{ "type": "bundle", "id": "bundle--5783a00e-27d8-4e5a-ac92-aec6950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:40:21.000Z", "modified": "2016-07-11T13:40:21.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5783a00e-27d8-4e5a-ac92-aec6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:40:21.000Z", "modified": "2016-07-11T13:40:21.000Z", "name": "Pivot on What's in a server name (on APT28/Sofacy) by ThreatConnect", "published": "2016-07-11T13:40:31Z", "object_refs": [ "indicator--5783a09e-4afc-4fa0-a304-aec5950d210f", "indicator--5783a09f-193c-4b2b-8f56-aec5950d210f", "indicator--5783a09f-f564-4258-a3f8-aec5950d210f", "indicator--5783a0a0-a6d0-4221-8c48-aec5950d210f", "indicator--5783a0a0-7338-4cd6-8d23-aec5950d210f", "indicator--5783a0a1-a9b0-411b-af08-aec5950d210f", "indicator--5783a0a1-b58c-4432-af95-aec5950d210f", "indicator--5783a0a1-b1fc-4def-a50f-aec5950d210f", "indicator--5783a0a2-7dd0-4369-8ff3-aec5950d210f", "indicator--5783a0a2-3c04-41f2-a70f-aec5950d210f", "indicator--5783a0a3-d600-42af-bc28-aec5950d210f", "indicator--5783a0a3-b484-4cc8-8639-aec5950d210f", "indicator--5783a0a4-ceb4-44b1-9e9a-aec5950d210f", "indicator--5783a0a4-2820-4107-b9c8-aec5950d210f", "indicator--5783a0a4-c3c4-4168-b6de-aec5950d210f", "indicator--5783a0a5-63f0-4415-b60e-aec5950d210f", "indicator--5783a0a5-826c-4f50-ae77-aec5950d210f", "indicator--5783a0a6-5de8-4781-a7aa-aec5950d210f", "indicator--5783a0a6-7c3c-4520-895a-aec5950d210f", "indicator--5783a0a6-fb9c-4092-88ce-aec5950d210f", "indicator--5783a0a7-370c-4dda-882f-aec5950d210f", "indicator--5783a0a7-1038-461a-95de-aec5950d210f", "indicator--5783a0a7-8c14-41ad-989c-aec5950d210f", "indicator--5783a0a8-d554-42a6-af8a-aec5950d210f", "indicator--5783a0a8-c58c-4b99-b5b0-aec5950d210f", "indicator--5783a0a9-986c-4ca1-896f-aec5950d210f", "indicator--5783a0a9-99c4-4110-9978-aec5950d210f", "indicator--5783a0aa-7f98-44a6-82ed-aec5950d210f", "indicator--5783a0aa-4660-48b7-859f-aec5950d210f", "indicator--5783a0aa-dfe4-4583-af69-aec5950d210f", "indicator--5783a0ab-cbc8-4d21-bfe2-aec5950d210f", "indicator--5783a0ab-55d4-4fd7-aa1f-aec5950d210f", "indicator--5783a0ac-19d8-44fe-8a58-aec5950d210f", "indicator--5783a0ac-5a00-45f4-ada9-aec5950d210f", "indicator--5783a0ac-ad9c-4398-8864-aec5950d210f", "indicator--5783a0ad-3940-4855-a8aa-aec5950d210f", "indicator--5783a0ad-6024-40dc-85ec-aec5950d210f", "indicator--5783a0ae-de98-4b95-a6b3-aec5950d210f", "indicator--5783a0ae-adb4-4902-b90e-aec5950d210f", "indicator--5783a0af-e204-4b46-b158-aec5950d210f", "indicator--5783a0af-43f8-4d06-8b87-aec5950d210f", "indicator--5783a0b0-928c-4ed4-acea-aec5950d210f", "indicator--5783a0b0-dbb8-4ea6-927a-aec5950d210f", "indicator--5783a0b0-aae4-48dc-8b15-aec5950d210f", "indicator--5783a0b1-f180-4150-a604-aec5950d210f", "indicator--5783a0b1-9f70-4157-8229-aec5950d210f", "indicator--5783a0b2-02b0-46a3-9b6a-aec5950d210f", "indicator--5783a0b2-6d14-41b6-bb3e-aec5950d210f", "indicator--5783a0b3-2b58-43f6-aa4b-aec5950d210f", "indicator--5783a0b3-bea8-4673-a7dc-aec5950d210f", "indicator--5783a0b4-4fec-4ca8-a449-aec5950d210f", "indicator--5783a0b4-382c-4455-94d5-aec5950d210f", "indicator--5783a0b5-4fe4-4e7d-bde2-aec5950d210f", "indicator--5783a0b5-1c8c-4e32-86c6-aec5950d210f", "indicator--5783a0b5-0cc0-42ba-8f91-aec5950d210f", "indicator--5783a0b6-a848-4df2-9112-aec5950d210f", "indicator--5783a0b6-4ff8-42dc-940c-aec5950d210f", "indicator--5783a0b7-6a98-454f-a58f-aec5950d210f", "indicator--5783a0b7-0114-45f6-a07d-aec5950d210f", "indicator--5783a0b7-3b08-40d2-8ba2-aec5950d210f", "indicator--5783a0b8-f4b8-450a-bfae-aec5950d210f", "indicator--5783a0b8-4b0c-41a1-bd80-aec5950d210f", "indicator--5783a0b9-1da0-409c-81a4-aec5950d210f", "indicator--5783a0b9-0e88-4eb8-9497-aec5950d210f", "indicator--5783a0ba-b98c-4aaf-9069-aec5950d210f", "indicator--5783a0ba-b200-42cd-8cd6-aec5950d210f", "indicator--5783a0bb-0b94-4a70-b2fe-aec5950d210f", "indicator--5783a0bb-9694-415f-a52e-aec5950d210f", "indicator--5783a0bb-39e4-44f3-a917-aec5950d210f", "indicator--5783a0bc-0690-4d0c-9b79-aec5950d210f", "indicator--5783a0bc-c3cc-4809-8c61-aec5950d210f", "indicator--5783a0bd-7ae8-4190-a0ef-aec5950d210f", "indicator--5783a0bd-5778-478c-b7f1-aec5950d210f", "indicator--5783a0bd-0398-4adc-aef8-aec5950d210f", "indicator--5783a0be-ffe8-4a6e-bcd0-aec5950d210f", "indicator--5783a0be-f89c-41c2-8ee1-aec5950d210f", "indicator--5783a0bf-c250-41ca-991c-aec5950d210f", "indicator--5783a0bf-e654-44b6-9021-aec5950d210f", "indicator--5783a0c0-edd8-49c8-a6c2-aec5950d210f", "indicator--5783a0c0-0430-49fe-b923-aec5950d210f", "indicator--5783a0c1-d674-41b0-85db-aec5950d210f", "indicator--5783a0c1-1b2c-486e-9e8a-aec5950d210f", "indicator--5783a0c2-af94-470a-ba19-aec5950d210f", "indicator--5783a0c2-00a4-448c-8eb9-aec5950d210f", "indicator--5783a0c2-168c-451e-b663-aec5950d210f", "indicator--5783a0c3-b330-4137-a2e3-aec5950d210f", "indicator--5783a0c3-6f94-4f92-b4c7-aec5950d210f", "indicator--5783a0c4-e4b0-466b-87e3-aec5950d210f", "indicator--5783a0c4-9670-4425-965e-aec5950d210f", "indicator--5783a0c4-5768-449b-9536-aec5950d210f", "indicator--5783a0c5-e5c0-4d2d-83c1-aec5950d210f", "indicator--5783a0c5-5bcc-4fb0-b3b4-aec5950d210f", "indicator--5783a0c6-277c-4156-a257-aec5950d210f", "indicator--5783a0c6-0348-4aea-93df-aec5950d210f", "indicator--5783a0c6-e938-4391-aedc-aec5950d210f", "indicator--5783a0c7-fd60-43f5-902d-aec5950d210f", "indicator--5783a0c7-2fe8-4e47-9c96-aec5950d210f", "indicator--5783a0c8-a2f4-4f82-86f7-aec5950d210f", "indicator--5783a0c8-8560-4d94-b2fc-aec5950d210f", "indicator--5783a0c8-c520-4c9d-92f5-aec5950d210f", "indicator--5783a0c9-b334-4303-8d54-aec5950d210f", "indicator--5783a0c9-1c44-4ae8-838b-aec5950d210f", "indicator--5783a0c9-bbdc-4ce8-aba8-aec5950d210f", "indicator--5783a0ca-4d04-4f22-b8de-aec5950d210f", "indicator--5783a0ca-4acc-4a7e-a229-aec5950d210f", "indicator--5783a0cb-b154-4895-86a4-aec5950d210f", "indicator--5783a0cb-b2c0-4023-9c9b-aec5950d210f", "indicator--5783a0cb-8b48-4760-97f5-aec5950d210f", "indicator--5783a0cc-cca0-4b93-9ded-aec5950d210f", "indicator--5783a0cc-67d4-4b91-8aeb-aec5950d210f", "indicator--5783a0cc-6fd8-4c1f-ad7d-aec5950d210f", "indicator--5783a0cd-ad84-4cf1-bb3a-aec5950d210f", "indicator--5783a0cd-1fa8-478b-af67-aec5950d210f", "indicator--5783a0ce-5ab8-4d54-ab52-aec5950d210f", "indicator--5783a0ce-2b8c-46cd-bb79-aec5950d210f", "indicator--5783a0ce-5c78-4161-a9de-aec5950d210f", "indicator--5783a0cf-66c0-461a-9598-aec5950d210f", "indicator--5783a0cf-6ea8-4eaf-b6ea-aec5950d210f", "indicator--5783a0cf-1418-4106-817b-aec5950d210f", "indicator--5783a0d0-b488-4949-a7fb-aec5950d210f", "indicator--5783a0d0-0d74-4873-ac22-aec5950d210f", "indicator--5783a0d0-5e70-454d-808a-aec5950d210f", "indicator--5783a0d1-e4ac-4e60-af2c-aec5950d210f", "indicator--5783a0d1-d714-416d-9a96-aec5950d210f", "indicator--5783a0d2-ee28-44d7-95f6-aec5950d210f", "indicator--5783a0d2-235c-4e9f-b525-aec5950d210f", "indicator--5783a0d2-1a94-42d3-84be-aec5950d210f", "x-misp-attribute--5783a1bd-e418-4ac9-95c4-aec6950d210f", "observed-data--5783a1c5-95e8-4cb0-aaba-c1f3950d210f", "url--5783a1c5-95e8-4cb0-aaba-c1f3950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "OSINT", "Threat:Sofacy/APT28", "admiralty-scale:information-credibility=\"2\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a09e-4afc-4fa0-a304-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:26.000Z", "modified": "2016-07-11T13:35:26.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'barry.smith2004@yandex.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a09f-193c-4b2b-8f56-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:27.000Z", "modified": "2016-07-11T13:35:27.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'energyaspacts.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a09f-f564-4258-a3f8-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:27.000Z", "modified": "2016-07-11T13:35:27.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'leo.link@email.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a0-a6d0-4221-8c48-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:28.000Z", "modified": "2016-07-11T13:35:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'bourquinsa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a0-7338-4cd6-8d23-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:28.000Z", "modified": "2016-07-11T13:35:28.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ctbkonline.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a1-a9b0-411b-af08-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:29.000Z", "modified": "2016-07-11T13:35:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'cjgr8hm@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a1-b58c-4432-af95-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:29.000Z", "modified": "2016-07-11T13:35:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ozverler-tr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a1-b1fc-4def-a50f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:29.000Z", "modified": "2016-07-11T13:35:29.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'hanmiail.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a2-7dd0-4369-8ff3-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:30.000Z", "modified": "2016-07-11T13:35:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'idolbreaker@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a2-3c04-41f2-a70f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:30.000Z", "modified": "2016-07-11T13:35:30.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'hamnaill.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a3-d600-42af-bc28-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:31.000Z", "modified": "2016-07-11T13:35:31.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'chianceforkids.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a3-b484-4cc8-8639-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:31.000Z", "modified": "2016-07-11T13:35:31.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'paulbecker@cock.li']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a4-ceb4-44b1-9e9a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:32.000Z", "modified": "2016-07-11T13:35:32.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'bisicoind.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a4-2820-4107-b9c8-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:32.000Z", "modified": "2016-07-11T13:35:32.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'unjiaya.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a4-c3c4-4168-b6de-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:32.000Z", "modified": "2016-07-11T13:35:32.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'saira.samosa@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a5-63f0-4415-b60e-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:33.000Z", "modified": "2016-07-11T13:35:33.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'honeyvvell.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a5-826c-4f50-ae77-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:33.000Z", "modified": "2016-07-11T13:35:33.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'pedrodonations.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a6-5de8-4781-a7aa-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:34.000Z", "modified": "2016-07-11T13:35:34.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'owen@kehoe.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a6-7c3c-4520-895a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:34.000Z", "modified": "2016-07-11T13:35:34.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'diamondscourier.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a6-fb9c-4092-88ce-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:34.000Z", "modified": "2016-07-11T13:35:34.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'win-wnigarden.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a7-370c-4dda-882f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:35.000Z", "modified": "2016-07-11T13:35:35.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'noshare1024@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a7-1038-461a-95de-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:35.000Z", "modified": "2016-07-11T13:35:35.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'pinllive.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a7-8c14-41ad-989c-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:35.000Z", "modified": "2016-07-11T13:35:35.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'mishel_corp@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a8-d554-42a6-af8a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:36.000Z", "modified": "2016-07-11T13:35:36.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'terms-google.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a8-c58c-4b99-b5b0-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:36.000Z", "modified": "2016-07-11T13:35:36.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'access-google.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a9-986c-4ca1-896f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:37.000Z", "modified": "2016-07-11T13:35:37.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'egypressoffice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0a9-99c4-4110-9978-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:37.000Z", "modified": "2016-07-11T13:35:37.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'softwaresupportsv.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0aa-7f98-44a6-82ed-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:38.000Z", "modified": "2016-07-11T13:35:38.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'securesystemwin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0aa-4660-48b7-859f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:38.000Z", "modified": "2016-07-11T13:35:38.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'intelintelligence.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0aa-dfe4-4583-af69-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:38.000Z", "modified": "2016-07-11T13:35:38.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'tracksy.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ab-cbc8-4d21-bfe2-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:39.000Z", "modified": "2016-07-11T13:35:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'e-dates.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ab-55d4-4fd7-aa1f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:39.000Z", "modified": "2016-07-11T13:35:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ms-updates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ac-19d8-44fe-8a58-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:40.000Z", "modified": "2016-07-11T13:35:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'uninstalled.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ac-5a00-45f4-ada9-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:40.000Z", "modified": "2016-07-11T13:35:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'microsoft-updates.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ac-ad9c-4398-8864-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:40.000Z", "modified": "2016-07-11T13:35:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ms-drivadptrwin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ad-3940-4855-a8aa-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:41.000Z", "modified": "2016-07-11T13:35:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'cdncloudflare.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ad-6024-40dc-85ec-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:41.000Z", "modified": "2016-07-11T13:35:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'helper-akamai.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ae-de98-4b95-a6b3-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:42.000Z", "modified": "2016-07-11T13:35:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'vrickson@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ae-adb4-4902-b90e-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:42.000Z", "modified": "2016-07-11T13:35:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'best.cameron@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0af-e204-4b46-b158-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:43.000Z", "modified": "2016-07-11T13:35:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'akamaitechupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0af-43f8-4d06-8b87-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:43.000Z", "modified": "2016-07-11T13:35:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'surleoborden@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b0-928c-4ed4-acea-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:44.000Z", "modified": "2016-07-11T13:35:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'josiekilbyav@aol.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b0-dbb8-4ea6-927a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:44.000Z", "modified": "2016-07-11T13:35:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'weronika76@hotmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b0-aae4-48dc-8b15-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:44.000Z", "modified": "2016-07-11T13:35:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'bergers3008@usa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b1-f180-4150-a604-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:45.000Z", "modified": "2016-07-11T13:35:45.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'guiromolly@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b1-9f70-4157-8229-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:45.000Z", "modified": "2016-07-11T13:35:45.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = '8yhi4xqycpzm@mail.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b2-02b0-46a3-9b6a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:46.000Z", "modified": "2016-07-11T13:35:46.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'loots@tuta.io']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b2-6d14-41b6-bb3e-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:46.000Z", "modified": "2016-07-11T13:35:46.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'mia.konzet99@ok.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b3-2b58-43f6-aa4b-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:47.000Z", "modified": "2016-07-11T13:35:47.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'dana.raphaela@chewiemail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b3-bea8-4673-a7dc-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:47.000Z", "modified": "2016-07-11T13:35:47.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'yourflashplayer.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b4-4fec-4ca8-a449-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:48.000Z", "modified": "2016-07-11T13:35:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'abuse@opticaljungle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b4-382c-4455-94d5-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:48.000Z", "modified": "2016-07-11T13:35:48.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'flashplayer2015.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b5-4fe4-4e7d-bde2-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:49.000Z", "modified": "2016-07-11T13:35:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'v9sa2cml@instancemail.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b5-1c8c-4e32-86c6-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:49.000Z", "modified": "2016-07-11T13:35:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'newflashplayer2015.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b5-0cc0-42ba-8f91-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:49.000Z", "modified": "2016-07-11T13:35:49.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'issacgolden@hmamail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b6-a848-4df2-9112-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:50.000Z", "modified": "2016-07-11T13:35:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'aerofit.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b6-4ff8-42dc-940c-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:50.000Z", "modified": "2016-07-11T13:35:50.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'gregorio.oconnor@hmamail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b7-6a98-454f-a58f-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:51.000Z", "modified": "2016-07-11T13:35:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'artur.klimenkov@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b7-0114-45f6-a07d-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:51.000Z", "modified": "2016-07-11T13:35:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'superflashplayers.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b7-3b08-40d2-8ba2-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:51.000Z", "modified": "2016-07-11T13:35:51.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'pinfiangtw@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b8-f4b8-450a-bfae-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:52.000Z", "modified": "2016-07-11T13:35:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'pdf-online-viewer.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b8-4b0c-41a1-bd80-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:52.000Z", "modified": "2016-07-11T13:35:52.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'mattew.barnes@aol.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b9-1da0-409c-81a4-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:53.000Z", "modified": "2016-07-11T13:35:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'petkrist@myself.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0b9-0e88-4eb8-9497-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:53.000Z", "modified": "2016-07-11T13:35:53.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'adobeupdatetechnology.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ba-b98c-4aaf-9069-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:54.000Z", "modified": "2016-07-11T13:35:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'fisterboks@email.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ba-b200-42cd-8cd6-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:54.000Z", "modified": "2016-07-11T13:35:54.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'adobeupdater.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bb-0b94-4a70-b2fe-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:55.000Z", "modified": "2016-07-11T13:35:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'adobeflashdownload.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bb-9694-415f-a52e-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:55.000Z", "modified": "2016-07-11T13:35:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'syst.soul@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bb-39e4-44f3-a917-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:55.000Z", "modified": "2016-07-11T13:35:55.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'wsjworld.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bc-0690-4d0c-9b79-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:56.000Z", "modified": "2016-07-11T13:35:56.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'm8r-abrn11@mailinator.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bc-c3cc-4809-8c61-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:56.000Z", "modified": "2016-07-11T13:35:56.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'contacts@up57893.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bd-7ae8-4190-a0ef-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:57.000Z", "modified": "2016-07-11T13:35:57.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'mr.michoverton@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bd-5778-478c-b7f1-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:57.000Z", "modified": "2016-07-11T13:35:57.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'ken.tanaka@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bd-0398-4adc-aef8-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:57.000Z", "modified": "2016-07-11T13:35:57.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'yrauto-tw.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0be-ffe8-4a6e-bcd0-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:58.000Z", "modified": "2016-07-11T13:35:58.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'sandra.rafaela@chewiemail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0be-f89c-41c2-8ee1-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:58.000Z", "modified": "2016-07-11T13:35:58.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'svroulette.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bf-c250-41ca-991c-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:59.000Z", "modified": "2016-07-11T13:35:59.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ferrarlcostruzloni.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0bf-e654-44b6-9021-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:35:59.000Z", "modified": "2016-07-11T13:35:59.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'bkopfer7101@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:35:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c0-edd8-49c8-a6c2-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:00.000Z", "modified": "2016-07-11T13:36:00.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'chinagameke.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c0-0430-49fe-b923-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:00.000Z", "modified": "2016-07-11T13:36:00.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'tostembekary.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c1-d674-41b0-85db-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:01.000Z", "modified": "2016-07-11T13:36:01.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'uniccomvalve.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c1-1b2c-486e-9e8a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:01.000Z", "modified": "2016-07-11T13:36:01.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'elfreda.pollie@chewiemail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c2-af94-470a-ba19-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:02.000Z", "modified": "2016-07-11T13:36:02.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'atosbasena.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c2-00a4-448c-8eb9-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:02.000Z", "modified": "2016-07-11T13:36:02.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'intelsupportcenter.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c2-168c-451e-b663-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:02.000Z", "modified": "2016-07-11T13:36:02.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'konrecranes.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c3-b330-4137-a2e3-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:03.000Z", "modified": "2016-07-11T13:36:03.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'intelsupportcenter.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c3-6f94-4f92-b4c7-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:03.000Z", "modified": "2016-07-11T13:36:03.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'ruzeedomeon@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c4-e4b0-466b-87e3-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:04.000Z", "modified": "2016-07-11T13:36:04.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'adamsfinanace.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c4-9670-4425-965e-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:04.000Z", "modified": "2016-07-11T13:36:04.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'agnasirahmedd@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c4-5768-449b-9536-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:04.000Z", "modified": "2016-07-11T13:36:04.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'vortaxworldwlde.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c5-e5c0-4d2d-83c1-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:05.000Z", "modified": "2016-07-11T13:36:05.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'cellpack-sg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c5-5bcc-4fb0-b3b4-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:05.000Z", "modified": "2016-07-11T13:36:05.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 's.penn.254@gmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c6-277c-4156-a257-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:06.000Z", "modified": "2016-07-11T13:36:06.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'expo-consrtuct.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c6-0348-4aea-93df-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:06.000Z", "modified": "2016-07-11T13:36:06.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'csc-sratori.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c6-e938-4391-aedc-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:06.000Z", "modified": "2016-07-11T13:36:06.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'j.holmberg@dr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c7-fd60-43f5-902d-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:07.000Z", "modified": "2016-07-11T13:36:07.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ghanltootgroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c7-2fe8-4e47-9c96-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:07.000Z", "modified": "2016-07-11T13:36:07.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'admin@wm-z.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c8-a2f4-4f82-86f7-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:08.000Z", "modified": "2016-07-11T13:36:08.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'corcpromotion.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c8-8560-4d94-b2fc-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:08.000Z", "modified": "2016-07-11T13:36:08.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'shawanda.kirlin37@mail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c8-c520-4c9d-92f5-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:08.000Z", "modified": "2016-07-11T13:36:08.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'haamltex.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c9-b334-4303-8d54-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:09.000Z", "modified": "2016-07-11T13:36:09.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'truslt-valves.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c9-1c44-4ae8-838b-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:09.000Z", "modified": "2016-07-11T13:36:09.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'transllead.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0c9-bbdc-4ce8-aba8-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:09.000Z", "modified": "2016-07-11T13:36:09.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'swsupporttools.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ca-4d04-4f22-b8de-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:10.000Z", "modified": "2016-07-11T13:36:10.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ajw-avaition.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ca-4acc-4a7e-a229-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:10.000Z", "modified": "2016-07-11T13:36:10.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'micoft.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cb-b154-4895-86a4-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:11.000Z", "modified": "2016-07-11T13:36:11.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'winliveupdate.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cb-b2c0-4023-9c9b-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:11.000Z", "modified": "2016-07-11T13:36:11.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'xui.ooo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cb-8b48-4760-97f5-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:11.000Z", "modified": "2016-07-11T13:36:11.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'avolt.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cc-cca0-4b93-9ded-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:12.000Z", "modified": "2016-07-11T13:36:12.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'topservers.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cc-67d4-4b91-8aeb-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:12.000Z", "modified": "2016-07-11T13:36:12.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'wincodec.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cc-6fd8-4c1f-ad7d-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:12.000Z", "modified": "2016-07-11T13:36:12.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'sec-trusted.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cd-ad84-4cf1-bb3a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:13.000Z", "modified": "2016-07-11T13:36:13.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'sec-verified.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cd-1fa8-478b-af67-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:13.000Z", "modified": "2016-07-11T13:36:13.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'sec-login.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ce-5ab8-4d54-ab52-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:14.000Z", "modified": "2016-07-11T13:36:14.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'natoadviser.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ce-2b8c-46cd-bb79-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:14.000Z", "modified": "2016-07-11T13:36:14.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'j.wang@uymail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0ce-5c78-4161-a9de-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:14.000Z", "modified": "2016-07-11T13:36:14.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'play@xtcmail.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cf-66c0-461a-9598-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:15.000Z", "modified": "2016-07-11T13:36:15.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'bitfare.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cf-6ea8-4eaf-b6ea-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:15.000Z", "modified": "2016-07-11T13:36:15.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'goaarmy.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0cf-1418-4106-817b-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:15.000Z", "modified": "2016-07-11T13:36:15.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'nato-org.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d0-b488-4949-a7fb-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:16.000Z", "modified": "2016-07-11T13:36:16.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'kaunas-city.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d0-0d74-4873-ac22-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:16.000Z", "modified": "2016-07-11T13:36:16.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'laisve25.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d0-5e70-454d-808a-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:16.000Z", "modified": "2016-07-11T13:36:16.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'stratforglobal.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d1-e4ac-4e60-af2c-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:17.000Z", "modified": "2016-07-11T13:36:17.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'theguardiannews.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d1-d714-416d-9a96-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:17.000Z", "modified": "2016-07-11T13:36:17.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'theguardianpress.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d2-ee28-44d7-95f6-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:18.000Z", "modified": "2016-07-11T13:36:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'wm-z.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d2-235c-4e9f-b525-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:18.000Z", "modified": "2016-07-11T13:36:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'worldpostjournal.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5783a0d2-1a94-42d3-84be-aec5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:36:18.000Z", "modified": "2016-07-11T13:36:18.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'wmepadtech.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-11T13:36:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5783a1bd-e418-4ac9-95c4-aec6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:40:13.000Z", "modified": "2016-07-11T13:40:13.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Internal reference\"" ], "x_misp_category": "Internal reference", "x_misp_type": "comment", "x_misp_value": "Used emails (SOA & Whois registrant) to pivot domains registrants from passiveTotal DB" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5783a1c5-95e8-4cb0-aaba-c1f3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-11T13:40:21.000Z", "modified": "2016-07-11T13:40:21.000Z", "first_observed": "2016-07-11T13:40:21Z", "last_observed": "2016-07-11T13:40:21Z", "number_observed": 1, "object_refs": [ "url--5783a1c5-95e8-4cb0-aaba-c1f3950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5783a1c5-95e8-4cb0-aaba-c1f3950d210f", "value": "https://threatconnect.com/whats-in-a-name-server/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }