{ "type": "bundle", "id": "bundle--57bf5c07-6b40-428e-8f68-4a9a02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:33:38.000Z", "modified": "2016-08-25T21:33:38.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57bf5c07-6b40-428e-8f68-4a9a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:33:38.000Z", "modified": "2016-08-25T21:33:38.000Z", "name": "The Million Dollar Dissident - Citizen lab report", "published": "2016-08-25T21:34:48Z", "object_refs": [ "vulnerability--57bf5c49-b2d4-46fe-be18-48de02de0b81", "vulnerability--57bf5c4a-4fb8-4ba4-bf12-43a002de0b81", "vulnerability--57bf5c4a-42a0-439f-a09b-424002de0b81", "indicator--57bf5cba-f4d4-4e08-8947-4f0602de0b81", "indicator--57bf5d2f-03ac-495c-b2ee-4ca402de0b81", "indicator--57bf5d63-418c-40ef-891f-bbe202de0b81", "indicator--57bf5d63-9bb4-422c-9fd4-bbe202de0b81", "indicator--57bf63f7-a014-4993-a207-452602de0b81", "indicator--57bf63f7-1ba4-406a-9183-40a502de0b81", "indicator--57bf63f7-c680-4764-a0a9-4ab802de0b81", "indicator--57bf63f7-d1fc-44bb-b79a-4f9f02de0b81", "indicator--57bf63f8-cff8-4563-bf0f-442802de0b81", "indicator--57bf63f8-9c74-43ca-af31-4f9302de0b81", "indicator--57bf63f8-0fa8-4299-ae08-4e9a02de0b81", "indicator--57bf63f8-cd20-4f04-8922-4c5e02de0b81", "indicator--57bf63f9-d07c-4093-8192-47a902de0b81", "indicator--57bf63f9-592c-407d-b7a2-45a802de0b81", "indicator--57bf63f9-1b80-4a8a-a813-452e02de0b81", "indicator--57bf63f9-9828-45fe-92a2-458802de0b81", "indicator--57bf63f9-d13c-4e8f-8b69-45d002de0b81", "indicator--57bf63fa-e31c-4867-9c96-485402de0b81", "indicator--57bf63fa-92f0-4057-8460-497902de0b81", "indicator--57bf63fa-2ec4-4995-b49b-402402de0b81", "indicator--57bf63fa-8144-43c6-95a8-4fdd02de0b81", "indicator--57bf63fa-7bd8-42b8-b201-420602de0b81", "indicator--57bf63fb-a494-4932-ac6b-488102de0b81", "indicator--57bf63fb-b044-4b6e-93da-437202de0b81", "indicator--57bf63fb-306c-47eb-99bb-467c02de0b81", "indicator--57bf63fc-8480-424b-86fe-4f0502de0b81", "indicator--57bf63fc-3f58-484c-9a94-42ce02de0b81", "indicator--57bf63fc-1174-429c-a55a-4bb402de0b81", "indicator--57bf63fc-7fb0-460d-b13c-42e502de0b81", "indicator--57bf63fc-ccf0-4d09-95dd-45e702de0b81", "indicator--57bf63fd-24f4-4d24-8286-47f202de0b81", "indicator--57bf63fd-e708-4449-941f-4ae902de0b81", "indicator--57bf6431-0c20-437f-814a-41f202de0b81", "indicator--57bf6432-a068-405a-ae08-4b7802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--57bf5c49-b2d4-46fe-be18-48de02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T20:59:53.000Z", "modified": "2016-08-25T20:59:53.000Z", "name": "CVE-2016-4657", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2016-4657" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--57bf5c4a-4fb8-4ba4-bf12-43a002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T20:59:54.000Z", "modified": "2016-08-25T20:59:54.000Z", "name": "CVE-2016-4655", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2016-4655" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--57bf5c4a-42a0-439f-a09b-424002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T20:59:54.000Z", "modified": "2016-08-25T20:59:54.000Z", "name": "CVE-2016-4656", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"External analysis\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2016-4656" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf5cba-f4d4-4e08-8947-4f0602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:01:46.000Z", "modified": "2016-08-25T21:01:46.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'webadv.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:01:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf5d2f-03ac-495c-b2ee-4ca402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:03:43.000Z", "modified": "2016-08-25T21:03:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'sms.webadv.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:03:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf5d63-418c-40ef-891f-bbe202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:04:35.000Z", "modified": "2016-08-25T21:04:35.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'aalaan.tv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf5d63-9bb4-422c-9fd4-bbe202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:04:35.000Z", "modified": "2016-08-25T21:04:35.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'manoraonline.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:04:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f7-a014-4993-a207-452602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:39.000Z", "modified": "2016-08-25T21:32:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'icloudcacher.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f7-1ba4-406a-9183-40a502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:39.000Z", "modified": "2016-08-25T21:32:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[email-message:from_ref.value = 'pn1g3p@sigaint.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"email-src\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f7-c680-4764-a0a9-4ab802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:39.000Z", "modified": "2016-08-25T21:32:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'asrarrarabiya.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f7-d1fc-44bb-b79a-4f9f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:39.000Z", "modified": "2016-08-25T21:32:39.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'asrararabiya.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f8-cff8-4563-bf0f-442802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:40.000Z", "modified": "2016-08-25T21:32:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'asrararablya.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f8-9c74-43ca-af31-4f9302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:40.000Z", "modified": "2016-08-25T21:32:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'smser.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f8-0fa8-4299-ae08-4e9a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:40.000Z", "modified": "2016-08-25T21:32:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = 'https://smser.net/9918216t/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f8-cd20-4f04-8922-4c5e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:40.000Z", "modified": "2016-08-25T21:32:40.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = 'https://smser.net/redirect.aspx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f9-d07c-4093-8192-47a902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:41.000Z", "modified": "2016-08-25T21:32:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'icrcworld.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f9-592c-407d-b7a2-45a802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:41.000Z", "modified": "2016-08-25T21:32:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'redcrossworld.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f9-1b80-4a8a-a813-452e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:41.000Z", "modified": "2016-08-25T21:32:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'topcontactco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f9-9828-45fe-92a2-458802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:41.000Z", "modified": "2016-08-25T21:32:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.8.153.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63f9-d13c-4e8f-8b69-45d002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:41.000Z", "modified": "2016-08-25T21:32:41.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.8.52.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fa-e31c-4867-9c96-485402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:42.000Z", "modified": "2016-08-25T21:32:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.209.103.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fa-92f0-4057-8460-497902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:42.000Z", "modified": "2016-08-25T21:32:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'thainews.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fa-2ec4-4995-b49b-402402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:42.000Z", "modified": "2016-08-25T21:32:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'kenyasms.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fa-8144-43c6-95a8-4fdd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:42.000Z", "modified": "2016-08-25T21:32:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.80.202.200']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fa-7bd8-42b8-b201-420602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:42.000Z", "modified": "2016-08-25T21:32:42.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'qaintqa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fb-a494-4932-ac6b-488102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:43.000Z", "modified": "2016-08-25T21:32:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.80.202.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fb-b044-4b6e-93da-437202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:43.000Z", "modified": "2016-08-25T21:32:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.251.49.214']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fb-306c-47eb-99bb-467c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:43.000Z", "modified": "2016-08-25T21:32:43.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'mail1.nsogroup.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fc-8480-424b-86fe-4f0502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:44.000Z", "modified": "2016-08-25T21:32:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'nsoqa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fc-3f58-484c-9a94-42ce02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:44.000Z", "modified": "2016-08-25T21:32:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'ooredoodeals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fc-1174-429c-a55a-4bb402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:44.000Z", "modified": "2016-08-25T21:32:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'alawaeltech.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fc-7fb0-460d-b13c-42e502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:44.000Z", "modified": "2016-08-25T21:32:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'bahrainsms.co']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fc-ccf0-4d09-95dd-45e702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:44.000Z", "modified": "2016-08-25T21:32:44.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'damanhealth.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fd-24f4-4d24-8286-47f202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:45.000Z", "modified": "2016-08-25T21:32:45.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[file:name = 'uaenews.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf63fd-e708-4449-941f-4ae902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:32:45.000Z", "modified": "2016-08-25T21:32:45.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[domain-name:value = 'turkeynewsupdates.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:32:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf6431-0c20-437f-814a-41f202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:33:37.000Z", "modified": "2016-08-25T21:33:37.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = 'http://fb-accounts.com/1074139s/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:33:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57bf6432-a068-405a-ae08-4b7802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-25T21:33:37.000Z", "modified": "2016-08-25T21:33:37.000Z", "description": "Imported via the Freetext Import Tool", "pattern": "[url:value = 'http://unonoticias.net/3423768s/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-25T21:33:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }