f",
"indicator--59f056b0-bb20-4ef8-ac04-4d30950d210f",
"indicator--59f056b0-e7a4-4620-8d32-4243950d210f",
"indicator--59f056b0-b8c8-4c02-8cf2-4f33950d210f",
"indicator--59f056b0-4198-4cc7-ba10-4044950d210f",
"indicator--59f056b0-0de0-4ffa-b43c-42dd950d210f",
"indicator--59f056b0-50e0-4b30-bb61-444b950d210f",
"indicator--59f056b0-5458-4721-a46f-4f16950d210f",
"indicator--59f056b0-f094-46b2-b59c-4237950d210f",
"indicator--59f056b0-1ba4-48c5-8c9e-4fe2950d210f",
"indicator--59f056b0-4440-41f6-a67b-432d950d210f",
"indicator--59f056b0-1600-4266-b5d4-4c48950d210f",
"indicator--59f056b0-c92c-49ef-b325-40d5950d210f",
"indicator--59f056b0-facc-4b47-af46-4472950d210f",
"indicator--59f056b0-8c60-4747-94a1-4c6e950d210f",
"indicator--59f056b0-cea8-4272-81e4-4a85950d210f",
"indicator--59f056b0-c418-4b72-9235-4e3e950d210f",
"indicator--59f056b0-e228-43b5-8a7a-4492950d210f",
"indicator--59f056b0-66d8-46f9-8775-48f4950d210f",
"indicator--59f056b0-7a40-4389-a3bc-4767950d210f",
"indicator--59f056b0-b188-43f1-8a3f-42b3950d210f",
"indicator--59f056b0-0b30-4f0d-919a-41ad950d210f",
"indicator--59f056b0-ce74-4b3c-83bf-4dc5950d210f",
"indicator--59f056b0-3978-4bc4-9fe3-42eb950d210f",
"indicator--59f056b0-cea4-4fd4-b3df-4759950d210f",
"indicator--59f056b0-a4cc-4f30-9fe0-4b3b950d210f",
"indicator--59f056b1-8760-49d0-b8be-41ad950d210f",
"indicator--59f056b1-749c-4cd8-a045-426b950d210f",
"indicator--59f056b1-1ea8-475c-8c5c-479c950d210f",
"indicator--59f056b1-e470-463c-ac02-4e06950d210f",
"indicator--59f056b1-07b0-479c-9468-4d27950d210f",
"indicator--59f056b1-df04-4182-bb91-45be950d210f",
"indicator--59f056b1-4f9c-4f1e-8673-4e58950d210f",
"indicator--59f056b1-70c0-4fd3-abd4-4154950d210f",
"indicator--59f056b1-5370-4e58-9476-415f950d210f",
"indicator--59f056b1-a280-4719-97c4-4d98950d210f",
"indicator--59f056b1-8304-4c87-8bf6-4823950d210f",
"indicator--59f056b1-1030-43b1-9ce4-42a5950d210f",
"indicator--59f056b1-97e4-461a-a4da-4e97950d210f",
"indicator--59f056b1-3640-4eea-add8-4308950d210f",
"indicator--59f056b1-3c20-4cfd-8def-4845950d210f",
"indicator--59f056b1-865c-440e-a567-4377950d210f",
"indicator--59f056b1-c288-4de0-9948-44f2950d210f",
"indicator--59f056b1-a968-4587-9891-44fc950d210f",
"indicator--59f056b1-9920-4d2d-aaa2-4481950d210f",
"indicator--59f056b1-1a4c-429b-ac8b-4787950d210f",
"indicator--59f056b1-3f08-4989-9daa-43cb950d210f",
"indicator--59f056b1-ef38-427f-aa41-4f05950d210f",
"indicator--59f056b1-2c08-428c-94c5-4c41950d210f",
"indicator--59f060e2-cfec-4adb-8022-45e602de0b81",
"indicator--59f060e2-0ac0-4413-8fff-4c1202de0b81",
"observed-data--59f060e2-0138-472b-a46a-49a102de0b81",
"url--59f060e2-0138-472b-a46a-49a102de0b81",
"indicator--59f060e2-83b8-4fda-b325-415502de0b81",
"observed-data--59f060e2-4e28-44be-8e85-4da202de0b81",
"url--59f060e2-4e28-44be-8e85-4da202de0b81",
"indicator--59f060e2-1368-44be-932f-465602de0b81",
"indicator--59f060e2-dc68-4bf7-951d-422d02de0b81",
"observed-data--59f060e2-52b0-4714-824f-453202de0b81",
"url--59f060e2-52b0-4714-824f-453202de0b81",
"indicator--59f060e2-50b0-4fff-b4e7-4dbd02de0b81",
"indicator--59f060e2-5918-4e11-84aa-436a02de0b81",
"observed-data--59f060e2-2324-47b7-8233-4c2b02de0b81",
"url--59f060e2-2324-47b7-8233-4c2b02de0b81",
"indicator--59f060e2-fadc-4b4a-9639-48e602de0b81",
"indicator--59f060e2-5f18-4ceb-b975-499702de0b81",
"observed-data--59f060e2-f748-4b93-a714-4b7002de0b81",
"url--59f060e2-f748-4b93-a714-4b7002de0b81",
"indicator--59f0554c-76c4-42bb-9dbc-4fe9950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:ransomware=\"Bad Rabbit\"",
"misp-galaxy:preventive-measure=\"Backup and Restore Process\"",
"misp-galaxy:preventive-measure=\"Restrict Workstation Communication\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f0499f-b1d4-4da8-898e-4056950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"first_observed": "2017-10-25T10:01:05Z",
"last_observed": "2017-10-25T10:01:05Z",
"number_observed": 1,
"object_refs": [
"url--59f0499f-b1d4-4da8-898e-4056950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f0499f-b1d4-4da8-898e-4056950d210f",
"value": "https://mjolnirsecurity.com/return-of-not-petya-as-bad-rabbit-diskcoder-yes-those-two-are-the-same/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f05077-adb0-40d3-a7f1-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "After Wannacry and Petya/Not Petya/GoldenEye, its clear that Ukraine is a testing ground for everyone to try out their malware, program different variants and perfect before launching to target their final destination.\r\n\r\nToday, we have BadRabbit and DiskCoder. When we first read about them this morning, we thought they are two separate malwares. On deeper analysis, they are both the same."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f0509f-97d4-477e-9349-4cd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.149.120.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f054ab-fda4-41b0-98bb-457a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T09:08:59.000Z",
"modified": "2017-10-25T09:08:59.000Z",
"pattern": "[file:name = 'dispci.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T09:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-0130-4778-a935-4593950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = '1dnscontrol.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-ad74-4138-b75d-4100950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'an-crimea.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-9f1c-4216-ad97-4547950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'ankerch-crimea.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-dc48-4b00-964c-425e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'argumenti.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-c98c-4630-8693-4131950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'argumentiru.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-ba70-439d-832f-49f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'caforssztxqzf2nm.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-0534-45e3-8533-4f37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'da.id']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-86a8-4522-b0b7-4f39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'i24.com.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-1820-4e76-bf84-4b93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'most-dnepr.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-dc18-40b2-b1d1-4f5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'osvitaportal.com.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-bb20-4ef8-ac04-4d30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[domain-name:value = 'spbvoditel.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-e7a4-4620-8d32-4243950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[file:name = 'xhr.open']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-b8c8-4c02-8cf2-4f33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://185.149.120.3/scholargoogle/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-4198-4cc7-ba10-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://1dnscontrol.com/flash_install.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-0de0-4ffa-b43c-42dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://an-crimea.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-50e0-4b30-bb61-444b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://ankerch-crimea.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-5458-4721-a46f-4f16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://argumenti.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-f094-46b2-b59c-4237950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://argumentiru.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-1ba4-48c5-8c9e-4fe2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://bg.pensionhotel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-4440-41f6-a67b-432d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://blog.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-1600-4266-b5d4-4c48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://caforssztxqzf2nm.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-c92c-49ef-b325-40d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://calendar.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-facc-4b47-af46-4472950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://grupovo.bg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-8c60-4747-94a1-4c6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://i24.com.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-cea8-4272-81e4-4a85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://most-dnepr.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-c418-4b72-9235-4e3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://novayagazeta.spb.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-e228-43b5-8a7a-4492950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://osvitaportal.com.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-66d8-46f9-8775-48f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://spbvoditel.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-7a40-4389-a3bc-4767950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.aica.co.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-b188-43f1-8a3f-42b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-0b30-4f0d-919a-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.grupovo.bg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-ce74-4b3c-83bf-4dc5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.imer.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-3978-4bc4-9fe3-42eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.mediaport.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-cea4-4fd4-b3df-4759950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.online812.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b0-a4cc-4f30-9fe0-4b3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.otbrana.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-8760-49d0-b8be-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.pensionhotel.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-749c-4cd8-a045-426b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:05.000Z",
"modified": "2017-10-25T10:01:05.000Z",
"pattern": "[url:value = 'http://www.sinematurk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-1ea8-475c-8c5c-479c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[url:value = 'http://www.t.ks.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-e470-463c-ac02-4e06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'bg.pensionhotel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-07b0-479c-9468-4d27950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'blog.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-df04-4182-bb91-45be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'calendar.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-4f9c-4f1e-8673-4e58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'novayagazeta.spb.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-70c0-4fd3-abd4-4154950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.aica.co.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-5370-4e58-9476-415f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.fontanka.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-a280-4719-97c4-4d98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.grupovo.bg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-8304-4c87-8bf6-4823950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.imer.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-1030-43b1-9ce4-42a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.mediaport.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-97e4-461a-a4da-4e97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.online812.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-3640-4eea-add8-4308950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.otbrana.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-3c20-4cfd-8def-4845950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.pensionhotel.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-865c-440e-a567-4377950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.sinematurk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-c288-4de0-9948-44f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[domain-name:value = 'www.t.ks.ua']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-a968-4587-9891-44fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = '16605a4a29a101208457c47ebfde788487be788d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-9920-4d2d-aaa2-4481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = '413eba3973a15c1a6429d9f170f3e8287f98c21c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-1a4c-429b-ac8b-4787950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = '4f61e154230a64902ae035434690bf2b96b4e018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-3f08-4989-9daa-43cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = '79116fe99f2b421c52ef64097f0f39b815b20907']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-ef38-427f-aa41-4f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = 'afeee8b4acff87bc469a6f0364a81ae5d60a2add']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f056b1-2c08-428c-94c5-4c41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"pattern": "[file:hashes.SHA1 = 'de5c8d858e6e41da715dca1c019df0bfb92d32c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-cfec-4adb-8022-45e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: de5c8d858e6e41da715dca1c019df0bfb92d32c0",
"pattern": "[file:hashes.SHA256 = '630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-0ac0-4413-8fff-4c1202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: de5c8d858e6e41da715dca1c019df0bfb92d32c0",
"pattern": "[file:hashes.MD5 = 'fbbdc39af1139aebba4da004475e8839']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f060e2-0138-472b-a46a-49a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"first_observed": "2017-10-25T10:01:06Z",
"last_observed": "2017-10-25T10:01:06Z",
"number_observed": 1,
"object_refs": [
"url--59f060e2-0138-472b-a46a-49a102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f060e2-0138-472b-a46a-49a102de0b81",
"value": "https://www.virustotal.com/file/630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da/analysis/1508925094/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-83b8-4fda-b325-415502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: afeee8b4acff87bc469a6f0364a81ae5d60a2add",
"pattern": "[file:hashes.MD5 = 'b14d8faf7f0cbcfad051cefe5f39645f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f060e2-4e28-44be-8e85-4da202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"first_observed": "2017-10-25T10:01:06Z",
"last_observed": "2017-10-25T10:01:06Z",
"number_observed": 1,
"object_refs": [
"url--59f060e2-4e28-44be-8e85-4da202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f060e2-4e28-44be-8e85-4da202de0b81",
"value": "https://www.virustotal.com/file/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93/analysis/1508925088/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-1368-44be-932f-465602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 79116fe99f2b421c52ef64097f0f39b815b20907",
"pattern": "[file:hashes.SHA256 = '579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-dc68-4bf7-951d-422d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 79116fe99f2b421c52ef64097f0f39b815b20907",
"pattern": "[file:hashes.MD5 = '1d724f95c61f1055f0d02c2154bbccd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f060e2-52b0-4714-824f-453202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"first_observed": "2017-10-25T10:01:06Z",
"last_observed": "2017-10-25T10:01:06Z",
"number_observed": 1,
"object_refs": [
"url--59f060e2-52b0-4714-824f-453202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f060e2-52b0-4714-824f-453202de0b81",
"value": "https://www.virustotal.com/file/579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648/analysis/1508923756/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-50b0-4fff-b4e7-4dbd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 413eba3973a15c1a6429d9f170f3e8287f98c21c",
"pattern": "[file:hashes.SHA256 = '301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-5918-4e11-84aa-436a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 413eba3973a15c1a6429d9f170f3e8287f98c21c",
"pattern": "[file:hashes.MD5 = '347ac3b6b791054de3e5720a7144a977']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f060e2-2324-47b7-8233-4c2b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"first_observed": "2017-10-25T10:01:06Z",
"last_observed": "2017-10-25T10:01:06Z",
"number_observed": 1,
"object_refs": [
"url--59f060e2-2324-47b7-8233-4c2b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f060e2-2324-47b7-8233-4c2b02de0b81",
"value": "https://www.virustotal.com/file/301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c/analysis/1508918790/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-fadc-4b4a-9639-48e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 16605a4a29a101208457c47ebfde788487be788d",
"pattern": "[file:hashes.SHA256 = '2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f060e2-5f18-4ceb-b975-499702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"description": "- Xchecked via VT: 16605a4a29a101208457c47ebfde788487be788d",
"pattern": "[file:hashes.MD5 = '37945c44a897aa42a66adcab68f560e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T10:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f060e2-f748-4b93-a714-4b7002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T10:01:06.000Z",
"modified": "2017-10-25T10:01:06.000Z",
"first_observed": "2017-10-25T10:01:06Z",
"last_observed": "2017-10-25T10:01:06Z",
"number_observed": 1,
"object_refs": [
"url--59f060e2-f748-4b93-a714-4b7002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f060e2-f748-4b93-a714-4b7002de0b81",
"value": "https://www.virustotal.com/file/2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035/analysis/1508925098/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f0554c-76c4-42bb-9dbc-4fe9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-25T09:11:40.000Z",
"modified": "2017-10-25T09:11:40.000Z",
"pattern": "[file:hashes.SHA256 = '8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93' AND file:name = 'dispci.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-25T09:11:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink