{ "type": "bundle", "id": "bundle--54eee0da-d1c8-441e-a760-3839950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T13:59:28.000Z", "modified": "2015-02-26T13:59:28.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--54eee0da-d1c8-441e-a760-3839950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T13:59:28.000Z", "modified": "2015-02-26T13:59:28.000Z", "name": "Fessleak before It Was Cool by OpenDNS", "published": "2015-02-26T13:59:59Z", "object_refs": [ "observed-data--54eee0e4-8894-4718-98d1-0c01950d210b", "url--54eee0e4-8894-4718-98d1-0c01950d210b", "x-misp-attribute--54eee0f9-5050-48b3-84b0-8bb2950d210b", "x-misp-attribute--54eee12f-aaa4-4f61-8038-2b95950d210b", "indicator--54eee189-5108-465b-8e6f-857e950d210b", "indicator--54eee189-63b4-4396-8220-857e950d210b", "indicator--54eee189-4f08-459b-8922-857e950d210b", "indicator--54eee189-cf34-45ae-bb2e-857e950d210b", "indicator--54eee189-3bdc-4b02-902e-857e950d210b", "indicator--54eee189-1280-42d6-bde0-857e950d210b", "indicator--54eee18a-ac30-4ee9-954d-857e950d210b", "indicator--54eee18a-71e0-4383-927f-857e950d210b", "indicator--54eee18a-99b0-4983-83ef-857e950d210b", "indicator--54eee18a-355c-435b-9d1b-857e950d210b", "indicator--54eee18a-b200-4ad7-9787-857e950d210b", "indicator--54eee18a-f1cc-45bd-b03d-857e950d210b", "indicator--54eee18a-0d34-4901-b46f-857e950d210b", "indicator--54eee18a-6a08-45d5-84f4-857e950d210b", "indicator--54eee18a-52f4-4c6c-985a-857e950d210b", "indicator--54eee18a-8060-4392-899e-857e950d210b", "indicator--54eee18a-c6e8-4463-98a2-857e950d210b", "indicator--54eee18a-b890-4fbe-bc3a-857e950d210b", "indicator--54eee18b-4330-4173-b7cf-857e950d210b", "indicator--54eee18b-7af0-4361-ac3a-857e950d210b", "indicator--54eee18b-1e7c-4847-8346-857e950d210b", "indicator--54eee18b-85d4-463d-8422-857e950d210b", "indicator--54eee18b-c35c-47c3-bca2-857e950d210b", "indicator--54eee18b-4534-41cc-8940-857e950d210b", "indicator--54eee18b-4bc4-4f91-85ce-857e950d210b", "indicator--54eee18b-f258-45e2-886a-857e950d210b", "indicator--54eee18b-cb3c-4402-9fce-857e950d210b", "indicator--54eee18b-70e4-436c-97d6-857e950d210b", "indicator--54eee18b-0e50-46a3-8e95-857e950d210b", "indicator--54eee18b-691c-43b0-8320-857e950d210b", "indicator--54eee18c-d5e0-4085-903f-857e950d210b", "observed-data--54eee203-a790-44a6-904c-5a29950d210b", "url--54eee203-a790-44a6-904c-5a29950d210b", "observed-data--54eee203-d334-4171-a8e2-5a29950d210b", "url--54eee203-d334-4171-a8e2-5a29950d210b", "observed-data--54eee203-36b0-42a7-a5cd-5a29950d210b", "url--54eee203-36b0-42a7-a5cd-5a29950d210b", "indicator--54eee278-9c30-4481-b5f4-857e950d210b", "indicator--54eee278-c6d8-4838-b0af-857e950d210b", "indicator--54eee279-66a4-4b4b-8cf0-857e950d210b", "indicator--54eee279-f4a0-4c96-9cda-857e950d210b", "indicator--54eee279-fd80-4a93-b328-857e950d210b", "indicator--54eee279-1014-42b8-830b-857e950d210b", "indicator--54eee279-2098-4ffe-9753-857e950d210b", "indicator--54eee279-9c1c-4919-b8c3-857e950d210b", "indicator--54eee279-5eb4-4139-92b2-857e950d210b", "indicator--54eee279-c808-4619-ac54-857e950d210b", "indicator--54eee279-50c8-4b4c-8105-857e950d210b", "indicator--54eee279-0d7c-40ce-9644-857e950d210b", "indicator--54eee27a-6eb8-4720-a189-857e950d210b", "indicator--54eee27a-a1c8-4f20-b84b-857e950d210b", "indicator--54eee27a-38e8-4b9c-aa6a-857e950d210b", "indicator--54eee27a-d3d8-4c96-b637-857e950d210b", "indicator--54eee27a-5468-4e35-80bf-857e950d210b", "indicator--54eee27a-860c-4dc4-a5bc-857e950d210b", "indicator--54eee27a-0598-4855-a9c3-857e950d210b", "indicator--54eee27a-d790-46bf-ae2d-857e950d210b", "indicator--54eee27a-6fec-4d10-8747-857e950d210b", "indicator--54eee27a-de1c-4189-b727-857e950d210b", "indicator--54eee27b-cee0-410d-8e76-857e950d210b", "indicator--54eee27b-5078-43fb-b46a-857e950d210b", "indicator--54eee27b-3c04-4caa-81a3-857e950d210b", "indicator--54eee27b-d81c-4b00-94d0-857e950d210b", "indicator--54eee27b-9838-4cb9-b567-857e950d210b", "indicator--54eee27b-7184-4e45-9d6a-857e950d210b", "indicator--54eee27b-f2ec-4cc0-ba29-857e950d210b", "indicator--54eee27b-e540-4987-8f15-857e950d210b", "indicator--54eee27b-1360-44c2-8970-857e950d210b", "indicator--54eee27b-2730-427e-92a5-857e950d210b", "indicator--54eee27c-2d6c-4dc2-bd8f-857e950d210b", "indicator--54eee27c-11c4-4233-bbfd-857e950d210b", "indicator--54eee27c-a634-4f56-920c-857e950d210b", "indicator--54eee27c-2418-4625-af7f-857e950d210b", "indicator--54eee27c-d2f0-47e4-9739-857e950d210b", "indicator--54eee27c-6d60-4ae9-b01c-857e950d210b", "indicator--54eee27c-ab84-4c66-b693-857e950d210b", "indicator--54eee27c-e824-4372-ae1b-857e950d210b", "indicator--54eee27c-106c-4d1f-bc04-857e950d210b", "indicator--54eee27d-fe48-4074-ab8b-857e950d210b", "indicator--54eee27d-62ec-4d79-add6-857e950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54eee0e4-8894-4718-98d1-0c01950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "first_observed": "2015-02-26T09:12:19Z", "last_observed": "2015-02-26T09:12:19Z", "number_observed": 1, "object_refs": [ "url--54eee0e4-8894-4718-98d1-0c01950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54eee0e4-8894-4718-98d1-0c01950d210b", "value": "http://www.invincea.com/2015/02/fessleak-the-zero-day-driven-advanced-ransomware-malvertising-campaign/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54eee0f9-5050-48b3-84b0-8bb2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Fessleak" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54eee12f-aaa4-4f61-8038-2b95950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:45.000Z", "modified": "2015-02-26T09:12:45.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Registrant", "x_misp_type": "text", "x_misp_value": "fessleak@qip.ru" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-5108-465b-8e6f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.157.99.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-63b4-4396-8220-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.157.99.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-4f08-459b-8922-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.151.221.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-cf34-45ae-bb2e-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'chebroom.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-3bdc-4b02-902e-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'kenthopm.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee189-1280-42d6-bde0-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'vectallies.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-ac30-4ee9-954d-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'hevpazana.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-71e0-4383-927f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'labutinra.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-99b0-4983-83ef-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'timarols.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-355c-435b-9d1b-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'pinkavuz.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-b200-4ad7-9787-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'beatrinko.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-f1cc-45bd-b03d-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'vemisaio.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-0d34-4901-b46f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'zhonte.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-6a08-45d5-84f4-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'binachio.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-52f4-4c6c-985a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'zarafint.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-8060-4392-899e-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'landors.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-c6e8-4463-98a2-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'tesuin.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18a-b890-4fbe-bc3a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'rliner.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-4330-4173-b7cf-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'litpou.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-7af0-4361-ac3a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'fersob.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-1e7c-4847-8346-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'estuty.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-85d4-463d-8422-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'ontiq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-c35c-47c3-bca2-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'deinq.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-4534-41cc-8940-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'ermuz.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-4bc4-4f91-85ce-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'azurf.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-f258-45e2-886a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'relom.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-cb3c-4402-9fce-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'retilio.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-70e4-436c-97d6-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'uvreno.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-0e50-46a3-8e95-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.34.127.86']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18b-691c-43b0-8320-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.34.127.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee18c-d5e0-4085-903f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:12:19.000Z", "modified": "2015-02-26T09:12:19.000Z", "pattern": "[domain-name:value = 'tunim.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:12:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54eee203-a790-44a6-904c-5a29950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:06:11.000Z", "modified": "2015-02-26T09:06:11.000Z", "first_observed": "2015-02-26T09:06:11Z", "last_observed": "2015-02-26T09:06:11Z", "number_observed": 1, "object_refs": [ "url--54eee203-a790-44a6-904c-5a29950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54eee203-a790-44a6-904c-5a29950d210b", "value": "https://labs.opendns.com/2015/02/19/fessleak-cool/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54eee203-d334-4171-a8e2-5a29950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:06:11.000Z", "modified": "2015-02-26T09:06:11.000Z", "first_observed": "2015-02-26T09:06:11Z", "last_observed": "2015-02-26T09:06:11Z", "number_observed": 1, "object_refs": [ "url--54eee203-d334-4171-a8e2-5a29950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54eee203-d334-4171-a8e2-5a29950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--54eee203-36b0-42a7-a5cd-5a29950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:06:11.000Z", "modified": "2015-02-26T09:06:11.000Z", "first_observed": "2015-02-26T09:06:11Z", "last_observed": "2015-02-26T09:06:11Z", "number_observed": 1, "object_refs": [ "url--54eee203-36b0-42a7-a5cd-5a29950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--54eee203-36b0-42a7-a5cd-5a29950d210b", "value": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee278-9c30-4481-b5f4-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:08.000Z", "modified": "2015-02-26T09:08:08.000Z", "pattern": "[domain-name:value = 'ankapootle.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee278-c6d8-4838-b0af-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:08.000Z", "modified": "2015-02-26T09:08:08.000Z", "pattern": "[domain-name:value = 'anster.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-66a4-4b4b-8cf0-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'binjer.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-f4a0-4c96-9cda-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'bizono.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-fd80-4a93-b328-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'bracino.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-1014-42b8-830b-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'dovimos.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-2098-4ffe-9753-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'elimi.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-9c1c-4919-b8c3-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'eltisc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-5eb4-4139-92b2-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'fenoli.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-c808-4619-ac54-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'ferko.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-50c8-4b4c-8105-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'fermentzone.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee279-0d7c-40ce-9644-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:09.000Z", "modified": "2015-02-26T09:08:09.000Z", "pattern": "[domain-name:value = 'ferom.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-6eb8-4720-a189-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'flaris.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-a1c8-4f20-b84b-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'gladolimo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-38e8-4b9c-aa6a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'grandemab.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-d3d8-4c96-b637-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'ingoarten.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-5468-4e35-80bf-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'inpoucher.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-860c-4dc4-a5bc-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'kabur.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-0598-4855-a9c3-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'lemdingo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-d790-46bf-ae2d-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'lemptyzp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-6fec-4d10-8747-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'marzie.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27a-de1c-4189-b727-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:10.000Z", "modified": "2015-02-26T09:08:10.000Z", "pattern": "[domain-name:value = 'montiza.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-cee0-410d-8e76-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'namille.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-5078-43fb-b46a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'orsai.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-3c04-4caa-81a3-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'pazumala.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-d81c-4b00-94d0-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'penazhef.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-9838-4cb9-b567-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'penneza.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-7184-4e45-9d6a-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'pequrio.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-f2ec-4cc0-ba29-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'pizzanetp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-e540-4987-8f15-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'podin.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-1360-44c2-8970-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'pondoq.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27b-2730-427e-92a5-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:11.000Z", "modified": "2015-02-26T09:08:11.000Z", "pattern": "[domain-name:value = 'prosoknf.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-2d6c-4dc2-bd8f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'ramonza.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-11c4-4233-bbfd-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'rampoyak.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-a634-4f56-920c-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'romaldi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-2418-4625-af7f-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'shivue.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-d2f0-47e4-9739-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'venitial.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-6d60-4ae9-b01c-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'viceon.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-ab84-4c66-b693-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'webpertzo.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-e824-4372-ae1b-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'wonkobu.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27c-106c-4d1f-bc04-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:12.000Z", "modified": "2015-02-26T09:08:12.000Z", "pattern": "[domain-name:value = 'zelti.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27d-fe48-4074-ab8b-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:13.000Z", "modified": "2015-02-26T09:08:13.000Z", "pattern": "[domain-name:value = 'zibond.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54eee27d-62ec-4d79-add6-857e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-02-26T09:08:13.000Z", "modified": "2015-02-26T09:08:13.000Z", "pattern": "[domain-name:value = 'ztopp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-02-26T09:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }