{ "type": "bundle", "id": "bundle--5667e3ea-cec4-4a67-b7c0-f7a9950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-30T11:55:05.000Z", "modified": "2016-12-30T11:55:05.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5667e3ea-cec4-4a67-b7c0-f7a9950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-12-30T11:55:05.000Z", "modified": "2016-12-30T11:55:05.000Z", "name": "OSINT - Packrat: Seven Years of a South American Threat Actor", "published": "2016-12-30T11:55:22Z", "object_refs": [ "x-misp-attribute--5667e401-6e9c-4eb3-98e1-f81b950d210b", "observed-data--5667e410-8d30-43cf-9b1d-f960950d210b", "url--5667e410-8d30-43cf-9b1d-f960950d210b", "indicator--5667e452-3bf8-471b-acf8-a716950d210b", "indicator--5667e453-96b0-4ea7-8fa9-a716950d210b", "indicator--5667e453-d6a8-4f26-9595-a716950d210b", "indicator--5667e453-9844-4a09-8210-a716950d210b", "indicator--5667e454-d170-4f35-b5ab-a716950d210b", "indicator--5667e454-8938-4b22-b5b9-a716950d210b", "indicator--5667e455-95a4-4032-bfeb-a716950d210b", "indicator--5667e455-3cdc-4f27-bc4b-a716950d210b", "indicator--5667e455-6c28-47e0-8e49-a716950d210b", "indicator--5667e456-bd6c-4d1a-8598-a716950d210b", "indicator--5667e456-2854-42f3-aa2e-a716950d210b", "indicator--5667e457-44e4-48b8-8e12-a716950d210b", "indicator--5667e457-474c-45c8-bdaf-a716950d210b", "indicator--5667e457-9a50-4638-8336-a716950d210b", "indicator--5667e458-d6ac-4a1e-818e-a716950d210b", "indicator--5667e458-ddf4-46db-975f-a716950d210b", "indicator--5667e459-e850-4104-bb40-a716950d210b", "indicator--5667e459-43b4-4d18-8872-a716950d210b", "indicator--5667e459-983c-43e3-957e-a716950d210b", "indicator--5667e45a-9ad4-4a75-884a-a716950d210b", "indicator--5667e45a-1054-4477-8565-a716950d210b", "indicator--5667e45b-a24c-450f-88c8-a716950d210b", "indicator--5667e45b-406c-4a1e-a719-a716950d210b", "indicator--5667e45b-f2fc-4b3a-a444-a716950d210b", "indicator--5667e47f-5094-40f4-9c1a-f960950d210b", "indicator--5667e4a8-1b1c-48b6-9795-f81b950d210b", "indicator--5667e4a8-71a0-40f7-b18e-f81b950d210b", "indicator--5667e4a9-0a2c-497f-b668-f81b950d210b", "indicator--5667e4a9-f478-42aa-b3aa-f81b950d210b", "indicator--5667e4aa-20e4-41ef-ba84-f81b950d210b", "indicator--5667e4aa-4a54-40ef-aefd-f81b950d210b", "indicator--5667e4aa-bf4c-4fd9-93cc-f81b950d210b", "indicator--5667e4ab-dd04-49c9-bd1a-f81b950d210b", "indicator--5667e4ab-a764-4673-9d1b-f81b950d210b", "indicator--5667e4ac-d7c8-4e98-ae7a-f81b950d210b", "indicator--5667e4ac-aa0c-4669-9241-f81b950d210b", "indicator--5667e4ad-92fc-4ba3-b301-f81b950d210b", "indicator--5667e4ad-1784-4d65-8e7f-f81b950d210b", "x-misp-attribute--5667e4c9-549c-4a4f-8db4-e992950d210b", "indicator--5667e4e2-db00-4452-ae1e-edb5950d210b", "indicator--5667e4e3-42e0-4ffc-b9e7-edb5950d210b", "indicator--5667e4e3-0958-4c15-aae1-edb5950d210b", "indicator--5667e4e4-0b54-4931-b663-edb5950d210b", "indicator--5667e4e4-b994-4df8-98ee-edb5950d210b", "indicator--5667e4e4-caa8-4af6-ae94-edb5950d210b", "indicator--5667e4e5-08d0-4fe7-89ac-edb5950d210b", "indicator--5667e4e5-f194-43f2-ad6d-edb5950d210b", "indicator--5667e4e6-922c-4cc7-a8b5-edb5950d210b", "indicator--5667e4e6-2b24-4264-b41c-edb5950d210b", "indicator--5667e4e6-903c-42b2-8477-edb5950d210b", "indicator--5667e4e7-6978-4808-b4e8-edb5950d210b", "indicator--5667e4e7-995c-46eb-8f36-edb5950d210b", "indicator--5667e4e8-c328-4a10-a6d6-edb5950d210b", "indicator--5667e4e8-cbf8-4379-844e-edb5950d210b", "indicator--5667e4e8-cdc4-43b0-a73e-edb5950d210b", "indicator--5667e507-0344-4359-a157-f960950d210b", "indicator--5667e508-ca08-4949-9e4b-f960950d210b", "indicator--5667e508-90a4-4701-b9f8-f960950d210b", "indicator--5667e509-bd5c-4596-a28b-f960950d210b", "indicator--5667e509-545c-4ba7-bc6b-f960950d210b", "indicator--5667e50a-daf4-455a-a8a9-f960950d210b", "indicator--5667e50b-ab48-4dc1-86fa-f960950d210b", "indicator--5667e50b-6a9c-480c-9242-f960950d210b", "indicator--5667e50c-3ccc-475a-b15a-f960950d210b", "indicator--5667e50c-cddc-4309-b155-f960950d210b", "indicator--5667e50d-793c-4a5a-a478-f960950d210b", "indicator--5667e50d-f5ec-42ed-8ac6-f960950d210b", "indicator--5667e50e-e410-459a-b2ed-f960950d210b", "indicator--5667e50e-e490-40e2-bd98-f960950d210b", "indicator--5667e50f-6db0-4064-bd55-f960950d210b", "indicator--5667e510-02bc-493c-8240-f960950d210b", "indicator--5667e511-e4e8-4892-9027-f960950d210b", "indicator--5667e511-7824-4f52-a52d-f960950d210b", "indicator--5667e511-6ac0-4635-bd58-f960950d210b", "indicator--5667e512-9bbc-4cb6-8288-f960950d210b", "indicator--5667e512-3624-4358-9bc6-f960950d210b", "indicator--5667e513-7340-49f8-ae5f-f960950d210b", "indicator--5667e513-5658-4783-8e49-f960950d210b", "indicator--5667e513-4720-48ae-87fc-f960950d210b", "indicator--5667e514-abc4-4173-b18e-f960950d210b", "indicator--5667e514-92a8-424f-98af-f960950d210b", "indicator--5667e515-1c04-4d03-8b70-f960950d210b", "indicator--5667e515-0730-4e79-9d2c-f960950d210b", "indicator--5667e515-bc58-44a4-88af-f960950d210b", "indicator--5667e516-c4f0-46cb-b238-f960950d210b", "indicator--5667e516-f010-4bac-8040-f960950d210b", "indicator--5667e53b-3ca4-4eee-bf5d-4e13950d210b", "observed-data--5667e577-2274-451b-9464-4bb9950d210b", "url--5667e577-2274-451b-9464-4bb9950d210b", "indicator--5667e577-20e8-4751-ae33-4a5e950d210b", "indicator--5667e578-4b0c-4c1e-b926-435c950d210b", "observed-data--5667e578-6fd4-43f7-9b32-443f950d210b", "url--5667e578-6fd4-43f7-9b32-443f950d210b", "indicator--5667e578-cb50-4d2f-a8f3-420e950d210b", "indicator--5667e579-61e8-4a3a-a281-47ab950d210b", "observed-data--5667e579-8a8c-4006-9f0d-444e950d210b", "url--5667e579-8a8c-4006-9f0d-444e950d210b", "indicator--5667e57a-8ff4-4c0c-b502-457a950d210b", "indicator--5667e57a-65b0-41b0-a157-490a950d210b", "observed-data--5667e57b-d2bc-4d76-ad4c-4686950d210b", "url--5667e57b-d2bc-4d76-ad4c-4686950d210b", "indicator--5667e57b-31e0-4526-b653-4562950d210b", "indicator--5667e57b-f5c0-47fd-96f1-4f7d950d210b", "observed-data--5667e57c-d3d8-491e-8b45-4dfe950d210b", "url--5667e57c-d3d8-491e-8b45-4dfe950d210b", "indicator--5667e57c-afb4-40f5-8d26-4310950d210b", "indicator--5667e57d-6338-46cd-a192-426d950d210b", "observed-data--5667e57d-54b0-4922-8622-492f950d210b", "url--5667e57d-54b0-4922-8622-492f950d210b", "indicator--5667e57d-b090-4188-beea-4594950d210b", "indicator--5667e57e-49f0-4e1f-a813-4ced950d210b", "observed-data--5667e57e-b1bc-4e87-ab9e-4352950d210b", "url--5667e57e-b1bc-4e87-ab9e-4352950d210b", "indicator--5667e57f-c0a8-4481-838f-44ea950d210b", "indicator--5667e57f-b860-4cd8-b8c2-4385950d210b", "observed-data--5667e57f-ee74-4aa4-a678-422e950d210b", "url--5667e57f-ee74-4aa4-a678-422e950d210b", "indicator--5667e580-eb28-4342-9146-4dc2950d210b", "indicator--5667e580-dbf4-497e-b8aa-4ef0950d210b", "observed-data--5667e581-0b4c-4284-af44-4a26950d210b", "url--5667e581-0b4c-4284-af44-4a26950d210b", "indicator--5667e581-39f8-44d5-89cf-4714950d210b", "indicator--5667e582-f7a0-4922-95c1-48d5950d210b", "observed-data--5667e582-f768-4519-b17c-4ea0950d210b", "url--5667e582-f768-4519-b17c-4ea0950d210b", "indicator--5667e582-a8fc-47b9-b870-4726950d210b", "indicator--5667e583-23b4-4e42-84e7-4774950d210b", "observed-data--5667e583-0974-4a75-8e37-4f00950d210b", "url--5667e583-0974-4a75-8e37-4f00950d210b", "indicator--5667e584-520c-4a98-99c8-4f2b950d210b", "indicator--5667e584-8210-411c-aae7-4f3f950d210b", "observed-data--5667e584-c494-4cbb-8bb8-428f950d210b", "url--5667e584-c494-4cbb-8bb8-428f950d210b", "indicator--5667e585-5c5c-4337-9504-4fe4950d210b", "indicator--5667e585-d7e0-43ac-a5f6-4bfa950d210b", "indicator--5667e680-8cec-4889-98f7-edb5950d210b", "indicator--5667e681-d538-418a-9a13-edb5950d210b", "indicator--5667e681-be28-4961-9760-edb5950d210b", "indicator--5667e681-7044-4b83-9732-edb5950d210b", "indicator--5667e682-9550-4fa5-b0d8-edb5950d210b", "indicator--5667e682-9908-41b8-9545-edb5950d210b", "indicator--5667e683-2b70-4b75-ad2c-edb5950d210b", "indicator--5667e683-2dac-46cc-b3a3-edb5950d210b", "indicator--5667e683-eaa4-4922-8f96-edb5950d210b", "indicator--5667e684-6370-4800-9824-edb5950d210b", "indicator--5667e684-8b98-4caa-b3ad-edb5950d210b", "indicator--5667e685-573c-4291-afd5-edb5950d210b", "indicator--5667e685-05e0-4e09-b025-edb5950d210b", "indicator--5667e686-6b74-4921-8c3c-edb5950d210b", "indicator--5667e687-2364-49c6-b12a-edb5950d210b", "indicator--5667e688-f720-4205-be66-edb5950d210b", "indicator--5667e688-35f0-4bea-a2a4-edb5950d210b", "indicator--5667e689-1c74-457f-9003-edb5950d210b", "indicator--5667e689-d464-4524-ae77-edb5950d210b", "indicator--5667e68a-c428-47b6-8e89-edb5950d210b", "indicator--5667e68a-bc2c-4922-9ead-edb5950d210b", "indicator--5667e68b-818c-47cd-be91-edb5950d210b", "indicator--5667e68c-ca04-403c-b56a-edb5950d210b", "indicator--5667e68d-62e0-4ec9-a6e1-edb5950d210b", "indicator--5667e68d-ba10-41c7-a602-edb5950d210b", "indicator--5667e68d-2e38-4246-9aaf-edb5950d210b", "indicator--5667e68e-29fc-4121-814c-edb5950d210b", "indicator--5667e68e-02b8-4922-a4ab-edb5950d210b", "indicator--5667e68f-4968-46d1-a6fb-edb5950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "misp-galaxy:threat-actor=\"Packrat\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5667e401-6e9c-4eb3-98e1-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:19:13.000Z", "modified": "2015-12-09T08:19:13.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.\r\n\r\nAfter observing a wave of attacks in Ecuador in 2015, we linked these attacks to a campaign active in Argentina in 2014. The targeting in Argentina was discovered when the attackers attempted to compromise the devices of Alberto Nisman and Jorge Lanata. Building on what we had learned about these two campaigns, we then traced the group\u00e2\u20ac\u2122s activities back as far as 2008.\r\n\r\nThis report brings together many of the pieces of this campaign, from malware and phishing, to command and control infrastructure spread across Latin America. It also highlights fake online organizations that Packrat has created in Venezuela and Ecuador. Who is responsible? We assess several scenarios, and consider the most likely to be that Packrat is sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence. However, we do not conclusively attribute Packrat to a particular sponsor." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e410-8d30-43cf-9b1d-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:19:28.000Z", "modified": "2015-12-09T08:19:28.000Z", "first_observed": "2015-12-09T08:19:28Z", "last_observed": "2015-12-09T08:19:28Z", "number_observed": 1, "object_refs": [ "url--5667e410-8d30-43cf-9b1d-f960950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e410-8d30-43cf-9b1d-f960950d210b", "value": "https://citizenlab.org/2015/12/packrat-report/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e452-3bf8-471b-acf8-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:34.000Z", "modified": "2015-12-09T08:20:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'dd1101adc86fd282f5f183942cc2f3b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e453-96b0-4ea7-8fa9-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:35.000Z", "modified": "2015-12-09T08:20:35.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'wjwj.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e453-d6a8-4f26-9595-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:35.000Z", "modified": "2015-12-09T08:20:35.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ruley.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e453-9844-4a09-8210-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:35.000Z", "modified": "2015-12-09T08:20:35.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'lolinha.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e454-d170-4f35-b5ab-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:36.000Z", "modified": "2015-12-09T08:20:36.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '2d722592a4e3c8030410dccccb221ce4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e454-8938-4b22-b5b9-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:36.000Z", "modified": "2015-12-09T08:20:36.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'd2adecc6287dd4d559fe6ce2ce7a7e31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e455-95a4-4032-bfeb-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:37.000Z", "modified": "2015-12-09T08:20:37.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '93b630891db21a4a2350280a360c713d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e455-3cdc-4f27-bc4b-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:37.000Z", "modified": "2015-12-09T08:20:37.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'a73351623577f44a2b578fed1e78e37e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e455-6c28-47e0-8e49-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:37.000Z", "modified": "2015-12-09T08:20:37.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '5a8975873f52436377d8fb0b5ab0d87a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e456-bd6c-4d1a-8598-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:38.000Z", "modified": "2015-12-09T08:20:38.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'ed8d7ed45b64890b8901b735018318f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e456-2854-42f3-aa2e-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:38.000Z", "modified": "2015-12-09T08:20:38.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'c2237e9d415f542ce6e73adb260af123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e457-44e4-48b8-8e12-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:39.000Z", "modified": "2015-12-09T08:20:39.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '2827450763b55c5e71fda3caaf8e75f9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e457-474c-45c8-bdaf-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:39.000Z", "modified": "2015-12-09T08:20:39.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'bc97437fec7e7e8634c2eabae3cc4832']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e457-9a50-4638-8336-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:39.000Z", "modified": "2015-12-09T08:20:39.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'taskmgr.serveftp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e458-d6ac-4a1e-818e-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:40.000Z", "modified": "2015-12-09T08:20:40.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'd7f34168b1a7dd7cbd8e62a5ab1ebc0e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e458-ddf4-46db-975f-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:40.000Z", "modified": "2015-12-09T08:20:40.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'taskmgr.servehttp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e459-e850-4104-bb40-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:41.000Z", "modified": "2015-12-09T08:20:41.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '6c34d4296126679d9c6a0bc2660dc453']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e459-43b4-4d18-8872-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:41.000Z", "modified": "2015-12-09T08:20:41.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'efc0009d76a2057f86c5f00030378c72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e459-983c-43e3-957e-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:41.000Z", "modified": "2015-12-09T08:20:41.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'daynews.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e45a-9ad4-4a75-884a-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:42.000Z", "modified": "2015-12-09T08:20:42.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '74613eae84347183b4ca61b912a4573f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e45a-1054-4477-8565-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:42.000Z", "modified": "2015-12-09T08:20:42.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'd2f151312f7dee2483ddcab9766b56db']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e45b-a24c-450f-88c8-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:43.000Z", "modified": "2015-12-09T08:20:43.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = 'ea7bcf58a4ccdecb0c64e56b9998a4ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e45b-406c-4a1e-a719-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:43.000Z", "modified": "2015-12-09T08:20:43.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '1e4265a0c37773c2372b97bb6630ae57']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e45b-f2fc-4b3a-a444-a716950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:20:43.000Z", "modified": "2015-12-09T08:20:43.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.MD5 = '08a3bb5b220eb1e0dc2ecccbbc6859f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:20:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e47f-5094-40f4-9c1a-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:21:19.000Z", "modified": "2015-12-09T08:21:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.12.150.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:21:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4a8-1b1c-48b6-9795-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:00.000Z", "modified": "2015-12-09T08:22:00.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'support-java.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4a8-71a0-40f7-b18e-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:00.000Z", "modified": "2015-12-09T08:22:00.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'lavozamericana.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4a9-0a2c-497f-b668-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:01.000Z", "modified": "2015-12-09T08:22:01.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'login-office365.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4a9-f478-42aa-b3aa-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:01.000Z", "modified": "2015-12-09T08:22:01.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'support-whatsapp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4aa-20e4-41ef-ba84-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:02.000Z", "modified": "2015-12-09T08:22:02.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'mgoogle.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4aa-4a54-40ef-aefd-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:02.000Z", "modified": "2015-12-09T08:22:02.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'android-flash.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4aa-bf4c-4fd9-93cc-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:02.000Z", "modified": "2015-12-09T08:22:02.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'pancaliente.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ab-dd04-49c9-bd1a-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:03.000Z", "modified": "2015-12-09T08:22:03.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'soporte-gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ab-a764-4673-9d1b-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:03.000Z", "modified": "2015-12-09T08:22:03.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'soporte-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ac-d7c8-4e98-ae7a-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:04.000Z", "modified": "2015-12-09T08:22:04.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'autorizacion-gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ac-aa0c-4669-9241-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:04.000Z", "modified": "2015-12-09T08:22:04.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'support-gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ad-92fc-4ba3-b301-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:05.000Z", "modified": "2015-12-09T08:22:05.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'login-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4ad-1784-4d65-8e7f-f81b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:05.000Z", "modified": "2015-12-09T08:22:05.000Z", "description": "Suspicious domains registered by enripintos123@outlook.es", "pattern": "[domain-name:value = 'logon-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5667e4c9-549c-4a4f-8db4-e992950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:33.000Z", "modified": "2015-12-09T08:22:33.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_comment": "Whois record (registrant)", "x_misp_type": "text", "x_misp_value": "enripintos123@outlook.es" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e2-db00-4452-ae1e-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:58.000Z", "modified": "2015-12-09T08:22:58.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'support-login-validate-outlook.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e3-42e0-4ffc-b9e7-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:59.000Z", "modified": "2015-12-09T08:22:59.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'verify-gmail-support-secure.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e3-0958-4c15-aae1-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:22:59.000Z", "modified": "2015-12-09T08:22:59.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'soporte-login-account-gmail.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:22:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e4-0b54-4931-b663-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:00.000Z", "modified": "2015-12-09T08:23:00.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'soporte-login-account-yahoo.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e4-b994-4df8-98ee-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:00.000Z", "modified": "2015-12-09T08:23:00.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'focusecuador.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e4-caa8-4af6-ae94-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:00.000Z", "modified": "2015-12-09T08:23:00.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '1.update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e5-08d0-4fe7-89ac-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:01.000Z", "modified": "2015-12-09T08:23:01.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '2.update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e5-f194-43f2-ad6d-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:01.000Z", "modified": "2015-12-09T08:23:01.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '1.desk-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e6-922c-4cc7-a8b5-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:02.000Z", "modified": "2015-12-09T08:23:02.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '2.desk-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e6-2b24-4264-b41c-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:02.000Z", "modified": "2015-12-09T08:23:02.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '2.mlogin-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e6-903c-42b2-8477-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:02.000Z", "modified": "2015-12-09T08:23:02.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '1.mlogin-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e7-6978-4808-b4e8-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:03.000Z", "modified": "2015-12-09T08:23:03.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '1.soporte-google.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e7-995c-46eb-8f36-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:03.000Z", "modified": "2015-12-09T08:23:03.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = '2.soporte-google.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e8-c328-4a10-a6d6-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:04.000Z", "modified": "2015-12-09T08:23:04.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'mlogin-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e8-cbf8-4379-844e-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:04.000Z", "modified": "2015-12-09T08:23:04.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'ns2.mlogin-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e4e8-cdc4-43b0-a73e-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:04.000Z", "modified": "2015-12-09T08:23:04.000Z", "description": "193.105.134.27", "pattern": "[domain-name:value = 'ns1.mlogin-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e507-0344-4359-a157-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:35.000Z", "modified": "2015-12-09T08:23:35.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'soporte-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e508-ca08-4949-9e4b-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:36.000Z", "modified": "2015-12-09T08:23:36.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e508-90a4-4701-b9f8-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:36.000Z", "modified": "2015-12-09T08:23:36.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'deyrep.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e509-bd5c-4596-a28b-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:37.000Z", "modified": "2015-12-09T08:23:37.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'support-whatsapp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e509-545c-4ba7-bc6b-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:37.000Z", "modified": "2015-12-09T08:23:37.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'blackboxmusic.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50a-daf4-455a-a8a9-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:38.000Z", "modified": "2015-12-09T08:23:38.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'www.blackboxmusic.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50b-ab48-4dc1-86fa-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:39.000Z", "modified": "2015-12-09T08:23:39.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'mail-account-update.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50b-6a9c-480c-9242-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:39.000Z", "modified": "2015-12-09T08:23:39.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'soporte-gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50c-3ccc-475a-b15a-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:40.000Z", "modified": "2015-12-09T08:23:40.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'login-office365.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50c-cddc-4309-b155-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:40.000Z", "modified": "2015-12-09T08:23:40.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'lavozmericana.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50d-793c-4a5a-a478-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:41.000Z", "modified": "2015-12-09T08:23:41.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'support-java.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50d-f5ec-42ed-8ac6-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:41.000Z", "modified": "2015-12-09T08:23:41.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'pancaliente.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50e-e410-459a-b2ed-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:42.000Z", "modified": "2015-12-09T08:23:42.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'logon-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50e-e490-40e2-bd98-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:42.000Z", "modified": "2015-12-09T08:23:42.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'movimientoanticorreista.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e50f-6db0-4064-bd55-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:43.000Z", "modified": "2015-12-09T08:23:43.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'mgoogle.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e510-02bc-493c-8240-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:44.000Z", "modified": "2015-12-09T08:23:44.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'lavozamericana.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e511-e4e8-4892-9027-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:45.000Z", "modified": "2015-12-09T08:23:45.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'n3.pancaliente.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e511-7824-4f52-a52d-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:45.000Z", "modified": "2015-12-09T08:23:45.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'n4.pancaliente.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e511-6ac0-4635-bd58-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:45.000Z", "modified": "2015-12-09T08:23:45.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'ns1.deyrep.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e512-9bbc-4cb6-8288-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:46.000Z", "modified": "2015-12-09T08:23:46.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'ns2.deyrep.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e512-3624-4358-9bc6-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:46.000Z", "modified": "2015-12-09T08:23:46.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'n1.login-office365.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e513-7340-49f8-ae5f-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:47.000Z", "modified": "2015-12-09T08:23:47.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'n2.login-office365.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e513-5658-4783-8e49-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:47.000Z", "modified": "2015-12-09T08:23:47.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = '1.lavozamericana.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e513-4720-48ae-87fc-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:47.000Z", "modified": "2015-12-09T08:23:47.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = '2.lavozamericana.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e514-abc4-4173-b18e-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:48.000Z", "modified": "2015-12-09T08:23:48.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'n1.update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e514-92a8-424f-98af-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:48.000Z", "modified": "2015-12-09T08:23:48.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'ns.update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e515-1c04-4d03-8b70-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:49.000Z", "modified": "2015-12-09T08:23:49.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = '1.chavistas24.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e515-0730-4e79-9d2c-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:49.000Z", "modified": "2015-12-09T08:23:49.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = '2.chavistas24.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e515-bc58-44a4-88af-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:49.000Z", "modified": "2015-12-09T08:23:49.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 's1.mgoogle.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e516-c4f0-46cb-b238-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:50.000Z", "modified": "2015-12-09T08:23:50.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 's2.mgoogle.us']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e516-f010-4bac-8040-f960950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:23:50.000Z", "modified": "2015-12-09T08:23:50.000Z", "description": "198.12.150.249", "pattern": "[domain-name:value = 'chavistas24.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:23:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e53b-3ca4-4eee-bf5d-4e13950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:24:27.000Z", "modified": "2015-12-09T08:24:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.105.134.27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:24:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e577-2274-451b-9464-4bb9950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:27.000Z", "modified": "2015-12-09T08:25:27.000Z", "first_observed": "2015-12-09T08:25:27Z", "last_observed": "2015-12-09T08:25:27Z", "number_observed": 1, "object_refs": [ "url--5667e577-2274-451b-9464-4bb9950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e577-2274-451b-9464-4bb9950d210b", "value": "https://www.virustotal.com/file/56ea4781ccefb7596e77fcb7a57fb703007f2fb9b94fe33a3cc5257ab7996d1c/analysis/1449039349/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e577-20e8-4751-ae33-4a5e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:27.000Z", "modified": "2015-12-09T08:25:27.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 6c34d4296126679d9c6a0bc2660dc453", "pattern": "[file:hashes.SHA256 = '1f76c2957c2c39ec83a817479dda38c5047d153dbe466c2aabff7b4354e0647f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e578-4b0c-4c1e-b926-435c950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:28.000Z", "modified": "2015-12-09T08:25:28.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 6c34d4296126679d9c6a0bc2660dc453", "pattern": "[file:hashes.SHA1 = '8418833e6898e07c8a3124ec79ccb531306830c2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e578-6fd4-43f7-9b32-443f950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:28.000Z", "modified": "2015-12-09T08:25:28.000Z", "first_observed": "2015-12-09T08:25:28Z", "last_observed": "2015-12-09T08:25:28Z", "number_observed": 1, "object_refs": [ "url--5667e578-6fd4-43f7-9b32-443f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e578-6fd4-43f7-9b32-443f950d210b", "value": "https://www.virustotal.com/file/1f76c2957c2c39ec83a817479dda38c5047d153dbe466c2aabff7b4354e0647f/analysis/1425547957/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e578-cb50-4d2f-a8f3-420e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:28.000Z", "modified": "2015-12-09T08:25:28.000Z", "description": "Imported via the freetext import. - Xchecked via VT: d7f34168b1a7dd7cbd8e62a5ab1ebc0e", "pattern": "[file:hashes.SHA256 = '7a763ecc8ab23c3ade2455c2e91b506be910bed686fc3d32acb9574d7d5abf27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e579-61e8-4a3a-a281-47ab950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:29.000Z", "modified": "2015-12-09T08:25:29.000Z", "description": "Imported via the freetext import. - Xchecked via VT: d7f34168b1a7dd7cbd8e62a5ab1ebc0e", "pattern": "[file:hashes.SHA1 = 'a5864e9eb81755992d16138ddbd1e40c3fef3464']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e579-8a8c-4006-9f0d-444e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:29.000Z", "modified": "2015-12-09T08:25:29.000Z", "first_observed": "2015-12-09T08:25:29Z", "last_observed": "2015-12-09T08:25:29Z", "number_observed": 1, "object_refs": [ "url--5667e579-8a8c-4006-9f0d-444e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e579-8a8c-4006-9f0d-444e950d210b", "value": "https://www.virustotal.com/file/7a763ecc8ab23c3ade2455c2e91b506be910bed686fc3d32acb9574d7d5abf27/analysis/1406503376/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57a-8ff4-4c0c-b502-457a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:30.000Z", "modified": "2015-12-09T08:25:30.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bc97437fec7e7e8634c2eabae3cc4832", "pattern": "[file:hashes.SHA256 = 'cfb7d7c6a5dbda5737e492bb2bacfecd975a4c0977050184a948dd5c25ab8b7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57a-65b0-41b0-a157-490a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:30.000Z", "modified": "2015-12-09T08:25:30.000Z", "description": "Imported via the freetext import. - Xchecked via VT: bc97437fec7e7e8634c2eabae3cc4832", "pattern": "[file:hashes.SHA1 = 'cac350f2d108dfb81e33833d55f19d79a79d8a54']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e57b-d2bc-4d76-ad4c-4686950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:31.000Z", "modified": "2015-12-09T08:25:31.000Z", "first_observed": "2015-12-09T08:25:31Z", "last_observed": "2015-12-09T08:25:31Z", "number_observed": 1, "object_refs": [ "url--5667e57b-d2bc-4d76-ad4c-4686950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e57b-d2bc-4d76-ad4c-4686950d210b", "value": "https://www.virustotal.com/file/cfb7d7c6a5dbda5737e492bb2bacfecd975a4c0977050184a948dd5c25ab8b7d/analysis/1405023273/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57b-31e0-4526-b653-4562950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:31.000Z", "modified": "2015-12-09T08:25:31.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2827450763b55c5e71fda3caaf8e75f9", "pattern": "[file:hashes.SHA256 = '3c22bcf90b1f94691f9982de6d603f27517799684cbc77e0e1b08e327a0e4c00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57b-f5c0-47fd-96f1-4f7d950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:31.000Z", "modified": "2015-12-09T08:25:31.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2827450763b55c5e71fda3caaf8e75f9", "pattern": "[file:hashes.SHA1 = '6e37f617bd982254d84860987c72bee0fc547fe2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e57c-d3d8-491e-8b45-4dfe950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:32.000Z", "modified": "2015-12-09T08:25:32.000Z", "first_observed": "2015-12-09T08:25:32Z", "last_observed": "2015-12-09T08:25:32Z", "number_observed": 1, "object_refs": [ "url--5667e57c-d3d8-491e-8b45-4dfe950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e57c-d3d8-491e-8b45-4dfe950d210b", "value": "https://www.virustotal.com/file/3c22bcf90b1f94691f9982de6d603f27517799684cbc77e0e1b08e327a0e4c00/analysis/1370016723/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57c-afb4-40f5-8d26-4310950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:32.000Z", "modified": "2015-12-09T08:25:32.000Z", "description": "Imported via the freetext import. - Xchecked via VT: c2237e9d415f542ce6e73adb260af123", "pattern": "[file:hashes.SHA256 = '6eeb5bcfc5d28ccad251035b11b08d553f7d10e22574209524b71a0dff1dcd3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57d-6338-46cd-a192-426d950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:33.000Z", "modified": "2015-12-09T08:25:33.000Z", "description": "Imported via the freetext import. - Xchecked via VT: c2237e9d415f542ce6e73adb260af123", "pattern": "[file:hashes.SHA1 = '5784d614d6844343014c8205114c69bb472f1c20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e57d-54b0-4922-8622-492f950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:33.000Z", "modified": "2015-12-09T08:25:33.000Z", "first_observed": "2015-12-09T08:25:33Z", "last_observed": "2015-12-09T08:25:33Z", "number_observed": 1, "object_refs": [ "url--5667e57d-54b0-4922-8622-492f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e57d-54b0-4922-8622-492f950d210b", "value": "https://www.virustotal.com/file/6eeb5bcfc5d28ccad251035b11b08d553f7d10e22574209524b71a0dff1dcd3f/analysis/1368784928/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57d-b090-4188-beea-4594950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:33.000Z", "modified": "2015-12-09T08:25:33.000Z", "description": "Imported via the freetext import. - Xchecked via VT: ed8d7ed45b64890b8901b735018318f3", "pattern": "[file:hashes.SHA256 = 'db6883b0dd7c5d3a23fb9609b087e8494cb08ca9d478878e07d868bf68e52267']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57e-49f0-4e1f-a813-4ced950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:34.000Z", "modified": "2015-12-09T08:25:34.000Z", "description": "Imported via the freetext import. - Xchecked via VT: ed8d7ed45b64890b8901b735018318f3", "pattern": "[file:hashes.SHA1 = 'c80aebbe1bfd64308f329ceb79ee1b35559581a9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e57e-b1bc-4e87-ab9e-4352950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:34.000Z", "modified": "2015-12-09T08:25:34.000Z", "first_observed": "2015-12-09T08:25:34Z", "last_observed": "2015-12-09T08:25:34Z", "number_observed": 1, "object_refs": [ "url--5667e57e-b1bc-4e87-ab9e-4352950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e57e-b1bc-4e87-ab9e-4352950d210b", "value": "https://www.virustotal.com/file/db6883b0dd7c5d3a23fb9609b087e8494cb08ca9d478878e07d868bf68e52267/analysis/1353091550/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57f-c0a8-4481-838f-44ea950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:35.000Z", "modified": "2015-12-09T08:25:35.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 5a8975873f52436377d8fb0b5ab0d87a", "pattern": "[file:hashes.SHA256 = '7525af4888f939e7a1df51bb8737a887af0b705d72e89a0b573f35ea57ace888']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e57f-b860-4cd8-b8c2-4385950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:35.000Z", "modified": "2015-12-09T08:25:35.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 5a8975873f52436377d8fb0b5ab0d87a", "pattern": "[file:hashes.SHA1 = 'ddbfabcc9dccf34dd9e50493e9087b3a9cbcea66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e57f-ee74-4aa4-a678-422e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:35.000Z", "modified": "2015-12-09T08:25:35.000Z", "first_observed": "2015-12-09T08:25:35Z", "last_observed": "2015-12-09T08:25:35Z", "number_observed": 1, "object_refs": [ "url--5667e57f-ee74-4aa4-a678-422e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e57f-ee74-4aa4-a678-422e950d210b", "value": "https://www.virustotal.com/file/7525af4888f939e7a1df51bb8737a887af0b705d72e89a0b573f35ea57ace888/analysis/1351886880/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e580-eb28-4342-9146-4dc2950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:36.000Z", "modified": "2015-12-09T08:25:36.000Z", "description": "Imported via the freetext import. - Xchecked via VT: a73351623577f44a2b578fed1e78e37e", "pattern": "[file:hashes.SHA256 = 'e125218316467d4749e957b87201f8fd4c4ba14857588d2aca57d94294137a00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e580-dbf4-497e-b8aa-4ef0950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:36.000Z", "modified": "2015-12-09T08:25:36.000Z", "description": "Imported via the freetext import. - Xchecked via VT: a73351623577f44a2b578fed1e78e37e", "pattern": "[file:hashes.SHA1 = '6606c890794b0243c0d34fa8f09ead02569f0ea4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e581-0b4c-4284-af44-4a26950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:37.000Z", "modified": "2015-12-09T08:25:37.000Z", "first_observed": "2015-12-09T08:25:37Z", "last_observed": "2015-12-09T08:25:37Z", "number_observed": 1, "object_refs": [ "url--5667e581-0b4c-4284-af44-4a26950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e581-0b4c-4284-af44-4a26950d210b", "value": "https://www.virustotal.com/file/e125218316467d4749e957b87201f8fd4c4ba14857588d2aca57d94294137a00/analysis/1367977231/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e581-39f8-44d5-89cf-4714950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:37.000Z", "modified": "2015-12-09T08:25:37.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 93b630891db21a4a2350280a360c713d", "pattern": "[file:hashes.SHA256 = 'c10f703839ec0a82a248883b1b8885747b5fb145d0aeb0bad71e06980425a4fa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e582-f7a0-4922-95c1-48d5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:38.000Z", "modified": "2015-12-09T08:25:38.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 93b630891db21a4a2350280a360c713d", "pattern": "[file:hashes.SHA1 = '3b75f27d1bd1c41989b0f5ff3a4e44998eb45609']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e582-f768-4519-b17c-4ea0950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:38.000Z", "modified": "2015-12-09T08:25:38.000Z", "first_observed": "2015-12-09T08:25:38Z", "last_observed": "2015-12-09T08:25:38Z", "number_observed": 1, "object_refs": [ "url--5667e582-f768-4519-b17c-4ea0950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e582-f768-4519-b17c-4ea0950d210b", "value": "https://www.virustotal.com/file/c10f703839ec0a82a248883b1b8885747b5fb145d0aeb0bad71e06980425a4fa/analysis/1355946685/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e582-a8fc-47b9-b870-4726950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:38.000Z", "modified": "2015-12-09T08:25:38.000Z", "description": "Imported via the freetext import. - Xchecked via VT: d2adecc6287dd4d559fe6ce2ce7a7e31", "pattern": "[file:hashes.SHA256 = 'e17bdf72b3c6c53a3ee77e3edc0b9cf7a2eb194210e071f4eb80aa1d6ee3cb2d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e583-23b4-4e42-84e7-4774950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:39.000Z", "modified": "2015-12-09T08:25:39.000Z", "description": "Imported via the freetext import. - Xchecked via VT: d2adecc6287dd4d559fe6ce2ce7a7e31", "pattern": "[file:hashes.SHA1 = '9e0f81958a03b9a50be4c3b10971b80c6eefd78f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e583-0974-4a75-8e37-4f00950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:39.000Z", "modified": "2015-12-09T08:25:39.000Z", "first_observed": "2015-12-09T08:25:39Z", "last_observed": "2015-12-09T08:25:39Z", "number_observed": 1, "object_refs": [ "url--5667e583-0974-4a75-8e37-4f00950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e583-0974-4a75-8e37-4f00950d210b", "value": "https://www.virustotal.com/file/e17bdf72b3c6c53a3ee77e3edc0b9cf7a2eb194210e071f4eb80aa1d6ee3cb2d/analysis/1347227934/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e584-520c-4a98-99c8-4f2b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:40.000Z", "modified": "2015-12-09T08:25:40.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2d722592a4e3c8030410dccccb221ce4", "pattern": "[file:hashes.SHA256 = 'ab40d67f4ed686f8f7cf686fc9c8a6f9f8f2b6fd80e0bf8e129875e2e428f24e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e584-8210-411c-aae7-4f3f950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:40.000Z", "modified": "2015-12-09T08:25:40.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 2d722592a4e3c8030410dccccb221ce4", "pattern": "[file:hashes.SHA1 = 'e4da283e0a6744a5339cf7f7d6f6e11026a6d9e4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5667e584-c494-4cbb-8bb8-428f950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:40.000Z", "modified": "2015-12-09T08:25:40.000Z", "first_observed": "2015-12-09T08:25:40Z", "last_observed": "2015-12-09T08:25:40Z", "number_observed": 1, "object_refs": [ "url--5667e584-c494-4cbb-8bb8-428f950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5667e584-c494-4cbb-8bb8-428f950d210b", "value": "https://www.virustotal.com/file/ab40d67f4ed686f8f7cf686fc9c8a6f9f8f2b6fd80e0bf8e129875e2e428f24e/analysis/1345738881/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e585-5c5c-4337-9504-4fe4950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:41.000Z", "modified": "2015-12-09T08:25:41.000Z", "description": "Imported via the freetext import. - Xchecked via VT: dd1101adc86fd282f5f183942cc2f3b7", "pattern": "[file:hashes.SHA256 = '56ea4781ccefb7596e77fcb7a57fb703007f2fb9b94fe33a3cc5257ab7996d1c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e585-d7e0-43ac-a5f6-4bfa950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:25:41.000Z", "modified": "2015-12-09T08:25:41.000Z", "description": "Imported via the freetext import. - Xchecked via VT: dd1101adc86fd282f5f183942cc2f3b7", "pattern": "[file:hashes.SHA1 = '44e6fb6aa66fc40a4389eb287d90cfef9593738b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:25:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e680-8cec-4889-98f7-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:52.000Z", "modified": "2015-12-09T08:29:52.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'bit.ly/1wl3ye2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e681-d538-418a-9a13-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:53.000Z", "modified": "2015-12-09T08:29:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'blackboxmusic.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e681-be28-4961-9760-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:53.000Z", "modified": "2015-12-09T08:29:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-blackberry.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e681-7044-4b83-9732-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:53.000Z", "modified": "2015-12-09T08:29:53.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-facebook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e682-9550-4fa5-b0d8-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:54.000Z", "modified": "2015-12-09T08:29:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-icloud.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e682-9908-41b8-9545-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:54.000Z", "modified": "2015-12-09T08:29:54.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-outlook.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e683-2b70-4b75-ad2c-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:55.000Z", "modified": "2015-12-09T08:29:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-twitter.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e683-2dac-46cc-b3a3-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:55.000Z", "modified": "2015-12-09T08:29:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'confirmation-yahoo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e683-eaa4-4922-8f96-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:55.000Z", "modified": "2015-12-09T08:29:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'deyrep.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e684-6370-4800-9824-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:56.000Z", "modified": "2015-12-09T08:29:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ecuadorenvivo.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e684-8b98-4caa-b3ad-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:56.000Z", "modified": "2015-12-09T08:29:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'focusecuador.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e685-573c-4291-afd5-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:57.000Z", "modified": "2015-12-09T08:29:57.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'inyurl.com/q4kaf68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e685-05e0-4e09-b025-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:57.000Z", "modified": "2015-12-09T08:29:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'justicia-desvinculados.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e686-6b74-4921-8c3c-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:58.000Z", "modified": "2015-12-09T08:29:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'main-local-latam-soporte-widget.cu9.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e687-2364-49c6-b12a-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:29:59.000Z", "modified": "2015-12-09T08:29:59.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'main-local-latam-widget-soporte.cu9.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:29:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e688-f720-4205-be66-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:00.000Z", "modified": "2015-12-09T08:30:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'movimientoanticorreista.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e688-35f0-4bea-a2a4-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:00.000Z", "modified": "2015-12-09T08:30:00.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'no-creo.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e689-1c74-457f-9003-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:01.000Z", "modified": "2015-12-09T08:30:01.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'soporte-login-account-gmail.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e689-d464-4524-ae77-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:01.000Z", "modified": "2015-12-09T08:30:01.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'soporte-login-account-yahoo.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68a-c428-47b6-8e89-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:02.000Z", "modified": "2015-12-09T08:30:02.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'soporte-main-local-latam-es.cu9.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68a-bc2c-4922-9ead-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:02.000Z", "modified": "2015-12-09T08:30:02.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'soporte-main-local-latam-us.cu9.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68b-818c-47cd-be91-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:03.000Z", "modified": "2015-12-09T08:30:03.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'support-login-validate-outlook.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68c-ca04-403c-b56a-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:04.000Z", "modified": "2015-12-09T08:30:04.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/ol6qzec']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68d-62e0-4ec9-a6e1-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:05.000Z", "modified": "2015-12-09T08:30:05.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/pl843ws']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68d-ba10-41c7-a602-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:05.000Z", "modified": "2015-12-09T08:30:05.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/px28gsa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68d-2e38-4246-9aaf-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:05.000Z", "modified": "2015-12-09T08:30:05.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/q3zdyk8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68e-29fc-4121-814c-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:06.000Z", "modified": "2015-12-09T08:30:06.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/q4kaf68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68e-02b8-4922-a4ab-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:06.000Z", "modified": "2015-12-09T08:30:06.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'tinyurl.com/qxzz6ky']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5667e68f-4968-46d1-a6fb-edb5950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-12-09T08:30:07.000Z", "modified": "2015-12-09T08:30:07.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'update-outlook.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-09T08:30:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }