{ "type": "bundle", "id": "bundle--55bb31a3-dcf4-4731-acdd-4851950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:18.000Z", "modified": "2015-07-31T08:31:18.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--55bb31a3-dcf4-4731-acdd-4851950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:18.000Z", "modified": "2015-07-31T08:31:18.000Z", "name": "OSINT Exploring .XYZ (Another Shady TLD Report) by Blue Coat", "published": "2015-07-31T08:33:31Z", "object_refs": [ "observed-data--55bb31b0-3aac-4e22-9cd1-4289950d210b", "url--55bb31b0-3aac-4e22-9cd1-4289950d210b", "indicator--55bb323f-d06c-47f7-b553-4e77950d210b", "indicator--55bb323f-5220-4664-8196-41a6950d210b", "indicator--55bb323f-e878-406a-94eb-43b3950d210b", "indicator--55bb323f-e87c-4450-8f2f-4917950d210b", "indicator--55bb323f-f2cc-42f5-8588-4866950d210b", "indicator--55bb323f-4390-4b2f-9ede-45d1950d210b", "indicator--55bb3240-4ff8-4dd6-a62c-4b88950d210b", "indicator--55bb3240-c074-489e-b5ff-498a950d210b", "indicator--55bb3240-6ec4-418e-b686-40f8950d210b", "indicator--55bb3240-a6f8-4f59-94e7-4fa4950d210b", "indicator--55bb3240-8e34-4240-af51-44ae950d210b", "indicator--55bb3240-45d8-425d-a11e-48bd950d210b", "indicator--55bb3240-ddf4-476a-a419-4b06950d210b", "indicator--55bb3241-49ac-436e-97a6-44b4950d210b", "indicator--55bb3241-07ac-4091-be00-4e66950d210b", "indicator--55bb3241-9794-485d-af22-4893950d210b", "indicator--55bb3241-a6f0-458c-80df-4bfe950d210b", "indicator--55bb3241-5bf4-4d26-b798-4e43950d210b", "indicator--55bb3241-7c88-48c8-9c4e-4728950d210b", "indicator--55bb3241-f118-4f3f-93fc-4f47950d210b", "indicator--55bb3242-0314-4f96-938b-4341950d210b", "indicator--55bb3242-25dc-4703-9f39-4bcc950d210b", "indicator--55bb3242-0e94-49ef-a53e-40b1950d210b", "indicator--55bb3242-9e7c-4099-8f59-4d86950d210b", "indicator--55bb3242-7838-4b52-95dc-4ce4950d210b", "indicator--55bb3242-2d34-416a-997a-483d950d210b", "indicator--55bb3242-9a58-4ae8-8d12-4838950d210b", "indicator--55bb3243-9464-49c2-8b2d-4311950d210b", "indicator--55bb3243-500c-45ec-8c7b-4c0e950d210b", "indicator--55bb3243-bab4-42f2-ac6b-4ed6950d210b", "indicator--55bb3243-8b2c-4f6f-b23e-465d950d210b", "indicator--55bb3243-2114-4e2c-9452-43a1950d210b", "indicator--55bb3243-1a98-45d7-b63f-449f950d210b", "indicator--55bb3243-eb58-4648-a37e-48fb950d210b", "indicator--55bb3256-9ae0-4ad9-86d1-400e950d210b", "indicator--55bb3256-3318-4904-8b07-4c09950d210b", "indicator--55bb3256-e364-40ce-b7c3-4c12950d210b", "indicator--55bb3257-0d7c-41aa-b749-4edf950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--55bb31b0-3aac-4e22-9cd1-4289950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:28:32.000Z", "modified": "2015-07-31T08:28:32.000Z", "first_observed": "2015-07-31T08:28:32Z", "last_observed": "2015-07-31T08:28:32Z", "number_observed": 1, "object_refs": [ "url--55bb31b0-3aac-4e22-9cd1-4289950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--55bb31b0-3aac-4e22-9cd1-4289950d210b", "value": "https://www.bluecoat.com/security-blog/2015-07-14/exploring-xyz-another-shady-tld-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-d06c-47f7-b553-4e77950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'mtmiss.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-5220-4664-8196-41a6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'mineex.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-e878-406a-94eb-43b3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'useesp.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-e87c-4450-8f2f-4917950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'rudead.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-f2cc-42f5-8588-4866950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'ineats.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb323f-4390-4b2f-9ede-45d1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:55.000Z", "modified": "2015-07-31T08:30:55.000Z", "pattern": "[domain-name:value = 'scrami.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-4ff8-4dd6-a62c-4b88950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'indianews.com-40rxk6itwdk71bdcb6xlq9cst3upsp.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-c074-489e-b5ff-498a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'amazingdeals.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-6ec4-418e-b686-40f8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'areaairports.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-a6f8-4f59-94e7-4fa4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'shiftingsmokers.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-8e34-4240-af51-44ae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'theyrefriends.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-45d8-425d-a11e-48bd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'retirementspacecraft.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3240-ddf4-476a-a419-4b06950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:56.000Z", "modified": "2015-07-31T08:30:56.000Z", "pattern": "[domain-name:value = 'findville.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-49ac-436e-97a6-44b4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'levelstate.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-07ac-4091-be00-4e66950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'providerstore.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-9794-485d-af22-4893950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'overjoyedst.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-a6f0-458c-80df-4bfe950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'possessedaa.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-5bf4-4d26-b798-4e43950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'unfortunatest.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-7c88-48c8-9c4e-4728950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'publishedux.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3241-f118-4f3f-93fc-4f47950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:57.000Z", "modified": "2015-07-31T08:30:57.000Z", "pattern": "[domain-name:value = 'naturalistsky.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-0314-4f96-938b-4341950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'flowerbeder.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-25dc-4703-9f39-4bcc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'fireworksht.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-0e94-49ef-a53e-40b1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'cultivatedci.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-9e7c-4099-8f59-4d86950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'magazinesdj.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-7838-4b52-95dc-4ce4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'throbbingiv.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-2d34-416a-997a-483d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'intellectualme.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3242-9a58-4ae8-8d12-4838950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:58.000Z", "modified": "2015-07-31T08:30:58.000Z", "pattern": "[domain-name:value = 'proceedingsxu.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-9464-49c2-8b2d-4311950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'ownershipep.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-500c-45ec-8c7b-4c0e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'agreeablefw.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-bab4-42f2-ac6b-4ed6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'intimidatens.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-8b2c-4f6f-b23e-465d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'unanimouslyxy.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-2114-4e2c-9452-43a1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'wildernessax.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-1a98-45d7-b63f-449f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'hypothesisbx.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3243-eb58-4648-a37e-48fb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:30:59.000Z", "modified": "2015-07-31T08:30:59.000Z", "pattern": "[domain-name:value = 'likelihoodkp.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:30:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3256-9ae0-4ad9-86d1-400e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:18.000Z", "modified": "2015-07-31T08:31:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.1.82.185']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:31:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3256-3318-4904-8b07-4c09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:18.000Z", "modified": "2015-07-31T08:31:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.1.82.184']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:31:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3256-e364-40ce-b7c3-4c12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:18.000Z", "modified": "2015-07-31T08:31:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.1.82.178']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:31:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--55bb3257-0d7c-41aa-b749-4edf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-07-31T08:31:19.000Z", "modified": "2015-07-31T08:31:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.1.82.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-07-31T08:31:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }