{ "type": "bundle", "id": "bundle--5464c1d9-3d78-434d-a936-51e4950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:16:54.000Z", "modified": "2017-06-22T20:16:54.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5464c1d9-3d78-434d-a936-51e4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2017-06-22T20:16:54.000Z", "modified": "2017-06-22T20:16:54.000Z", "name": "OSINT Expansion on Snake", "published": "2017-06-22T20:17:10Z", "object_refs": [ "indicator--5464c1ef-e49c-4ddc-86b5-9034950d210b", "indicator--5464c1ef-cc80-4f72-9083-9034950d210b", "indicator--5464c1ef-09f4-4345-a778-9034950d210b", "indicator--5464c1ef-fe28-4697-a9c8-9034950d210b", "indicator--5464c1ef-0198-40ca-92fe-9034950d210b", "indicator--5464c1ef-f01c-4008-9330-9034950d210b", "indicator--5464c20e-e42c-4f97-86ff-9051950d210b", "indicator--5464c20e-8400-4c99-9d83-9051950d210b", "indicator--5464c20e-2034-4dec-b85d-9051950d210b", "indicator--5464c20e-8a28-4ca4-8e26-9051950d210b", "indicator--5464c20e-c9ec-4451-a95b-9051950d210b", "indicator--5464c20e-5d38-4891-9bab-9051950d210b", "indicator--5464c20e-617c-44f9-bbed-9051950d210b", "indicator--5464c20e-8a48-40e3-bbe1-9051950d210b", "indicator--5464c20e-0698-4712-aca4-9051950d210b", "indicator--5464c20e-89b0-4cb2-931f-9051950d210b", "indicator--5464c20e-2400-43c9-a6f6-9051950d210b", "indicator--5464c20e-e410-4f54-ba87-9051950d210b", "indicator--5464c20f-c6a8-4490-8529-9051950d210b", "indicator--5464c20f-52a8-4eaa-9074-9051950d210b", "indicator--5464c20f-73cc-40c7-8d47-9051950d210b", "indicator--5464c20f-8d90-4222-b489-9051950d210b", "indicator--5464c20f-4e10-4259-aa31-9051950d210b", "indicator--5464c20f-1954-4b0b-946a-9051950d210b", "indicator--5464c20f-03e8-42d8-aa97-9051950d210b", "indicator--5464c20f-7858-4f68-8c43-9051950d210b", "indicator--5464c20f-fea0-4176-9c80-9051950d210b", "indicator--5464c20f-171c-4249-bdf5-9051950d210b", "indicator--5464c20f-2188-44e0-abe4-9051950d210b", "indicator--5464c20f-571c-47cb-b47b-9051950d210b", "indicator--5464c20f-91b0-41ef-96e4-9051950d210b", "indicator--5464c20f-96d4-40b7-a509-9051950d210b", "indicator--5464c20f-60c4-4aaf-9ce8-9051950d210b", "indicator--5464c20f-ea1c-4660-882a-9051950d210b", "indicator--5464c210-2730-4266-a7cb-9051950d210b", "indicator--5464c210-c450-4b32-9ed2-9051950d210b", "indicator--5464c210-7958-4cff-95d5-9051950d210b", "indicator--5464c210-9654-41d7-9427-9051950d210b", "indicator--5464c210-b8fc-4818-b30b-9051950d210b", "indicator--5464c210-9f7c-4994-8f5e-9051950d210b", "indicator--5464c210-1178-4748-b1f1-9051950d210b", "indicator--5464c210-d4b4-4b06-bcc4-9051950d210b", "indicator--5464c210-5d34-4a63-96db-9051950d210b", "indicator--5464c210-65c4-4bf1-b5af-9051950d210b", "indicator--5464c210-a3f0-416a-8450-9051950d210b", "indicator--5464c210-546c-4358-b93e-9051950d210b", "indicator--5464c210-b964-4cbc-9f14-9051950d210b", "indicator--5464c210-950c-4ca8-9e31-9051950d210b", "indicator--5464c210-caa0-4206-99e6-9051950d210b", "x-misp-attribute--5464c25c-3eb4-4012-97b5-969a950d210b", "x-misp-attribute--560d3d64-884c-418e-9f12-46ca950d210b", "x-misp-attribute--560d3d64-6060-42ad-9b33-4911950d210b", "x-misp-attribute--560d3d65-3444-4937-ba0c-47f9950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "misp-galaxy:threat-actor=\"Turla Group\"" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-e49c-4ddc-86b5-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.190.233.29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-cc80-4f72-9083-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.194.224.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-09f4-4345-a778-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.211.213']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-fe28-4697-a9c8-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.65.252.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-0198-40ca-92fe-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.246.199.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c1ef-f01c-4008-9330-9034950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:36:31.000Z", "modified": "2014-11-13T14:36:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.1.82.32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:36:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-e42c-4f97-86ff-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'tiles.cebarrett.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-8400-4c99-9d83-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'alosh66.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-2034-4dec-b85d-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'darksun.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-8a28-4ca4-8e26-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'luck-babys.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-c9ec-4451-a95b-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'newsweek.serveblog.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-5d38-4891-9bab-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'weather-online.hopto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-617c-44f9-bbed-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'airlinenewspaper.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-8a48-40e3-bbe1-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'easport-news.publicvm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-0698-4712-aca4-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'tn5.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-89b0-4cb2-931f-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'marketing.ntmdt.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-2400-43c9-a6f6-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'brstcjjcmoc.myfw.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20e-e410-4f54-ba87-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:02.000Z", "modified": "2014-11-13T14:37:02.000Z", "pattern": "[domain-name:value = 'twtw.mrface.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-c6a8-4490-8529-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'image.servepics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-52a8-4eaa-9074-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'new-book.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-73cc-40c7-8d47-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'biznews.podzone.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-8d90-4222-b489-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'cqcount.servehttp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-4e10-4259-aa31-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'hotnews.ath.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-1954-4b0b-946a-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'easycounter.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-03e8-42d8-aa97-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = '3366.passas.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-7858-4f68-8c43-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = '51hongling.onthenetas.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-fea0-4176-9c80-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'boy.podzone.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-171c-4249-bdf5-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'ftpmicrosoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-2188-44e0-abe4-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'allnews.ath.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-571c-47cb-b47b-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'downmicrisoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-91b0-41ef-96e4-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'webmail-login.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-96d4-40b7-a509-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'zgtlohzofi.kwik.to']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-60c4-4aaf-9ce8-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = '723.kwik.to']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c20f-ea1c-4660-882a-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:03.000Z", "modified": "2014-11-13T14:37:03.000Z", "pattern": "[domain-name:value = 'zjhao.dtdns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-2730-4266-a7cb-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'freshdns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-c450-4b32-9ed2-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'support-adobe.endofinternet.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-7958-4cff-95d5-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'pressforum.serveblog.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-9654-41d7-9427-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'intellicast.ath.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-b8fc-4818-b30b-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'sportacademy.my03.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-9f7c-4994-8f5e-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'webonline.mefound.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-1178-4748-b1f1-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'breakingnews.ath.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-d4b4-4b06-bcc4-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'today-news.office-on-the.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-5d34-4a63-96db-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'newgame.2waky.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-65c4-4bf1-b5af-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'nifty-user.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-a3f0-416a-8450-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'euronews.ath.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-546c-4358-b93e-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'marketplace.servehttp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-b964-4cbc-9f14-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'attack1.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-950c-4ca8-9e31-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'novbl.ssh01.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5464c210-caa0-4206-99e6-9051950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:37:04.000Z", "modified": "2014-11-13T14:37:04.000Z", "pattern": "[domain-name:value = 'z07.dyndns.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-13T14:37:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5464c25c-3eb4-4012-97b5-969a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-13T14:38:20.000Z", "modified": "2014-11-13T14:38:20.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Expansion done by David Andr\u00c3\u00a9 based on passive DNS database" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--560d3d64-884c-418e-9f12-46ca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T14:04:20.000Z", "modified": "2015-10-01T14:04:20.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Snake" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--560d3d64-6060-42ad-9b33-4911950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T14:04:20.000Z", "modified": "2015-10-01T14:04:20.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Turla" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--560d3d65-3444-4937-ba0c-47f9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T14:04:21.000Z", "modified": "2015-10-01T14:04:21.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Uroburos" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }