{ "type": "bundle", "id": "bundle--566f4900-9da4-4ee7-b237-8a63950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:58:02.000Z", "modified": "2015-12-14T22:58:02.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--566f4900-9da4-4ee7-b237-8a63950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:58:02.000Z", "modified": "2015-12-14T22:58:02.000Z", "name": "OSINT IOC from ponmocup malware", "published": "2015-12-14T22:59:31Z", "object_refs": [ "indicator--566f4915-adb4-4496-9bd5-a574950d210b", "indicator--566f4916-92f8-4aa6-928e-a574950d210b", "indicator--566f4916-d0ac-4e74-a055-a574950d210b", "indicator--566f4917-a55c-47db-891c-a574950d210b", "indicator--566f4917-1e18-42c3-8707-a574950d210b", "indicator--566f4917-a124-4e5f-bfba-a574950d210b", "indicator--566f4918-b28c-4245-87f0-a574950d210b", "indicator--566f4918-4ebc-4708-86e1-a574950d210b", "indicator--566f4919-45d0-4e98-be23-a574950d210b", "indicator--566f4919-6b90-4fa6-9a3f-a574950d210b", "indicator--566f4919-4674-416e-bb99-a574950d210b", "indicator--566f491a-8a64-4613-b793-a574950d210b", "indicator--566f491a-f210-4e4d-b986-a574950d210b", "indicator--566f491b-216c-4a56-b1db-a574950d210b", "indicator--566f491b-9db0-4350-94ff-a574950d210b", "indicator--566f491c-15a0-481d-9df8-a574950d210b", "indicator--566f491c-a0a0-488c-8927-a574950d210b", "indicator--566f491c-18fc-48c9-ad68-a574950d210b", "indicator--566f491d-3150-4c52-8e49-a574950d210b", "indicator--566f491d-6924-4cf0-825c-a574950d210b", "indicator--566f491e-6d3c-4186-8568-a574950d210b", "indicator--566f491e-da44-41f0-b282-a574950d210b", "indicator--566f491e-0540-42da-8b26-a574950d210b", "indicator--566f491f-dce4-40d3-afb6-a574950d210b", "indicator--566f491f-5f9c-40a9-81bd-a574950d210b", "indicator--566f4920-52fc-4f13-81d6-a574950d210b", "indicator--566f4920-8a88-4ea5-bc4a-a574950d210b", "indicator--566f4921-c744-4cb1-9238-a574950d210b", "indicator--566f4921-da44-4879-86ec-a574950d210b", "indicator--566f4921-a96c-43c7-b2d1-a574950d210b", "indicator--566f4922-71fc-4ee4-b91d-a574950d210b", "indicator--566f4922-64f0-4581-8372-a574950d210b", "indicator--566f4923-4b70-4e1a-9df5-a574950d210b", "indicator--566f4923-7400-49da-9611-a574950d210b", "indicator--566f4923-12d0-41f4-9548-a574950d210b", "indicator--566f4924-906c-4980-a6a9-a574950d210b", "indicator--566f4924-5814-4e17-9521-a574950d210b", "indicator--566f4925-6408-4ced-9f21-a574950d210b", "indicator--566f4925-ebd0-4ce3-9daa-a574950d210b", "indicator--566f4926-5af8-442a-b61b-a574950d210b", "indicator--566f4926-f170-4f1c-a1d0-a574950d210b", "indicator--566f4926-37dc-4ff7-873c-a574950d210b", "indicator--566f4927-bff0-42ad-9dce-a574950d210b", "indicator--566f4927-50a0-4968-ac7b-a574950d210b", "indicator--566f4928-88e8-456a-9577-a574950d210b", "indicator--566f4928-57c4-42fa-b346-a574950d210b", "indicator--566f4928-ce80-4589-9dd5-a574950d210b", "indicator--566f4929-a55c-4a09-a738-a574950d210b", "indicator--566f4929-9624-4065-b010-a574950d210b", "indicator--566f492a-6ef4-49f7-853b-a574950d210b", "indicator--566f492a-30f4-4d47-b599-a574950d210b", "indicator--566f492b-7f34-46e2-aebc-a574950d210b", "indicator--566f492b-6868-4990-ba9f-a574950d210b", "indicator--566f492b-5fe8-4926-8e02-a574950d210b", "indicator--566f492c-2814-4e9d-ad63-a574950d210b", "indicator--566f492c-ded8-4b5a-9304-a574950d210b", "indicator--566f492d-819c-4959-b0d5-a574950d210b", "indicator--566f492d-4ff0-4b17-a699-a574950d210b", "indicator--566f492d-0068-4aab-9c3e-a574950d210b", "indicator--566f492e-dd18-4e79-8eab-a574950d210b", "indicator--566f492e-b3f8-4f60-8e8a-a574950d210b", "indicator--566f492f-f9e8-4542-86f9-a574950d210b", "indicator--566f492f-6e54-43ad-81e4-a574950d210b", "indicator--566f492f-5308-409f-985a-a574950d210b", "indicator--566f4930-d58c-4945-ad45-a574950d210b", "indicator--566f4930-372c-4629-a1ab-a574950d210b", "indicator--566f4931-7154-47a1-9f5e-a574950d210b", "indicator--566f4931-094c-4916-a929-a574950d210b", "indicator--566f4932-bd68-4ad6-a267-a574950d210b", "indicator--566f4932-46a4-4967-a92a-a574950d210b", "indicator--566f4932-239c-43be-a948-a574950d210b", "indicator--566f4933-1df4-4fc7-b844-a574950d210b", "indicator--566f4933-1794-477f-a1c9-a574950d210b", "indicator--566f4934-d908-45fd-86c4-a574950d210b", "indicator--566f4934-0cec-4196-9c93-a574950d210b", "indicator--566f4934-f468-42f1-84d9-a574950d210b", "indicator--566f4935-1d94-4bcc-a29a-a574950d210b", "indicator--566f4935-2838-445d-be81-a574950d210b", "indicator--566f4936-fcfc-4318-8992-a574950d210b", "indicator--566f4936-c9e0-48e2-a6f3-a574950d210b", "indicator--566f4937-9a84-4b03-ab11-a574950d210b", "indicator--566f4937-17b4-4f57-bb1c-a574950d210b", "indicator--566f4937-a8c0-4cf4-8f6a-a574950d210b", "indicator--566f4938-d854-4c56-b599-a574950d210b", "indicator--566f4938-1134-473e-bf82-a574950d210b", "indicator--566f4939-8a3c-45e1-a288-a574950d210b", "indicator--566f4939-1dd4-45a9-8c28-a574950d210b", "indicator--566f493a-2950-4a19-ad66-a574950d210b", "indicator--566f493a-0770-4742-90c8-a574950d210b", "indicator--566f493a-f480-462e-987d-a574950d210b", "indicator--566f493b-837c-4a28-be0c-a574950d210b", "indicator--566f493b-6f9c-44c4-a3cd-a574950d210b", "indicator--566f493c-c4d4-425f-b640-a574950d210b", "indicator--566f493c-9ed8-40a8-b025-a574950d210b", "indicator--566f493d-d99c-4ab0-ac8b-a574950d210b", "indicator--566f493d-0dec-43da-9d7c-a574950d210b", "indicator--566f493d-a4a0-4dea-a6ff-a574950d210b", "indicator--566f493e-39a0-411b-8cdf-a574950d210b", "indicator--566f493e-10b4-456e-813d-a574950d210b", "indicator--566f493f-896c-40a7-876f-a574950d210b", "indicator--566f493f-1e18-4455-a47b-a574950d210b", "indicator--566f493f-cf10-4cac-acec-a574950d210b", "indicator--566f4940-0f90-40a2-a186-a574950d210b", "indicator--566f4940-cbc0-4809-9558-a574950d210b", "indicator--566f4941-be10-41f3-a73c-a574950d210b", "indicator--566f4941-8d9c-43fb-8914-a574950d210b", "indicator--566f4942-6748-48f4-8beb-a574950d210b", "indicator--566f4942-4e20-42df-8b92-a574950d210b", "indicator--566f4942-9390-4e12-9078-a574950d210b", "indicator--566f4943-1198-4243-9df9-a574950d210b", "indicator--566f4943-eb2c-4777-9228-a574950d210b", "indicator--566f4944-0938-4d41-8c14-a574950d210b", "indicator--566f4944-5ce0-41fa-8855-a574950d210b", "indicator--566f4945-eb80-4fd6-85b5-a574950d210b", "indicator--566f4945-e9c0-4410-9726-a574950d210b", "indicator--566f4945-7a10-466a-b35f-a574950d210b", "indicator--566f4946-520c-4e8c-8c97-a574950d210b", "indicator--566f4946-32cc-40e1-a3a8-a574950d210b", "indicator--566f4947-6110-46df-a4b4-a574950d210b", "indicator--566f4947-a48c-48ba-a634-a574950d210b", "indicator--566f4947-c270-4f19-a6b0-a574950d210b", "indicator--566f4948-e190-4846-93fa-a574950d210b", "indicator--566f4948-abdc-4d25-a330-a574950d210b", "observed-data--566f496c-d368-415d-aad6-ad1a950d210b", "url--566f496c-d368-415d-aad6-ad1a950d210b", "x-misp-attribute--566f497a-c538-4970-94ed-7eb5950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4915-adb4-4496-9bd5-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:21.000Z", "modified": "2015-12-14T22:56:21.000Z", "pattern": "[domain-name:value = 'abccornet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4916-92f8-4aa6-928e-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:22.000Z", "modified": "2015-12-14T22:56:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.74.195.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4916-d0ac-4e74-a055-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:22.000Z", "modified": "2015-12-14T22:56:22.000Z", "pattern": "[domain-name:value = 'adertisecorp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4917-a55c-47db-891c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:23.000Z", "modified": "2015-12-14T22:56:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '243.182.100.227']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4917-1e18-42c3-8707-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:23.000Z", "modified": "2015-12-14T22:56:23.000Z", "pattern": "[domain-name:value = 'affilipcorp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4917-a124-4e5f-bfba-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:23.000Z", "modified": "2015-12-14T22:56:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '4.227.70.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4918-b28c-4245-87f0-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:24.000Z", "modified": "2015-12-14T22:56:24.000Z", "pattern": "[domain-name:value = 'anexcorp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4918-4ebc-4708-86e1-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:24.000Z", "modified": "2015-12-14T22:56:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '63.77.106.1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4919-45d0-4e98-be23-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:25.000Z", "modified": "2015-12-14T22:56:25.000Z", "pattern": "[domain-name:value = 'britishfederal.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4919-6b90-4fa6-9a3f-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:25.000Z", "modified": "2015-12-14T22:56:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '166.178.113.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4919-4674-416e-bb99-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:25.000Z", "modified": "2015-12-14T22:56:25.000Z", "pattern": "[domain-name:value = 'changinessmen.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491a-8a64-4613-b793-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:26.000Z", "modified": "2015-12-14T22:56:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '231.150.98.137']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491a-f210-4e4d-b986-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:26.000Z", "modified": "2015-12-14T22:56:26.000Z", "pattern": "[domain-name:value = 'claimsreference.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491b-216c-4a56-b1db-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:27.000Z", "modified": "2015-12-14T22:56:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.171.130.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491b-9db0-4350-94ff-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:27.000Z", "modified": "2015-12-14T22:56:27.000Z", "pattern": "[domain-name:value = 'clickoptimiser.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491c-15a0-481d-9df8-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:28.000Z", "modified": "2015-12-14T22:56:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.66.23.125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491c-a0a0-488c-8927-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:28.000Z", "modified": "2015-12-14T22:56:28.000Z", "pattern": "[domain-name:value = 'contentdeliveryorg.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491c-18fc-48c9-ad68-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:28.000Z", "modified": "2015-12-14T22:56:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '6.88.25.80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491d-3150-4c52-8e49-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:29.000Z", "modified": "2015-12-14T22:56:29.000Z", "pattern": "[domain-name:value = 'contextexpert.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491d-6924-4cf0-825c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:29.000Z", "modified": "2015-12-14T22:56:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.213.59.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491e-6d3c-4186-8568-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:30.000Z", "modified": "2015-12-14T22:56:30.000Z", "pattern": "[domain-name:value = 'continuatu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491e-da44-41f0-b282-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:30.000Z", "modified": "2015-12-14T22:56:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.219.85.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491e-0540-42da-8b26-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:30.000Z", "modified": "2015-12-14T22:56:30.000Z", "pattern": "[domain-name:value = 'culminaccessful.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491f-dce4-40d3-afb6-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:31.000Z", "modified": "2015-12-14T22:56:31.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '234.102.81.206']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f491f-5f9c-40a9-81bd-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:31.000Z", "modified": "2015-12-14T22:56:31.000Z", "pattern": "[domain-name:value = 'cybernan.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4920-52fc-4f13-81d6-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:32.000Z", "modified": "2015-12-14T22:56:32.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.181.5.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4920-8a88-4ea5-bc4a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:32.000Z", "modified": "2015-12-14T22:56:32.000Z", "pattern": "[domain-name:value = 'defenciclovis.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4921-c744-4cb1-9238-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:33.000Z", "modified": "2015-12-14T22:56:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '156.44.195.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4921-da44-4879-86ec-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:33.000Z", "modified": "2015-12-14T22:56:33.000Z", "pattern": "[domain-name:value = 'descriptioned.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4921-a96c-43c7-b2d1-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:33.000Z", "modified": "2015-12-14T22:56:33.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '21.8.194.15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4922-71fc-4ee4-b91d-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:34.000Z", "modified": "2015-12-14T22:56:34.000Z", "pattern": "[domain-name:value = 'detroportans.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4922-64f0-4581-8372-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:34.000Z", "modified": "2015-12-14T22:56:34.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '42.107.140.147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4923-4b70-4e1a-9df5-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:35.000Z", "modified": "2015-12-14T22:56:35.000Z", "pattern": "[domain-name:value = 'directiculture.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4923-7400-49da-9611-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:35.000Z", "modified": "2015-12-14T22:56:35.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.172.52.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4923-12d0-41f4-9548-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:35.000Z", "modified": "2015-12-14T22:56:35.000Z", "pattern": "[domain-name:value = 'directlyvast.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4924-906c-4980-a6a9-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:36.000Z", "modified": "2015-12-14T22:56:36.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '227.248.14.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4924-5814-4e17-9521-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:36.000Z", "modified": "2015-12-14T22:56:36.000Z", "pattern": "[domain-name:value = 'dogmationation.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4925-6408-4ced-9f21-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:37.000Z", "modified": "2015-12-14T22:56:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.83.123.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4925-ebd0-4ce3-9daa-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:37.000Z", "modified": "2015-12-14T22:56:37.000Z", "pattern": "[domain-name:value = 'dynodns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4926-5af8-442a-b61b-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:38.000Z", "modified": "2015-12-14T22:56:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '44.36.245.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4926-f170-4f1c-a1d0-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:38.000Z", "modified": "2015-12-14T22:56:38.000Z", "pattern": "[domain-name:value = 'enckfeld.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4926-37dc-4ff7-873c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:38.000Z", "modified": "2015-12-14T22:56:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '168.23.171.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4927-bff0-42ad-9dce-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:39.000Z", "modified": "2015-12-14T22:56:39.000Z", "pattern": "[domain-name:value = 'familyinteresting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4927-50a0-4968-ac7b-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:39.000Z", "modified": "2015-12-14T22:56:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.37.98.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4928-88e8-456a-9577-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:40.000Z", "modified": "2015-12-14T22:56:40.000Z", "pattern": "[domain-name:value = 'fasternation.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4928-57c4-42fa-b346-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:40.000Z", "modified": "2015-12-14T22:56:40.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '253.101.238.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4928-ce80-4589-9dd5-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:40.000Z", "modified": "2015-12-14T22:56:40.000Z", "pattern": "[domain-name:value = 'freewayreg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4929-a55c-4a09-a738-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:41.000Z", "modified": "2015-12-14T22:56:41.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.75.201.33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4929-9624-4065-b010-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:41.000Z", "modified": "2015-12-14T22:56:41.000Z", "pattern": "[domain-name:value = 'headedpicked.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492a-6ef4-49f7-853b-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:42.000Z", "modified": "2015-12-14T22:56:42.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '40.22.124.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492a-30f4-4d47-b599-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:42.000Z", "modified": "2015-12-14T22:56:42.000Z", "pattern": "[domain-name:value = 'headedpicked.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492b-7f34-46e2-aebc-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:43.000Z", "modified": "2015-12-14T22:56:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.197.32.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492b-6868-4990-ba9f-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:43.000Z", "modified": "2015-12-14T22:56:43.000Z", "pattern": "[domain-name:value = 'highlytraditional.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492b-5fe8-4926-8e02-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:43.000Z", "modified": "2015-12-14T22:56:43.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.127.201.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492c-2814-4e9d-ad63-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:44.000Z", "modified": "2015-12-14T22:56:44.000Z", "pattern": "[domain-name:value = 'himmeding.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492c-ded8-4b5a-9304-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:44.000Z", "modified": "2015-12-14T22:56:44.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.61.46.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492d-819c-4959-b0d5-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:45.000Z", "modified": "2015-12-14T22:56:45.000Z", "pattern": "[domain-name:value = 'howeveraged.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492d-4ff0-4b17-a699-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:45.000Z", "modified": "2015-12-14T22:56:45.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.136.214.219']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492d-0068-4aab-9c3e-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:45.000Z", "modified": "2015-12-14T22:56:45.000Z", "pattern": "[domain-name:value = 'hydroelection.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492e-dd18-4e79-8eab-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:46.000Z", "modified": "2015-12-14T22:56:46.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '253.134.178.81']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492e-b3f8-4f60-8e8a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:46.000Z", "modified": "2015-12-14T22:56:46.000Z", "pattern": "[domain-name:value = 'illegedly.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492f-f9e8-4542-86f9-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:47.000Z", "modified": "2015-12-14T22:56:47.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.8.16.175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492f-6e54-43ad-81e4-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:47.000Z", "modified": "2015-12-14T22:56:47.000Z", "pattern": "[domain-name:value = 'imagesharehost.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f492f-5308-409f-985a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:47.000Z", "modified": "2015-12-14T22:56:47.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.11.56.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4930-d58c-4945-ad45-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:48.000Z", "modified": "2015-12-14T22:56:48.000Z", "pattern": "[domain-name:value = 'leadwriting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4930-372c-4629-a1ab-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:48.000Z", "modified": "2015-12-14T22:56:48.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.252.243.242']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4931-7154-47a1-9f5e-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:49.000Z", "modified": "2015-12-14T22:56:49.000Z", "pattern": "[domain-name:value = 'meetinglimited.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4931-094c-4916-a929-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:49.000Z", "modified": "2015-12-14T22:56:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.225.26.181']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4932-bd68-4ad6-a267-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:50.000Z", "modified": "2015-12-14T22:56:50.000Z", "pattern": "[domain-name:value = 'netdiscovery.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4932-46a4-4967-a92a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:50.000Z", "modified": "2015-12-14T22:56:50.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.110.29.248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4932-239c-43be-a948-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:50.000Z", "modified": "2015-12-14T22:56:50.000Z", "pattern": "[domain-name:value = 'picasootoolbar.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4933-1df4-4fc7-b844-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:51.000Z", "modified": "2015-12-14T22:56:51.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.225.99.185']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4933-1794-477f-a1c9-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:51.000Z", "modified": "2015-12-14T22:56:51.000Z", "pattern": "[domain-name:value = 'piclbumestream.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4934-d908-45fd-86c4-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:52.000Z", "modified": "2015-12-14T22:56:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.171.234.238']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4934-0cec-4196-9c93-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:52.000Z", "modified": "2015-12-14T22:56:52.000Z", "pattern": "[domain-name:value = 'postdone.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4934-f468-42f1-84d9-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:52.000Z", "modified": "2015-12-14T22:56:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.116.56.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4935-1d94-4bcc-a29a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:53.000Z", "modified": "2015-12-14T22:56:53.000Z", "pattern": "[domain-name:value = 'ratilovskoye.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4935-2838-445d-be81-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:53.000Z", "modified": "2015-12-14T22:56:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '102.209.206.89']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4936-fcfc-4318-8992-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:54.000Z", "modified": "2015-12-14T22:56:54.000Z", "pattern": "[domain-name:value = 'recising.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4936-c9e0-48e2-a6f3-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:54.000Z", "modified": "2015-12-14T22:56:54.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '7.34.116.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4937-9a84-4b03-ab11-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:55.000Z", "modified": "2015-12-14T22:56:55.000Z", "pattern": "[domain-name:value = 'searchforthat.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4937-17b4-4f57-bb1c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:55.000Z", "modified": "2015-12-14T22:56:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.155.216.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4937-a8c0-4cf4-8f6a-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:55.000Z", "modified": "2015-12-14T22:56:55.000Z", "pattern": "[domain-name:value = 'sectionsfear.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4938-d854-4c56-b599-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:56.000Z", "modified": "2015-12-14T22:56:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.251.60.63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4938-1134-473e-bf82-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:56.000Z", "modified": "2015-12-14T22:56:56.000Z", "pattern": "[domain-name:value = 'separtila.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4939-8a3c-45e1-a288-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:57.000Z", "modified": "2015-12-14T22:56:57.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.76.160.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4939-1dd4-45a9-8c28-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:57.000Z", "modified": "2015-12-14T22:56:57.000Z", "pattern": "[domain-name:value = 'standardbay.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493a-2950-4a19-ad66-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:58.000Z", "modified": "2015-12-14T22:56:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '100.134.242.235']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493a-0770-4742-90c8-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:58.000Z", "modified": "2015-12-14T22:56:58.000Z", "pattern": "[domain-name:value = 'streamingadv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493a-f480-462e-987d-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:58.000Z", "modified": "2015-12-14T22:56:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.3.139.20']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493b-837c-4a28-be0c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:59.000Z", "modified": "2015-12-14T22:56:59.000Z", "pattern": "[domain-name:value = 'ternations.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493b-6f9c-44c4-a3cd-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:56:59.000Z", "modified": "2015-12-14T22:56:59.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '25.20.33.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:56:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493c-c4d4-425f-b640-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:00.000Z", "modified": "2015-12-14T22:57:00.000Z", "pattern": "[domain-name:value = 'thomaslaid.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493c-9ed8-40a8-b025-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:00.000Z", "modified": "2015-12-14T22:57:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '189.140.10.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493d-d99c-4ab0-ac8b-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:01.000Z", "modified": "2015-12-14T22:57:01.000Z", "pattern": "[domain-name:value = 'traffictradexpert.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493d-0dec-43da-9d7c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:01.000Z", "modified": "2015-12-14T22:57:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.228.144.104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493d-a4a0-4dea-a6ff-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:01.000Z", "modified": "2015-12-14T22:57:01.000Z", "pattern": "[domain-name:value = 'twicecitizens.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493e-39a0-411b-8cdf-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:02.000Z", "modified": "2015-12-14T22:57:02.000Z", "pattern": "[domain-name:value = 'veristats.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493e-10b4-456e-813d-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:02.000Z", "modified": "2015-12-14T22:57:02.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '29.205.223.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493f-896c-40a7-876f-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:03.000Z", "modified": "2015-12-14T22:57:03.000Z", "pattern": "[domain-name:value = 'virtualsearches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493f-1e18-4455-a47b-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:03.000Z", "modified": "2015-12-14T22:57:03.000Z", "pattern": "[domain-name:value = 'workerssan.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f493f-cf10-4cac-acec-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:03.000Z", "modified": "2015-12-14T22:57:03.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.15.53.129']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4940-0f90-40a2-a186-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:04.000Z", "modified": "2015-12-14T22:57:04.000Z", "pattern": "[domain-name:value = 'yaltimate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4940-cbc0-4809-9558-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:04.000Z", "modified": "2015-12-14T22:57:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '22.149.159.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4941-be10-41f3-a73c-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:05.000Z", "modified": "2015-12-14T22:57:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.62.211.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4941-8d9c-43fb-8914-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:05.000Z", "modified": "2015-12-14T22:57:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.17.184.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4942-6748-48f4-8beb-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:06.000Z", "modified": "2015-12-14T22:57:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '214.66.10.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4942-4e20-42df-8b92-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:06.000Z", "modified": "2015-12-14T22:57:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.3.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4942-9390-4e12-9078-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:06.000Z", "modified": "2015-12-14T22:57:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.3.244']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4943-1198-4243-9df9-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:07.000Z", "modified": "2015-12-14T22:57:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.23.3.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4943-eb2c-4777-9228-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:07.000Z", "modified": "2015-12-14T22:57:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '232.187.207.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4944-0938-4d41-8c14-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:08.000Z", "modified": "2015-12-14T22:57:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '26.252.164.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4944-5ce0-41fa-8855-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:08.000Z", "modified": "2015-12-14T22:57:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '28.16.103.211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4945-eb80-4fd6-85b5-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:09.000Z", "modified": "2015-12-14T22:57:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.212.68.230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4945-e9c0-4410-9726-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:09.000Z", "modified": "2015-12-14T22:57:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.109.28.248']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4945-7a10-466a-b35f-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:09.000Z", "modified": "2015-12-14T22:57:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.109.28.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4946-520c-4e8c-8c97-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:10.000Z", "modified": "2015-12-14T22:57:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.109.28.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4946-32cc-40e1-a3a8-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:10.000Z", "modified": "2015-12-14T22:57:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.133.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4947-6110-46df-a4b4-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:11.000Z", "modified": "2015-12-14T22:57:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.133.194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4947-a48c-48ba-a634-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:11.000Z", "modified": "2015-12-14T22:57:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.172.227.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4947-c270-4f19-a6b0-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:11.000Z", "modified": "2015-12-14T22:57:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.115.88.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4948-e190-4846-93fa-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:12.000Z", "modified": "2015-12-14T22:57:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.240.193']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--566f4948-abdc-4d25-a330-a574950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:12.000Z", "modified": "2015-12-14T22:57:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.240.194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-14T22:57:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--566f496c-d368-415d-aad6-ad1a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:57:48.000Z", "modified": "2015-12-14T22:57:48.000Z", "first_observed": "2015-12-14T22:57:48Z", "last_observed": "2015-12-14T22:57:48Z", "number_observed": 1, "object_refs": [ "url--566f496c-d368-415d-aad6-ad1a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--566f496c-d368-415d-aad6-ad1a950d210b", "value": "https://malwrpost.wordpress.com/2015/12/03/ioc-from-ponmocup-malware-part-1/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--566f497a-c538-4970-94ed-7eb5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-14T22:58:02.000Z", "modified": "2015-12-14T22:58:02.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Ponmocup" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }