{ "type": "bundle", "id": "bundle--5c18091d-d158-41aa-88c7-4692950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:44:58.000Z", "modified": "2018-12-17T20:44:58.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c18091d-d158-41aa-88c7-4692950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:44:58.000Z", "modified": "2018-12-17T20:44:58.000Z", "name": "OSINT - The Return of The Charming Kitten", "published": "2018-12-17T20:45:11Z", "object_refs": [ "observed-data--5c180964-4e10-4189-aa57-4685950d210f", "url--5c180964-4e10-4189-aa57-4685950d210f", "x-misp-attribute--5c180987-3da0-4715-b69b-498c950d210f", "indicator--5c180a1b-2ca8-432c-b105-4d0c950d210f", "indicator--5c180a1d-c488-45b5-8d5e-4247950d210f", "indicator--5c180a1e-13d0-4489-b976-4c0d950d210f", "indicator--5c180a1f-d0b8-4823-819e-4bd5950d210f", "indicator--5c180a20-8ebc-462e-ae17-4eb3950d210f", "indicator--5c180a22-28e4-4fc7-aaa0-4e0a950d210f", "indicator--5c180a23-64d4-4f63-9505-4c89950d210f", "indicator--5c180a24-8308-4a44-8df0-47ec950d210f", "indicator--5c180a26-a904-4be3-9282-4660950d210f", "indicator--5c180a27-b4a8-4b09-bd4c-4ec2950d210f", "indicator--5c180a27-94a4-4681-99dd-446c950d210f", "indicator--5c180a28-3c24-4a25-b1e9-46ce950d210f", "indicator--5c180a28-dee0-437f-8024-4e93950d210f", "indicator--5c180a29-d948-417a-a429-4617950d210f", "indicator--5c180a29-623c-4e02-941c-4b94950d210f", "indicator--5c180a29-87c8-4dfd-b299-4683950d210f", "indicator--5c180a2a-1514-473e-84bf-48e3950d210f", "indicator--5c180a2a-3dfc-4442-aa2c-40d4950d210f", "indicator--5c180a2b-c934-4047-9b06-4ddb950d210f", "indicator--5c180a2b-615c-4cb4-b783-49b8950d210f", "indicator--5c180a2c-5fc0-468f-9a7b-4b3b950d210f", "indicator--5c180a2c-5ca4-46a6-942c-4c57950d210f", "indicator--5c180a2d-955c-4009-ac98-490f950d210f", "indicator--5c180a2d-835c-423b-b744-4caf950d210f", "indicator--5c180a2e-71e4-47fe-bcb4-4079950d210f", "indicator--5c180a2e-4d94-4a0c-aefe-4447950d210f", "indicator--5c180a2e-f76c-4bd0-861d-48d0950d210f", "indicator--5c180a2f-f8a4-4f92-92fa-4cc6950d210f", "indicator--5c180a2f-838c-4a83-93a3-42f6950d210f", "indicator--5c180a30-7724-44c1-83a3-4df7950d210f", "indicator--5c180a30-8f0c-4a1e-930c-439f950d210f", "indicator--5c180a31-4604-43df-aa60-4822950d210f", "indicator--5c180a31-6cf4-4e8a-b6b3-4033950d210f", "indicator--5c180a32-b96c-4692-9c9d-4883950d210f", "indicator--5c180a32-9f34-438b-a2c3-4539950d210f", "indicator--5c180a33-5000-4a32-90e9-47d8950d210f", "indicator--5c180a33-a610-44c9-b811-433c950d210f", "indicator--5c180a34-2f0c-4679-b8ef-4d1f950d210f", "indicator--5c180a34-97e0-42c9-9ee0-49ed950d210f", "indicator--5c180a34-74a0-464e-b821-4b8b950d210f", "indicator--5c180a35-2fec-4496-ba64-43cb950d210f", "indicator--5c180a35-733c-414d-bca8-4060950d210f", "indicator--5c180a36-16d4-4755-a27d-493d950d210f", "indicator--5c180a36-ae74-471f-a417-4cd5950d210f", "indicator--5c180a37-30b0-4c44-bfde-479c950d210f", "indicator--5c180a38-f69c-490a-9371-48ec950d210f", "indicator--5c180a38-d84c-44b9-b9a0-419c950d210f", "indicator--5c180a39-bf3c-4957-aa12-410d950d210f", "indicator--5c180a39-0e84-450b-a010-4743950d210f", "indicator--5c180a3a-e9e4-4a35-9236-4c9b950d210f", "indicator--5c180a3a-edb4-470d-a573-4bb6950d210f", "indicator--5c180a3b-377c-4067-bc6d-4f48950d210f", "indicator--5c180a3b-a670-456f-a552-438d950d210f", "indicator--5c180a3c-5cd0-46fe-9b40-4e15950d210f", "indicator--5c180a3c-99e8-44e8-af12-4db5950d210f", "indicator--5c180a3d-67f8-42ba-a30b-4e60950d210f", "indicator--5c180a3d-fb3c-4c30-906a-41c7950d210f", "indicator--5c180a3d-01bc-448c-a56c-4f0c950d210f", "indicator--5c180a3e-b674-4eda-b244-4ccd950d210f", "indicator--5c180a3e-322c-4fcf-8621-4ee3950d210f", "indicator--5c180a3f-10e4-4cae-b8a6-4107950d210f", "indicator--5c180a3f-707c-4a70-a2f4-4af5950d210f", "indicator--5c180a40-82e4-4b15-ab28-4849950d210f", "indicator--5c180a40-7db0-4b32-8706-4c1a950d210f", "indicator--5c180a41-90dc-4962-8feb-4d85950d210f", "indicator--5c180a41-f198-481f-95ba-454f950d210f", "indicator--5c180a41-fa24-445c-8161-4c6b950d210f", "indicator--5c180a42-3694-4965-9260-4f92950d210f", "indicator--5c180a42-3208-42cc-9332-44b3950d210f", "indicator--5c180a43-f5e4-46ac-b565-43c0950d210f", "indicator--5c180a43-9a2c-478a-b77e-4977950d210f", "indicator--5c180a44-085c-4aca-a0bf-43d0950d210f", "indicator--5c180a44-7c4c-425c-ae6d-44a6950d210f", "indicator--5c180a45-9334-4b84-97a7-472c950d210f", "indicator--5c180a45-145c-4389-bd86-4298950d210f", "indicator--5c180a46-7180-4780-ba2d-45cb950d210f", "indicator--5c180a46-5a14-4b04-80b3-45b8950d210f", "indicator--5c180a47-49d0-47a6-9c89-40de950d210f", "indicator--5c180a47-8b30-4af4-bd3f-43ec950d210f", "indicator--5c180a47-3c6c-4e1c-9d39-4b50950d210f", "indicator--5c180a48-c034-48f8-a247-4205950d210f", "indicator--5c180a48-8990-4724-acaa-4110950d210f", "indicator--5c180a49-5600-49ec-ba9a-49d3950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"", "misp-galaxy:threat-actor=\"Charming Kitten\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5c180964-4e10-4189-aa57-4685950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:39:00.000Z", "modified": "2018-12-17T20:39:00.000Z", "first_observed": "2018-12-17T20:39:00Z", "last_observed": "2018-12-17T20:39:00Z", "number_observed": 1, "object_refs": [ "url--5c180964-4e10-4189-aa57-4685950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5c180964-4e10-4189-aa57-4685950d210f", "value": "https://blog.certfa.com/posts/the-return-of-the-charming-kitten/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5c180987-3da0-4715-b69b-498c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:39:35.000Z", "modified": "2018-12-17T20:39:35.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Phishing attacks are the most common form of infiltration used by Iranian state-backed hackers to gain access into accounts. Certfa reviews the latest campaign of phishing attacks that has been carried out and dubbed as \u00e2\u20ac\u0153The Return of The Charming Kitten\u00e2\u20ac\u009d.\r\n\r\nIn this campaign, hackers have targeted individuals who are involved in economic and military sanctions against the Islamic Republic of Iran as well as politicians, civil and human rights activists and journalists around the world.\r\n\r\nOur review in Certfa demonstrates that the hackers - knowing that their victims use two-step verification - target verification codes and also their email accounts such as Yahoo! and Gmail. As a result, Certfa believes the safest existing way to confront these attacks is using Security Keys such as YubiKey." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a1b-2ca8-432c-b105-4d0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:03.000Z", "modified": "2018-12-17T20:42:03.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.162.132.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a1d-c488-45b5-8d5e-4247950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:05.000Z", "modified": "2018-12-17T20:42:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.2.154.34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a1e-13d0-4489-b976-4c0d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:06.000Z", "modified": "2018-12-17T20:42:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.2.154.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a1f-d0b8-4823-819e-4bd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:07.000Z", "modified": "2018-12-17T20:42:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.2.154.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a20-8ebc-462e-ae17-4eb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:08.000Z", "modified": "2018-12-17T20:42:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.2.154.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a22-28e4-4fc7-aaa0-4e0a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:10.000Z", "modified": "2018-12-17T20:42:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.166.151.211']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a23-64d4-4f63-9505-4c89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:11.000Z", "modified": "2018-12-17T20:42:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.87.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a24-8308-4a44-8df0-47ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:12.000Z", "modified": "2018-12-17T20:42:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.87.65']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a26-a904-4be3-9282-4660950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:14.000Z", "modified": "2018-12-17T20:42:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.68.185.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a27-b4a8-4b09-bd4c-4ec2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:15.000Z", "modified": "2018-12-17T20:42:15.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.107.113']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a27-94a4-4681-99dd-446c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:15.000Z", "modified": "2018-12-17T20:42:15.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.189.45']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a28-3c24-4a25-b1e9-46ce950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:16.000Z", "modified": "2018-12-17T20:42:16.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.189.46']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a28-dee0-437f-8024-4e93950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:16.000Z", "modified": "2018-12-17T20:42:16.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.189.47']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a29-d948-417a-a429-4617950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:17.000Z", "modified": "2018-12-17T20:42:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.227.139.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a29-623c-4e02-941c-4b94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:17.000Z", "modified": "2018-12-17T20:42:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.37.241.221']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a29-87c8-4dfd-b299-4683950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:17.000Z", "modified": "2018-12-17T20:42:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.38.144.250']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2a-1514-473e-84bf-48e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:18.000Z", "modified": "2018-12-17T20:42:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.38.144.251']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2a-3dfc-4442-aa2c-40d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:18.000Z", "modified": "2018-12-17T20:42:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.38.144.252']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2b-c934-4047-9b06-4ddb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:19.000Z", "modified": "2018-12-17T20:42:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.127.172']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2b-615c-4cb4-b783-49b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:19.000Z", "modified": "2018-12-17T20:42:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.127.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2c-5fc0-468f-9a7b-4b3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:20.000Z", "modified": "2018-12-17T20:42:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.127.174']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2c-5ca4-46a6-942c-4c57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:20.000Z", "modified": "2018-12-17T20:42:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.127.175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2d-955c-4009-ac98-490f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:21.000Z", "modified": "2018-12-17T20:42:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.198.179.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2d-835c-423b-b744-4caf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:21.000Z", "modified": "2018-12-17T20:42:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.2.213.18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2e-71e4-47fe-bcb4-4079950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:22.000Z", "modified": "2018-12-17T20:42:22.000Z", "pattern": "[domain-name:value = 'accounts-support.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2e-4d94-4a0c-aefe-4447950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:22.000Z", "modified": "2018-12-17T20:42:22.000Z", "pattern": "[domain-name:value = 'broadcast-news.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2e-f76c-4bd0-861d-48d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:22.000Z", "modified": "2018-12-17T20:42:22.000Z", "pattern": "[domain-name:value = 'broadcastnews.pro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2f-f8a4-4f92-92fa-4cc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:23.000Z", "modified": "2018-12-17T20:42:23.000Z", "pattern": "[domain-name:value = 'com-identifier-servicelog.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a2f-838c-4a83-93a3-42f6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:23.000Z", "modified": "2018-12-17T20:42:23.000Z", "pattern": "[domain-name:value = 'com-identifier-servicelog.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a30-7724-44c1-83a3-4df7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:24.000Z", "modified": "2018-12-17T20:42:24.000Z", "pattern": "[domain-name:value = 'com-identifier-userservicelog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a30-8f0c-4a1e-930c-439f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:24.000Z", "modified": "2018-12-17T20:42:24.000Z", "pattern": "[domain-name:value = 'confirm-session-identification.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a31-4604-43df-aa60-4822950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:25.000Z", "modified": "2018-12-17T20:42:25.000Z", "pattern": "[domain-name:value = 'confirm-session-identifier.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a31-6cf4-4e8a-b6b3-4033950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:25.000Z", "modified": "2018-12-17T20:42:25.000Z", "pattern": "[domain-name:value = 'confirmation-service.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a32-b96c-4692-9c9d-4883950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:26.000Z", "modified": "2018-12-17T20:42:26.000Z", "pattern": "[domain-name:value = 'customer-recovery.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a32-9f34-438b-a2c3-4539950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:26.000Z", "modified": "2018-12-17T20:42:26.000Z", "pattern": "[domain-name:value = 'customize-identity.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a33-5000-4a32-90e9-47d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:27.000Z", "modified": "2018-12-17T20:42:27.000Z", "pattern": "[domain-name:value = 'document-share.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a33-a610-44c9-b811-433c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:27.000Z", "modified": "2018-12-17T20:42:27.000Z", "pattern": "[domain-name:value = 'document.support-recoverycustomers.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a34-2f0c-4679-b8ef-4d1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:28.000Z", "modified": "2018-12-17T20:42:28.000Z", "pattern": "[domain-name:value = 'documentofficupdate.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a34-97e0-42c9-9ee0-49ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:28.000Z", "modified": "2018-12-17T20:42:28.000Z", "pattern": "[domain-name:value = 'documents.accounts-support.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a34-74a0-464e-b821-4b8b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:28.000Z", "modified": "2018-12-17T20:42:28.000Z", "pattern": "[domain-name:value = 'documentsfilesharing.cloud']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a35-2fec-4496-ba64-43cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:29.000Z", "modified": "2018-12-17T20:42:29.000Z", "pattern": "[domain-name:value = 'email-delivery.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a35-733c-414d-bca8-4060950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:29.000Z", "modified": "2018-12-17T20:42:29.000Z", "pattern": "[domain-name:value = 'mobile-sessionid.customize-identity.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a36-16d4-4755-a27d-493d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:30.000Z", "modified": "2018-12-17T20:42:30.000Z", "pattern": "[domain-name:value = 'mobiles-sessionid.customize-identity.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a36-ae74-471f-a417-4cd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:30.000Z", "modified": "2018-12-17T20:42:30.000Z", "pattern": "[domain-name:value = 'my-scribdinc.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a37-30b0-4c44-bfde-479c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:31.000Z", "modified": "2018-12-17T20:42:31.000Z", "pattern": "[domain-name:value = 'myyahoo.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a38-f69c-490a-9371-48ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:32.000Z", "modified": "2018-12-17T20:42:32.000Z", "pattern": "[domain-name:value = 'notificationapp.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a38-d84c-44b9-b9a0-419c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:32.000Z", "modified": "2018-12-17T20:42:32.000Z", "pattern": "[domain-name:value = 'onlinemessenger.com-identifier-servicelog.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a39-bf3c-4957-aa12-410d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:33.000Z", "modified": "2018-12-17T20:42:33.000Z", "pattern": "[domain-name:value = 'podcastmedia.online']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a39-0e84-450b-a010-4743950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:33.000Z", "modified": "2018-12-17T20:42:33.000Z", "pattern": "[domain-name:value = 'recoveryusercustomer.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3a-e9e4-4a35-9236-4c9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:34.000Z", "modified": "2018-12-17T20:42:34.000Z", "pattern": "[domain-name:value = 'session-management.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3a-edb4-470d-a573-4bb6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:34.000Z", "modified": "2018-12-17T20:42:34.000Z", "pattern": "[domain-name:value = 'support-recoverycustomers.services']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3b-377c-4067-bc6d-4f48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:35.000Z", "modified": "2018-12-17T20:42:35.000Z", "pattern": "[domain-name:value = 'continue-session-identifier.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3b-a670-456f-a552-438d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:35.000Z", "modified": "2018-12-17T20:42:35.000Z", "pattern": "[domain-name:value = 'mobilecontinue.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3c-5cd0-46fe-9b40-4e15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:36.000Z", "modified": "2018-12-17T20:42:36.000Z", "pattern": "[domain-name:value = 'session-identifier-webservice.mobilecontinue.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3c-99e8-44e8-af12-4db5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:36.000Z", "modified": "2018-12-17T20:42:36.000Z", "pattern": "[domain-name:value = 'com-messengersaccount.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3d-67f8-42ba-a30b-4e60950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:37.000Z", "modified": "2018-12-17T20:42:37.000Z", "pattern": "[domain-name:value = 'invitation-to-messenger.space']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3d-fb3c-4c30-906a-41c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:37.000Z", "modified": "2018-12-17T20:42:37.000Z", "pattern": "[domain-name:value = 'confirm-identification.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3d-01bc-448c-a56c-4f0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:37.000Z", "modified": "2018-12-17T20:42:37.000Z", "pattern": "[domain-name:value = 'mobile.confirm-identification.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3e-b674-4eda-b244-4ccd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:38.000Z", "modified": "2018-12-17T20:42:38.000Z", "pattern": "[domain-name:value = 'services.confirm-identification.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3e-322c-4fcf-8621-4ee3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:38.000Z", "modified": "2018-12-17T20:42:38.000Z", "pattern": "[domain-name:value = 'mobile-messengerplus.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3f-10e4-4cae-b8a6-4107950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:39.000Z", "modified": "2018-12-17T20:42:39.000Z", "pattern": "[domain-name:value = 'confirm.mobile-messengerplus.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a3f-707c-4a70-a2f4-4af5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:39.000Z", "modified": "2018-12-17T20:42:39.000Z", "pattern": "[domain-name:value = 'com-messengercenters.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a40-82e4-4b15-ab28-4849950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:40.000Z", "modified": "2018-12-17T20:42:40.000Z", "pattern": "[domain-name:value = 'securemail.mobile-messengerplus.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a40-7db0-4b32-8706-4c1a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:40.000Z", "modified": "2018-12-17T20:42:40.000Z", "pattern": "[domain-name:value = 'documents.mobile-messengerplus.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a41-90dc-4962-8feb-4d85950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:41.000Z", "modified": "2018-12-17T20:42:41.000Z", "pattern": "[domain-name:value = 'confirm-identity.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a41-f198-481f-95ba-454f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:41.000Z", "modified": "2018-12-17T20:42:41.000Z", "pattern": "[domain-name:value = 'identifier-sessions-mailactivityid.site']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a41-fa24-445c-8161-4c6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:41.000Z", "modified": "2018-12-17T20:42:41.000Z", "pattern": "[domain-name:value = 'activatecodeoption.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a42-3694-4965-9260-4f92950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:42.000Z", "modified": "2018-12-17T20:42:42.000Z", "pattern": "[domain-name:value = 'broadcastpopuer.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a42-3208-42cc-9332-44b3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:42.000Z", "modified": "2018-12-17T20:42:42.000Z", "pattern": "[domain-name:value = 'books.com-identifier-servicelog.name']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a43-f5e4-46ac-b565-43c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:43.000Z", "modified": "2018-12-17T20:42:43.000Z", "pattern": "[domain-name:value = 'mb.sessions-identifier-memberemailid.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a43-9a2c-478a-b77e-4977950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:43.000Z", "modified": "2018-12-17T20:42:43.000Z", "pattern": "[domain-name:value = 'sessions-identifier-memberemailid.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a44-085c-4aca-a0bf-43d0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:44.000Z", "modified": "2018-12-17T20:42:44.000Z", "pattern": "[domain-name:value = 'sessions.mobile-messengerplus.network']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a44-7c4c-425c-ae6d-44a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:44.000Z", "modified": "2018-12-17T20:42:44.000Z", "pattern": "[domain-name:value = 'confirm-verification-process.systems']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a45-9334-4b84-97a7-472c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:45.000Z", "modified": "2018-12-17T20:42:45.000Z", "pattern": "[domain-name:value = 'accounts.confirm-verification-process.systems']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a45-145c-4389-bd86-4298950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:45.000Z", "modified": "2018-12-17T20:42:45.000Z", "pattern": "[domain-name:value = 'broadcastnews.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a46-7180-4780-ba2d-45cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:46.000Z", "modified": "2018-12-17T20:42:46.000Z", "pattern": "[domain-name:value = 'account-profile-users.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a46-5a14-4b04-80b3-45b8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:46.000Z", "modified": "2018-12-17T20:42:46.000Z", "pattern": "[domain-name:value = 'us2-mail-login-profile.site']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a47-49d0-47a6-9c89-40de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:47.000Z", "modified": "2018-12-17T20:42:47.000Z", "pattern": "[domain-name:value = 'us2.login-users-account.site']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a47-8b30-4af4-bd3f-43ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:47.000Z", "modified": "2018-12-17T20:42:47.000Z", "pattern": "[domain-name:value = 'login-users-account.site']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a47-3c6c-4e1c-9d39-4b50950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:47.000Z", "modified": "2018-12-17T20:42:47.000Z", "pattern": "[domain-name:value = 'live.account-profile-users.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a48-c034-48f8-a247-4205950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:48.000Z", "modified": "2018-12-17T20:42:48.000Z", "pattern": "[domain-name:value = 'signin.account-profile-users.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a48-8990-4724-acaa-4110950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:48.000Z", "modified": "2018-12-17T20:42:48.000Z", "pattern": "[domain-name:value = 'aol.account-profile-users.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c180a49-5600-49ec-ba9a-49d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-17T20:42:49.000Z", "modified": "2018-12-17T20:42:49.000Z", "pattern": "[domain-name:value = 'users-account.site']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-17T20:42:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }