{ "type": "bundle", "id": "bundle--1c4e9e86-eff3-485f-aa1d-1bff68101b14", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:58:16.000Z", "modified": "2020-12-10T12:58:16.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--1c4e9e86-eff3-485f-aa1d-1bff68101b14", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:58:16.000Z", "modified": "2020-12-10T12:58:16.000Z", "name": "OSINT - CobaltStrike C2s Dec2020_10", "published": "2020-12-10T12:58:29Z", "object_refs": [ "indicator--6247385e-d35b-4fd3-8c5c-baf2f84ec1ec", "indicator--b20a564e-edea-438a-ab8c-49ebf6ea252b", "indicator--d0baa683-497c-4b4c-a242-6b748b594795", "indicator--ad01ab3e-05cd-410f-ae6d-ad431b7c5391", "indicator--8c1cafb0-fabb-4e33-938e-a2fa092451d2", "indicator--69a13af3-13ad-4574-a97a-ec8ba5a8b385", "indicator--4ffa4e15-92de-43e4-912d-4cbd9b810095", "indicator--be0bc9b5-cb43-4e88-94a7-23fb0303cbc7", "indicator--42401926-71f9-4437-ab0c-642bf968f444", "indicator--1c801a83-ee84-4df1-9378-01c049e57b34", "indicator--b1e56d27-b249-4ec4-98cc-04c5928c67dc", "indicator--02ba5d76-f74d-4f06-9c12-0a047bcfff99", "indicator--e779c3e6-fa4d-4e04-bb1c-708c6b3f1294", "indicator--9f957714-0da4-4ac1-88d0-3a20431c2fa4", "indicator--a8be673c-93d2-4a54-b7e9-2463b5d326e4", "indicator--98df11a4-30bf-4239-bfd5-7a2eeb29c303", "indicator--93a70769-7a52-4887-ab34-0071cf841d73", "indicator--978f68ff-525b-4f56-8140-bc43570aeab5", "indicator--3684c1ca-584c-426a-9d9e-681f90867371", "indicator--73858011-cfeb-4bcf-b858-99e669fa33a8", "indicator--128a4de7-f58e-4911-af65-d1e85013a1fc", "indicator--3e59ec67-eade-4f38-ba38-c6e47a8104dd", "indicator--225a6ce9-329e-49b6-9d73-05a114c25683", "indicator--122f14c6-4f21-4998-b1fc-2cca227b0139", "indicator--f60c090a-e650-4daa-925d-cf45d512a681", "indicator--108854c1-afe8-4b20-a15c-018244cd6c2b", "indicator--cf648da5-93c9-46bb-8e2a-73d4fa736766", "indicator--1be8eb51-2893-485e-821e-1ef77298bede", "indicator--eb05844b-0223-4423-bb66-e745e3778486", "indicator--eef1e52e-bae9-4514-8354-abdb52f49437", "indicator--584a5077-c2b3-497e-9041-861d8dbe3ce0", "indicator--80c68e30-fbd9-4da3-9064-af5f11e90cbf", "indicator--d5408b0b-5aad-4eb4-87e0-088a789f8ef3", "indicator--9fc947ff-abfb-4805-a802-97e22cf42914", "indicator--506ebc8e-2a5b-4729-9edf-81ca17329e2d", "indicator--025a2340-dc3e-47c2-96a0-f91be7bb18f7", "indicator--3d346534-20c4-4377-b515-31aa5e5953d4", "indicator--69cf018a-1a8b-4ace-8d30-f83f6671dede", "indicator--f3c7a756-4072-433f-8bbb-cc0c4d21d0c4", "indicator--8bc9ac2a-9cae-4631-890a-31d9a4ffa146", "indicator--81338ccc-1ddd-4d43-9ca3-5e3dce1ae129", "indicator--f184ef82-f674-4f55-9fde-d8e5195a64ed", "indicator--79dcb2ef-3723-4f6d-ade1-c9ffacba4d02", "indicator--173b3b9b-6104-420e-863e-598af599efa1", "indicator--7c960e90-cca3-4754-9d8c-143663179c94", "indicator--cc5866e9-81ec-4956-8f4c-960ea859922a", "indicator--9e4faf9e-822e-490c-aef6-70dc04411672", "indicator--c5eb6907-322e-4b32-97a7-293a539fa05d", "indicator--d79eb25d-b726-4719-8a54-56ac4396af3f", "indicator--143ec3b0-0af1-40cb-8d2c-2bde6222fdcb", "indicator--1f657410-e8c8-4277-9ed2-83fb8ae04fa5", "indicator--e09b1e5d-1425-487b-a2e5-960caf80b04d", "indicator--e4f21093-84dd-4862-b37b-3bc5ee18ea94", "indicator--e3e1e26c-ef1e-42cd-a606-7ee75b457c6e", "indicator--72afbb14-4393-420c-a9fe-16144bbd7a7c", "indicator--30ab8781-7225-49f6-bfc6-fd485b6be520", "indicator--fe02ce66-8a8d-4fe8-bb14-e077e5d36e75", "indicator--70c162fc-fe93-49c4-89d1-4b2d446324ee", "indicator--40646ad7-a147-4a8e-9d09-4f1af05ad3f3", "indicator--b41a562d-45d4-4285-8371-cf047076be53", "indicator--657e7f54-66b8-4e2c-8ef8-1f82e57e9253", "indicator--a9f14d6c-a626-46fd-ba44-ba0228730252", "indicator--b22becbc-b286-4fae-b81c-4f3dafffaa3d", "indicator--78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b", "indicator--0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca", "indicator--d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c", "indicator--1c17a6bc-fbda-4b03-a44c-4dd76c76278b", "indicator--54b7f0a7-b3c1-471a-a51f-59a4d3f872c4", "indicator--210882c2-52d3-4c16-86db-f0f2a7d016cd", "indicator--d3492ba3-6d21-4875-abcf-599d971630bf", "indicator--ca8eaa5a-1cb0-4f76-bacc-009f34c28910", "indicator--8bb0385f-29c8-47a1-8e64-9a3d7654c8d8", "indicator--512dc9e4-39fd-483a-9c37-33732ff2fc2f", "indicator--90fed0f9-30c3-405a-b140-5ae7b3bc0d00", "indicator--513f4f23-5529-48e1-9dcb-92dedb518186", "indicator--b3e64d81-deb3-4dc7-86fd-0f3beddaf946", "indicator--ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528", "indicator--e5aecfb6-27a9-41c1-89d4-7cfbb86518b9", "indicator--6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0", "indicator--41fa73c2-4463-484a-ac6d-36c087791fd0", "indicator--75029c0f-1302-4c59-a432-e841aaf98461", "indicator--c4a58643-4056-423c-8b11-337ea18de2e9", "indicator--9aff7ff2-2369-4b1b-bb20-2570b986e4f9", "indicator--13fd34df-5fcb-4b01-becf-6d708e8a903f", "indicator--a9af5349-77e8-4d0c-88b9-76278bb1634c", "indicator--a82a85b1-ec4c-4ec4-acdd-004df0f50a4d", "indicator--a08f04a8-b081-4865-a37a-1a27c07ea796", "indicator--c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc", "indicator--1fdeacac-2de6-45f7-80ab-d937cf50d05d", "indicator--27fbefcc-37e4-4d1a-9cce-e93eb60cc969", "indicator--3719f638-8a32-410f-a088-2ba92f75f901", "indicator--6bb8f113-d066-4070-b65a-43197b5b41d1", "indicator--ad15f4bb-8a55-4f57-ba0f-267060080e55", "indicator--1a3119e1-ae80-405c-911d-b3f2aefadef9", "indicator--f9884dcf-4510-4307-8f71-a72d3297f376", "indicator--47b12b84-eeaa-4aa5-8cf7-afb439266806", "indicator--2a24f995-126a-4713-9f6b-157225f2c83d", "indicator--fc3b66b0-c894-4974-9e4c-23540d7bd952", "indicator--d13b268d-e82e-4b75-92ed-1488eb7269e4", "indicator--3ebae168-c560-48c7-a7de-0c09eccde1f6", "indicator--ed99ba56-4c65-4416-af26-658b059c0afe", "indicator--13906e4d-d2fb-43ff-b6c8-70a979c23083", "indicator--d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a", "indicator--81996b71-19d5-4230-9a4a-6ed7d1f756ea", "x-misp-object--c9f35ca0-b785-4690-8831-338c8eb35ffe" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "misp-galaxy:malpedia=\"Cobalt Strike\"", "misp-galaxy:rat=\"Cobalt Strike\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6247385e-d35b-4fd3-8c5c-baf2f84ec1ec", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '192.119.111.117/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b20a564e-edea-438a-ab8c-49ebf6ea252b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '192.119.111.117/match']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0baa683-497c-4b4c-a242-6b748b594795", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '192.119.111.117/cm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad01ab3e-05cd-410f-ae6d-ad431b7c5391", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'http://scripts.completelyinnocuousdomain.com/updates.rss']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8c1cafb0-fabb-4e33-938e-a2fa092451d2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'scripts.completelyinnocuousdomain.com/ptj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69a13af3-13ad-4574-a97a-ec8ba5a8b385", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '3.133.100.221/dot.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4ffa4e15-92de-43e4-912d-4cbd9b810095", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '3.133.100.221/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--be0bc9b5-cb43-4e88-94a7-23fb0303cbc7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '129.226.15.142/pixel.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42401926-71f9-4437-ab0c-642bf968f444", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'lsass.services/idle/1376547834/1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c801a83-ee84-4df1-9378-01c049e57b34", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'cs.yourintrinsichealth.com/dot.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b1e56d27-b249-4ec4-98cc-04c5928c67dc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'scripts.chickensdone.com/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--02ba5d76-f74d-4f06-9c12-0a047bcfff99", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '167.179.78.159/cm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e779c3e6-fa4d-4e04-bb1c-708c6b3f1294", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '167.179.78.159/push']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f957714-0da4-4ac1-88d0-3a20431c2fa4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'lsass.cloud/pixel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a8be673c-93d2-4a54-b7e9-2463b5d326e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'mesteratosr.me/api']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--98df11a4-30bf-4239-bfd5-7a2eeb29c303", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '185.162.235.111/pixel.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--93a70769-7a52-4887-ab34-0071cf841d73", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '185.162.235.111/en_US/all.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--978f68ff-525b-4f56-8140-bc43570aeab5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '185.162.235.111/j.ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3684c1ca-584c-426a-9d9e-681f90867371", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '172.19.178.93/ga.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--73858011-cfeb-4bcf-b858-99e669fa33a8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '172.19.178.93/ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--128a4de7-f58e-4911-af65-d1e85013a1fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'servupdates.com/ga.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3e59ec67-eade-4f38-ba38-c6e47a8104dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'servupdates.com/ptj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--225a6ce9-329e-49b6-9d73-05a114c25683", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'servupdates.com/ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--122f14c6-4f21-4998-b1fc-2cca227b0139", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '142.202.205.57/updates.rss']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f60c090a-e650-4daa-925d-cf45d512a681", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '108.166.207.133/cm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--108854c1-afe8-4b20-a15c-018244cd6c2b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '108.166.207.133/pixel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf648da5-93c9-46bb-8e2a-73d4fa736766", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '3.137.217.140/dot.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1be8eb51-2893-485e-821e-1ef77298bede", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'www.mssql.tk/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eb05844b-0223-4423-bb66-e745e3778486", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'www.mssql.tk/IE9CompatViewList.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--eef1e52e-bae9-4514-8354-abdb52f49437", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '42.192.145.157/ga.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--584a5077-c2b3-497e-9041-861d8dbe3ce0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '42.192.145.157/cm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--80c68e30-fbd9-4da3-9064-af5f11e90cbf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '42.192.145.157/IE9CompatViewList.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d5408b0b-5aad-4eb4-87e0-088a789f8ef3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '42.192.145.157/push']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9fc947ff-abfb-4805-a802-97e22cf42914", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '162.241.127.180/j.ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--506ebc8e-2a5b-4729-9edf-81ca17329e2d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '104.247.196.106/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--025a2340-dc3e-47c2-96a0-f91be7bb18f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '103.117.72.60/ptj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d346534-20c4-4377-b515-31aa5e5953d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'outlook-1.azureedge.net/static/css/main.d22d3525.chunk.css']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--69cf018a-1a8b-4ace-8d30-f83f6671dede", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'a93.xyz/IE9CompatViewList.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f3c7a756-4072-433f-8bbb-cc0c4d21d0c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '167.179.66.246/ptj']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8bc9ac2a-9cae-4631-890a-31d9a4ffa146", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = 'http://daiwa-cm-us.azureedge.net//ro13.64.101.24/ro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81338ccc-1ddd-4d43-9ca3-5e3dce1ae129", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '145.249.106.134/ga.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f184ef82-f674-4f55-9fde-d8e5195a64ed", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '145.249.106.134/dpixel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79dcb2ef-3723-4f6d-ade1-c9ffacba4d02", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '145.249.106.134/cm']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--173b3b9b-6104-420e-863e-598af599efa1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '218.253.251.89/fwlink']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7c960e90-cca3-4754-9d8c-143663179c94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '194.5.249.55/dot.gif']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cc5866e9-81ec-4956-8f4c-960ea859922a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '194.5.249.55/dpixel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9e4faf9e-822e-490c-aef6-70dc04411672", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '194.5.249.55/cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5eb6907-322e-4b32-97a7-293a539fa05d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:42.000Z", "modified": "2020-12-10T12:55:42.000Z", "pattern": "[url:value = '47.104.91.8/en_US/all.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d79eb25d-b726-4719-8a54-56ac4396af3f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:43.000Z", "modified": "2020-12-10T12:55:43.000Z", "pattern": "[url:value = '47.104.91.8/fwlink']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--143ec3b0-0af1-40cb-8d2c-2bde6222fdcb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:43.000Z", "modified": "2020-12-10T12:55:43.000Z", "pattern": "[url:value = '45.141.84.32/dpixel']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1f657410-e8c8-4277-9ed2-83fb8ae04fa5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:43.000Z", "modified": "2020-12-10T12:55:43.000Z", "pattern": "[url:value = '45.141.84.32/visit.js']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e09b1e5d-1425-487b-a2e5-960caf80b04d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:55:43.000Z", "modified": "2020-12-10T12:55:43.000Z", "pattern": "[url:value = '45.141.84.32/IE9CompatViewList.xml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:55:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e4f21093-84dd-4862-b37b-3bc5ee18ea94", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '66.228.39.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e3e1e26c-ef1e-42cd-a606-7ee75b457c6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '54.226.33.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72afbb14-4393-420c-a9fe-16144bbd7a7c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '175.24.246.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--30ab8781-7225-49f6-bfc6-fd485b6be520", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '52.15.240.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fe02ce66-8a8d-4fe8-bb14-e077e5d36e75", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.133.160.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--70c162fc-fe93-49c4-89d1-4b2d446324ee", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.91.237.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--40646ad7-a147-4a8e-9d09-4f1af05ad3f3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.179.78.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b41a562d-45d4-4285-8371-cf047076be53", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.57.104.87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--657e7f54-66b8-4e2c-8ef8-1f82e57e9253", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.63.189.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9f14d6c-a626-46fd-ba44-ba0228730252", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.155.49.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b22becbc-b286-4fae-b81c-4f3dafffaa3d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.33.77.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.168.147.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.209.86.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.207.154.19']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c17a6bc-fbda-4b03-a44c-4dd76c76278b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.162.235.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54b7f0a7-b3c1-471a-a51f-59a4d3f872c4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.51.197.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--210882c2-52d3-4c16-86db-f0f2a7d016cd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.34.166.73']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d3492ba3-6d21-4875-abcf-599d971630bf", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '152.32.253.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ca8eaa5a-1cb0-4f76-bacc-009f34c28910", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.181.102.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8bb0385f-29c8-47a1-8e64-9a3d7654c8d8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.202.205.57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--512dc9e4-39fd-483a-9c37-33732ff2fc2f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '108.166.207.133']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--90fed0f9-30c3-405a-b140-5ae7b3bc0d00", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.137.217.140']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--513f4f23-5529-48e1-9dcb-92dedb518186", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '121.4.69.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b3e64d81-deb3-4dc7-86fd-0f3beddaf946", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.96.9.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '148.70.139.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e5aecfb6-27a9-41c1-89d4-7cfbb86518b9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.101.43.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.97.65.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--41fa73c2-4463-484a-ac6d-36c087791fd0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.192.145.157']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--75029c0f-1302-4c59-a432-e841aaf98461", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '162.241.127.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c4a58643-4056-423c-8b11-337ea18de2e9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '104.247.196.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9aff7ff2-2369-4b1b-bb20-2570b986e4f9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '146.185.132.43']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13fd34df-5fcb-4b01-becf-6d708e8a903f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.117.72.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a9af5349-77e8-4d0c-88b9-76278bb1634c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.189.183.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a82a85b1-ec4c-4ec4-acdd-004df0f50a4d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.99.200.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a08f04a8-b081-4865-a37a-1a27c07ea796", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:28.000Z", "modified": "2020-12-10T12:56:28.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '167.179.66.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.180.199.171']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fdeacac-2de6-45f7-80ab-d937cf50d05d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '13.64.101.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--27fbefcc-37e4-4d1a-9cce-e93eb60cc969", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '202.182.125.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3719f638-8a32-410f-a088-2ba92f75f901", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.14.94.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6bb8f113-d066-4070-b65a-43197b5b41d1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '60.12.215.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad15f4bb-8a55-4f57-ba0f-267060080e55", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '145.249.106.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1a3119e1-ae80-405c-911d-b3f2aefadef9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '193.187.118.232']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9884dcf-4510-4307-8f71-a72d3297f376", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '218.253.251.89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--47b12b84-eeaa-4aa5-8cf7-afb439266806", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '194.5.249.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2a24f995-126a-4713-9f6b-157225f2c83d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '47.104.91.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc3b66b0-c894-4974-9e4c-23540d7bd952", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.107.41.104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d13b268d-e82e-4b75-92ed-1488eb7269e4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.141.84.32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ebae168-c560-48c7-a7de-0c09eccde1f6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '3.17.176.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ed99ba56-4c65-4416-af26-658b059c0afe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '111.229.51.128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--13906e4d-d2fb-43ff-b6c8-70a979c23083", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '23.106.160.191']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '100.24.56.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--81996b71-19d5-4230-9a4a-6ed7d1f756ea", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:56:29.000Z", "modified": "2020-12-10T12:56:29.000Z", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.199.110.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-12-10T12:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c9f35ca0-b785-4690-8831-338c8eb35ffe", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-12-10T12:57:22.000Z", "modified": "2020-12-10T12:57:22.000Z", "labels": [ "misp:name=\"paste\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "origin", "value": "pastebin.com", "category": "Other", "uuid": "8914c184-e266-48b8-bb4b-1d7ace03eda3" }, { "type": "text", "object_relation": "title", "value": "CobaltStrike C2s Dec2020_10", "category": "Other", "uuid": "7207e756-0071-499c-8009-0a576457e179" }, { "type": "text", "object_relation": "username", "value": "ImGlaCiuS", "category": "Other", "uuid": "fbdc9ea7-0eec-42b1-b3f3-38cc431b0556" }, { "type": "link", "object_relation": "link", "value": "https://pastebin.com/Svw5vMvm", "category": "External analysis", "uuid": "d810405f-4746-4046-8fff-f7f7bc91b66d" } ], "x_misp_meta_category": "misc", "x_misp_name": "paste" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }