{ "type": "bundle", "id": "bundle--5de6335d-e128-4bc0-87e2-4db4950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:41:08.000Z", "modified": "2020-01-20T15:41:08.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5de6335d-e128-4bc0-87e2-4db4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:41:08.000Z", "modified": "2020-01-20T15:41:08.000Z", "name": "OSINT - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting", "published": "2020-01-20T15:58:34Z", "object_refs": [ "observed-data--5de6382a-2234-43eb-bff9-4682950d210f", "url--5de6382a-2234-43eb-bff9-4682950d210f", "x-misp-attribute--5de64234-f680-4632-8685-4637950d210f", "indicator--5de66ed7-e800-4ad9-b5b0-3e72950d210f", "indicator--5de66ed7-5638-4021-91e9-3e72950d210f", "indicator--5de66ed7-42b8-43e5-8e6e-3e72950d210f", "indicator--5de66ed7-3438-48ee-973c-3e72950d210f", "indicator--5de66ed7-8bec-4c8b-acb0-3e72950d210f", "indicator--5de66ed7-9a94-4a54-815b-3e72950d210f", "indicator--5de66ed7-8ae8-4c2b-8222-3e72950d210f", "indicator--5de66ed7-0670-4133-b94e-3e72950d210f", "indicator--5de66ed7-fd84-4e19-b86d-3e72950d210f", "indicator--5de66ed7-1bcc-48fa-b76a-3e72950d210f", "indicator--5de66ed7-3118-4d36-8eb9-3e72950d210f", "indicator--5de6523d-de58-472f-9156-4d3e950d210f", "observed-data--5de65459-590c-4181-98d5-4efa950d210f", "email-message--5de65459-590c-4181-98d5-4efa950d210f", "email-addr--5de65459-f94c-482e-b180-456c950d210f", "observed-data--5de654b1-2f18-4646-9819-4f1b950d210f", "email-message--5de654b1-2f18-4646-9819-4f1b950d210f", "email-addr--5de654b2-3690-4be9-abf9-431b950d210f", "observed-data--5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f", "observed-data--5de66884-3dac-4677-a9a7-226f950d210f", "email-message--5de66884-3dac-4677-a9a7-226f950d210f", "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f", "observed-data--5de668b6-6da0-4e21-a3ed-1e9a950d210f", "email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f", "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f", "observed-data--5de66aa6-89f8-4ef4-9464-4ae2950d210f", "email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f", "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f", "indicator--5de66b15-8000-4f4f-82f4-3e63950d210f", "observed-data--5de66b98-18b4-4a53-924a-1179950d210f", "email-message--5de66b98-18b4-4a53-924a-1179950d210f", "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f", "indicator--5de66bc8-ea38-4b6f-866b-3e74950d210f", "observed-data--5de66be7-3a30-4ec6-b560-3e72950d210f", "email-message--5de66be7-3a30-4ec6-b560-3e72950d210f", "indicator--5de66e18-37bc-4d03-80a3-0458950d210f", "indicator--5de66e3e-1334-4add-95d9-1bc6950d210f", "indicator--5de66e5d-2724-41ec-8491-7ac9950d210f", "indicator--c69e95e9-9f4a-47bd-9cca-df70112bf4ba", "indicator--14ce7404-1d9e-489b-91c1-62bd49ac088a", "indicator--33757eab-39f8-4dd3-bdc3-abe31bdb329e", "indicator--dbf15608-73c3-4fdd-abec-cbd4abf42b9b", "indicator--825ee3e8-ec27-47b1-93fd-800aac6cb009", "indicator--286489c4-fc1a-4722-a1d2-0a2cef367629", "indicator--0bdc7720-3ac3-40ae-bcc3-d6db34735dbd", "indicator--c2fc02ff-1e36-4f10-8b9f-684ebdc9854b", "indicator--043a1485-d6a4-45dc-b086-c3ff04371713", "indicator--fbd5daea-0454-4809-9ce2-9b1bf3898953", "indicator--54702d2c-5a8a-4a1f-8ab0-793464fc828f", "indicator--2db4134a-4d62-4ebe-b3f1-6c1c15437ff8", "indicator--4cf21017-f924-403b-ab8e-380573ea512e", "indicator--94a30556-2476-4fd2-94d6-06a151831884", "indicator--87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d", "indicator--ee15f4bd-db1d-4297-a53b-9ab11ab65716", "indicator--a846ef5e-c63a-4068-984b-8cdc38ef617b", "indicator--1b6633ee-60c0-48fb-8b49-6fcc7d411309", "indicator--c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7", "indicator--e0c182b5-2961-461b-bc17-36cc4ff11dc5", "indicator--fd1343f2-286e-4036-b9a8-1adff8eb2479", "indicator--e9693797-9115-4631-972d-7a8e0e3a1e9e", "indicator--82666f1d-b22b-436e-979d-5d75e303e141", "indicator--5ac505ff-4ea6-4dbd-8dd8-75a55c32741e", "indicator--71915c2b-eb82-44d7-90d4-566307cca0a5", "indicator--96669752-aadb-43b9-8c29-7ccec173980d", "indicator--ad36a520-c695-43b7-8ad2-a7de2481e6da", "indicator--62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d", "indicator--9cf77da3-bde0-4a41-874f-60c45953b1e0" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "\tmalware_classification:malware-category=\"Botnet\"", "malware_classification:malware-category=\"Botnet\"", "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"", "misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"", "misp-galaxy:threat-actor=\"APT33\"", "misp-galaxy:threat-actor=\"MAGNALLIUM\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de6382a-2234-43eb-bff9-4682950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T11:53:19.000Z", "modified": "2019-12-03T11:53:19.000Z", "first_observed": "2019-12-03T11:53:19Z", "last_observed": "2019-12-03T11:53:19Z", "number_observed": 1, "object_refs": [ "url--5de6382a-2234-43eb-bff9-4682950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5de6382a-2234-43eb-bff9-4682950d210f", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5de64234-f680-4632-8685-4637950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T11:53:36.000Z", "modified": "2019-12-03T11:53:36.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-e800-4ad9-b5b0-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'oorgans.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-5638-4021-91e9-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'suncocity.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-42b8-43e5-8e6e-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'zandelshop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-3438-48ee-973c-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'simsoshop.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-8bec-4c8b-acb0-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'zeverco.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-9a94-4a54-815b-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'qualitweb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-8ae8-4c2b-8222-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'service-explorer.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-0670-4133-b94e-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'service-norton.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-fd84-4e19-b86d-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'service-eset.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-1bcc-48fa-b76a-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'service-essential.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66ed7-3118-4d36-8eb9-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:25:02.000Z", "modified": "2019-12-03T14:25:02.000Z", "description": "APT33 C&C domains for extreme narrow targeting", "pattern": "[domain-name:value = 'update-symantec.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:25:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de6523d-de58-472f-9156-4d3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:37:04.000Z", "modified": "2020-01-20T15:37:04.000Z", "pattern": "[email-message:from_ref.value = 'recruitment@alsalam.aero' AND email-message:date = '2016-12-31T00:00:00' AND email-message:subject = 'Job Opportunity']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-12-31T07:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de65459-590c-4181-98d5-4efa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:39:16.000Z", "modified": "2020-01-20T15:39:16.000Z", "first_observed": "2017-04-17T07:00:00Z", "last_observed": "2020-01-20T15:39:16Z", "number_observed": 1, "object_refs": [ "email-message--5de65459-590c-4181-98d5-4efa950d210f", "email-addr--5de65459-f94c-482e-b180-456c950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de65459-590c-4181-98d5-4efa950d210f", "is_multipart": false, "date": "2017-04-17T00:00:00Z", "from_ref": "email-addr--5de65459-f94c-482e-b180-456c950d210f", "subject": "Vacancy Announcement" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de65459-f94c-482e-b180-456c950d210f", "value": "recruitment@alsalam.aero" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de654b1-2f18-4646-9819-4f1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:38:51.000Z", "modified": "2020-01-20T15:38:51.000Z", "first_observed": "2018-09-25T07:00:00Z", "last_observed": "2020-01-20T15:38:51Z", "number_observed": 1, "object_refs": [ "email-message--5de654b1-2f18-4646-9819-4f1b950d210f", "email-addr--5de654b2-3690-4be9-abf9-431b950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de654b1-2f18-4646-9819-4f1b950d210f", "is_multipart": false, "date": "2018-09-25T00:00:00Z", "from_ref": "email-addr--5de654b2-3690-4be9-abf9-431b950d210f", "subject": "AramCo Jobs" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de654b2-3690-4be9-abf9-431b950d210f", "value": "careers@aramcojobs.ga" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:38:30.000Z", "modified": "2020-01-20T15:38:30.000Z", "first_observed": "2018-10-22T07:00:00Z", "last_observed": "2020-01-20T15:38:30Z", "number_observed": 1, "object_refs": [ "email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "is_multipart": false, "date": "2018-10-22T00:00:00Z", "from_ref": "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f", "subject": "Job Openning at SAMREF" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f", "value": "jobs@samref.ga" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de66884-3dac-4677-a9a7-226f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:38:04.000Z", "modified": "2020-01-20T15:38:04.000Z", "first_observed": "2018-07-02T07:00:00Z", "last_observed": "2020-01-20T15:38:04Z", "number_observed": 1, "object_refs": [ "email-message--5de66884-3dac-4677-a9a7-226f950d210f", "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de66884-3dac-4677-a9a7-226f950d210f", "is_multipart": false, "date": "2018-07-02T00:00:00Z", "from_ref": "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f", "subject": "Job Opportunity SIPCHEM" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f", "value": "careers@sipchem.ga" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de668b6-6da0-4e21-a3ed-1e9a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:37:28.000Z", "modified": "2020-01-20T15:37:28.000Z", "first_observed": "2017-09-11T07:00:00Z", "last_observed": "2020-01-20T15:37:28Z", "number_observed": 1, "object_refs": [ "email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f", "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f", "is_multipart": false, "date": "2017-09-11T00:00:00Z", "from_ref": "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f", "subject": "Job Opportunity" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f", "value": "jobs@ngaaksa.ga" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de66aa6-89f8-4ef4-9464-4ae2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:36:45.000Z", "modified": "2020-01-20T15:36:45.000Z", "first_observed": "2018-08-28T07:00:00Z", "last_observed": "2020-01-20T15:36:45Z", "number_observed": 1, "object_refs": [ "email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f", "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f", "is_multipart": false, "date": "2018-08-28T00:00:00Z", "from_ref": "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f", "subject": "Latest Vacancy" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f", "value": "careers@aramcojobs.ga" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66b15-8000-4f4f-82f4-3e63950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:36:08.000Z", "modified": "2020-01-20T15:36:08.000Z", "pattern": "[email-message:from_ref.value = 'careers@aramcojobs.ga' AND email-message:date = '2018-08-26T00:00:00' AND email-message:subject = 'Latest Vacancy']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-26T07:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de66b98-18b4-4a53-924a-1179950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:31:21.000Z", "modified": "2020-01-20T15:31:21.000Z", "first_observed": "2017-07-17T07:00:00Z", "last_observed": "2020-01-20T15:31:21Z", "number_observed": 1, "object_refs": [ "email-message--5de66b98-18b4-4a53-924a-1179950d210f", "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de66b98-18b4-4a53-924a-1179950d210f", "is_multipart": false, "date": "2017-07-17T00:00:00Z", "from_ref": "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f", "subject": "Job Openning" }, { "type": "email-addr", "spec_version": "2.1", "id": "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f", "value": "careers@ngaaksa.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66bc8-ea38-4b6f-866b-3e74950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:30:53.000Z", "modified": "2020-01-20T15:30:53.000Z", "pattern": "[email-message:from_ref.value = 'jobs@dyn-intl.ga' AND email-message:date = '2017-11-20T00:00:00' AND email-message:subject = 'Job Openning']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-11-20T07:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5de66be7-3a30-4ec6-b560-3e72950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:30:20.000Z", "modified": "2020-01-20T15:30:20.000Z", "first_observed": "2017-11-28T07:00:00Z", "last_observed": "2020-01-20T15:30:20Z", "number_observed": 1, "object_refs": [ "email-message--5de66be7-3a30-4ec6-b560-3e72950d210f" ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] }, { "type": "email-message", "spec_version": "2.1", "id": "email-message--5de66be7-3a30-4ec6-b560-3e72950d210f", "is_multipart": false, "date": "2017-11-28T00:00:00Z", "subject": "Job Openning" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66e18-37bc-4d03-80a3-0458950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:40:00.000Z", "modified": "2020-01-20T15:40:00.000Z", "pattern": "[email-message:from_ref.value = 'jobs@mail.dyn-corp.ga' AND email-message:date = '2018-03-05T00:00:00' AND email-message:subject = 'Job Openning']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-03-05T00:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66e3e-1334-4add-95d9-1bc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:40:32.000Z", "modified": "2020-01-20T15:40:32.000Z", "pattern": "[email-message:from_ref.value = 'jobs@sipchem.ga' AND email-message:date = '2018-07-30T00:00:00' AND email-message:subject = 'Job Openning']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-30T00:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5de66e5d-2724-41ec-8491-7ac9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-01-20T15:41:07.000Z", "modified": "2020-01-20T15:41:07.000Z", "pattern": "[email-message:from_ref.value = 'jobs@sipchem.ga' AND email-message:date = '2018-08-14T00:00:00' AND email-message:subject = 'Job Openning']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-08-14T00:00:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c69e95e9-9f4a-47bd-9cca-df70112bf4ba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:26.000Z", "modified": "2019-12-03T14:40:26.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.120.57') AND network-traffic:start = '2018-12-04T00:00:00' AND network-traffic:end = '2019-01-24T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--14ce7404-1d9e-489b-91c1-62bd49ac088a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:27.000Z", "modified": "2019-12-03T14:40:27.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.199.25') AND network-traffic:start = '2019-03-03T00:00:00' AND network-traffic:end = '2019-03-03T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33757eab-39f8-4dd3-bdc3-abe31bdb329e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:27.000Z", "modified": "2019-12-03T14:40:27.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.7.62.48') AND network-traffic:start = '2018-09-26T00:00:00' AND network-traffic:end = '2018-09-29T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--dbf15608-73c3-4fdd-abec-cbd4abf42b9b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:28.000Z", "modified": "2019-12-03T14:40:28.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.77.11.46') AND network-traffic:start = '2019-07-01T00:00:00' AND network-traffic:end = '2019-07-02T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--825ee3e8-ec27-47b1-93fd-800aac6cb009", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:28.000Z", "modified": "2019-12-03T14:40:28.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.36.73.108') AND network-traffic:start = '2019-07-22T00:00:00' AND network-traffic:end = '2019-10-05T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--286489c4-fc1a-4722-a1d2-0a2cef367629", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:29.000Z", "modified": "2019-12-03T14:40:29.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.37.48.172') AND network-traffic:start = '2019-10-22T00:00:00' AND network-traffic:end = '2019-11-05T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0bdc7720-3ac3-40ae-bcc3-d6db34735dbd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:29.000Z", "modified": "2019-12-03T14:40:29.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.38.124.150') AND network-traffic:start = '2018-10-28T00:00:00' AND network-traffic:end = '2018-11-17T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c2fc02ff-1e36-4f10-8b9f-684ebdc9854b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:30.000Z", "modified": "2019-12-03T14:40:30.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.150.221.107') AND network-traffic:start = '2019-09-26T00:00:00' AND network-traffic:end = '2019-11-07T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--043a1485-d6a4-45dc-b086-c3ff04371713", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:31.000Z", "modified": "2019-12-03T14:40:31.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.203.59') AND network-traffic:start = '2018-09-26T00:00:00' AND network-traffic:end = '2018-12-04T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fbd5daea-0454-4809-9ce2-9b1bf3898953", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:32.000Z", "modified": "2019-12-03T14:40:32.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.169.89.103') AND network-traffic:start = '2018-12-02T00:00:00' AND network-traffic:end = '2018-12-14T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54702d2c-5a8a-4a1f-8ab0-793464fc828f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:32.000Z", "modified": "2019-12-03T14:40:32.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.200.24.114') AND network-traffic:start = '2018-11-19T00:00:00' AND network-traffic:end = '2018-12-25T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2db4134a-4d62-4ebe-b3f1-6c1c15437ff8", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:33.000Z", "modified": "2019-12-03T14:40:33.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.74.80.220') AND network-traffic:start = '2018-09-29T00:00:00' AND network-traffic:end = '2018-10-23T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--4cf21017-f924-403b-ab8e-380573ea512e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:33.000Z", "modified": "2019-12-03T14:40:33.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.74.157.84') AND network-traffic:start = '2018-12-18T00:00:00' AND network-traffic:end = '2019-10-21T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94a30556-2476-4fd2-94d6-06a151831884", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:34.000Z", "modified": "2019-12-03T14:40:34.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.122.56.232') AND network-traffic:start = '2018-09-29T00:00:00' AND network-traffic:end = '2018-11-04T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:34.000Z", "modified": "2019-12-03T14:40:34.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.125.204.57') AND network-traffic:start = '2018-10-25T00:00:00' AND network-traffic:end = '2019-01-14T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ee15f4bd-db1d-4297-a53b-9ab11ab65716", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:35.000Z", "modified": "2019-12-03T14:40:35.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.175.138.173') AND network-traffic:start = '2019-01-19T00:00:00' AND network-traffic:end = '2019-01-22T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a846ef5e-c63a-4068-984b-8cdc38ef617b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:35.000Z", "modified": "2019-12-03T14:40:35.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.119.138') AND network-traffic:start = '2018-10-08T00:00:00' AND network-traffic:end = '2018-11-19T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1b6633ee-60c0-48fb-8b49-6fcc7d411309", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:36.000Z", "modified": "2019-12-03T14:40:36.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.70.71.112') AND network-traffic:start = '2019-03-07T00:00:00' AND network-traffic:end = '2019-03-17T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:37.000Z", "modified": "2019-12-03T14:40:37.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.41.72') AND network-traffic:start = '2019-01-13T00:00:00' AND network-traffic:end = '2019-01-20T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e0c182b5-2961-461b-bc17-36cc4ff11dc5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:37.000Z", "modified": "2019-12-03T14:40:37.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.32.113.159') AND network-traffic:start = '2019-06-30T00:00:00' AND network-traffic:end = '2019-09-16T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fd1343f2-286e-4036-b9a8-1adff8eb2479", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:40:38.000Z", "modified": "2019-12-03T14:40:38.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.244.93.137') AND network-traffic:start = '2018-12-10T00:00:00' AND network-traffic:end = '2018-12-21T00:00:00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:40:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e9693797-9115-4631-972d-7a8e0e3a1e9e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:45.000Z", "modified": "2019-12-03T14:44:45.000Z", "pattern": "[file:hashes.SHA256 = 'e954ff741baebb173ba45fbcfdea7499d00d8cfa2933b69f6cc0970b294f9ffd' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--82666f1d-b22b-436e-979d-5d75e303e141", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:51.000Z", "modified": "2019-12-03T14:44:51.000Z", "pattern": "[file:hashes.SHA256 = 'b58a2ef01af65d32ca4ba555bd72931dc68728e6d96d8808afca029b4c75d31e' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ac505ff-4ea6-4dbd-8dd8-75a55c32741e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:51.000Z", "modified": "2019-12-03T14:44:51.000Z", "pattern": "[file:hashes.SHA256 = 'a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--71915c2b-eb82-44d7-90d4-566307cca0a5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:52.000Z", "modified": "2019-12-03T14:44:52.000Z", "pattern": "[file:hashes.SHA256 = 'c303454efb21c0bf0df6fb6c2a14e401efeb57c1c574f63cdae74ef74a3b01f2' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--96669752-aadb-43b9-8c29-7ccec173980d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:53.000Z", "modified": "2019-12-03T14:44:53.000Z", "pattern": "[file:hashes.SHA256 = '75e6bafc4fa496b418df0208f12e688b16e7afdb94a7b30e3eca532717beb9ba' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--ad36a520-c695-43b7-8ad2-a7de2481e6da", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:54.000Z", "modified": "2019-12-03T14:44:54.000Z", "pattern": "[file:hashes.SHA256 = '8fb6cbf6f6b6a897bf0ee1217dbf738bce7a3000507b89ea30049fd670018b46' AND file:name = 'MsdUpdate.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:55.000Z", "modified": "2019-12-03T14:44:55.000Z", "pattern": "[file:hashes.SHA256 = 'ba9d76cca6b5c7308961cfe3739dc1328f3dad9a824417fad73b842b043daa1a' AND file:name = 'DysonPart.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9cf77da3-bde0-4a41-874f-60c45953b1e0", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-12-03T14:44:56.000Z", "modified": "2019-12-03T14:44:56.000Z", "pattern": "[file:hashes.SHA256 = '07e1baf1d0207a139bcf39c60354666496e4331381d36eef9359120b1d8497f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-12-03T14:44:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }