{ "type": "bundle", "id": "bundle--5cf90c6c-b2f8-4cd0-afbc-49c7950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-11T08:41:42.000Z", "modified": "2019-06-11T08:41:42.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5cf90c6c-b2f8-4cd0-afbc-49c7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-11T08:41:42.000Z", "modified": "2019-06-11T08:41:42.000Z", "name": "OSINT - Ursnif malspam campaign", "context": "suspicious-activity", "object_refs": [ "indicator--5cf91ca8-d29c-4619-a397-4fc6950d210f", "indicator--5cf91ca8-c8f8-4108-b47f-49ba950d210f", "indicator--5cf91ca8-14d0-4563-8da5-452e950d210f", "indicator--5cf91ca8-c720-453b-97fb-4619950d210f", "indicator--5cf91ca8-4cf8-4b64-80a6-4f5d950d210f", "indicator--5cf91ce4-592c-43d1-a859-44b7950d210f", "indicator--5cf91ce4-0f0c-4bba-bf10-44aa950d210f", "indicator--5cf91ce4-80b8-4366-9ce0-493c950d210f", "indicator--5cf91ce4-939c-4902-88d4-46ac950d210f", "indicator--5cf91ce4-2a5c-4503-8a4e-407a950d210f", "indicator--5cf91ce4-b964-4192-aa2c-4e89950d210f", "indicator--5cf91ce4-de80-4efb-97e1-4a41950d210f", "indicator--5cf91ce4-7f6c-485b-bdbf-4c9e950d210f", "indicator--5cf91ce4-0dc4-44df-897d-47ab950d210f", "indicator--5cf91ce4-e010-4fca-b5c5-466b950d210f", "indicator--5cf91ce4-cd10-4e89-9da8-4c11950d210f", "indicator--5cf91ce5-2e7c-4d1b-95a7-41ab950d210f", "indicator--5cf91ce5-ec38-4c72-911c-4ca2950d210f", "indicator--5cf91ce5-f264-408e-99a8-4a43950d210f", "indicator--5cf91ce5-8468-4739-b4e0-4a9e950d210f", "indicator--5cf91ce5-6bf0-4f97-ae07-459b950d210f", "indicator--5cf91ce5-37fc-4acf-a3f1-4a6b950d210f", "indicator--5cf91ce5-f808-4aa8-b09f-4d9b950d210f", "indicator--5cf91ce5-b36c-4092-88e4-475a950d210f", "indicator--5cf91ce5-2834-4591-8c4d-40d9950d210f", "indicator--5cf91ce5-ee2c-4b61-9112-4b2c950d210f", "indicator--5cf91ce5-f03c-403e-baa6-4c0c950d210f", "indicator--5cf91ce5-a2d0-47fc-a954-4c80950d210f", "indicator--5cf91ce5-c76c-4f40-85c8-45a4950d210f", "indicator--5cf91ce5-a044-42da-802a-44e4950d210f", "indicator--5cf91ce5-7024-4acc-9456-404a950d210f", "indicator--5cf91ce5-e2cc-4938-9cb6-401f950d210f", "indicator--5cf91ce5-8328-4756-a407-4595950d210f", "indicator--5cf91ce5-dfcc-4e06-aaf0-4ec8950d210f", "indicator--5cf91ce5-14fc-46a2-bbd0-486d950d210f", "indicator--5cf91ce5-5c88-4cc3-9f37-450f950d210f", "indicator--5cf91ce5-c3b8-40f7-8af1-4678950d210f", "indicator--5cf91ce5-ab08-42c8-aefc-47cc950d210f", "indicator--5cf91ce5-bb08-4294-acc0-4309950d210f", "indicator--5cf91ce5-300c-4c4d-897e-4c99950d210f", "indicator--5cf91ce5-98f0-47b4-889b-4df1950d210f", "indicator--5cf91ce5-f788-4f6d-bf00-4506950d210f", "indicator--5cf91ce5-dd64-467d-a025-4f2d950d210f", "indicator--5cf91ce5-d454-4cb6-a3bb-4f1d950d210f", "indicator--5cf91ce5-6a40-4239-9344-4cb3950d210f", "indicator--5cf91ce5-a3d0-4eeb-aab5-4810950d210f", "indicator--5cf91ce5-09d4-429f-82be-48a3950d210f", "indicator--5cf91ce5-ea68-4652-a778-4b64950d210f", "indicator--5cf91ce5-67a4-4093-a8b3-4ae3950d210f", "indicator--5cf91ce5-a9c8-4bc0-a233-4c7f950d210f", "indicator--5cf91ce5-3420-459e-8e28-402f950d210f", "indicator--5cf91ce5-2748-42b1-976a-4ab1950d210f", "x-misp-object--5cf910f8-b968-406e-8e57-4530950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:banker=\"Gozi\"", "misp-galaxy:malpedia=\"Gozi\"", "misp-galaxy:malpedia=\"Snifula\"", "misp-galaxy:tool=\"Snifula\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ca8-d29c-4619-a397-4fc6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:01:12.000Z", "modified": "2019-06-06T14:01:12.000Z", "description": "Example of dropping URLs", "pattern": "[url:value = 'http://sea-tacselfstorage.com/rFSpmUulnF?Ojgw=5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ca8-c8f8-4108-b47f-49ba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:01:12.000Z", "modified": "2019-06-06T14:01:12.000Z", "description": "Example of dropping URLs", "pattern": "[url:value = 'http://searchstoragequote.com/gWOKhStwTf?kLx=1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ca8-14d0-4563-8da5-452e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:01:12.000Z", "modified": "2019-06-06T14:01:12.000Z", "description": "Example of dropping URLs", "pattern": "[url:value = 'http://usastoragenetwork.com/Mjp?sbKOG=1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ca8-c720-453b-97fb-4619950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:01:12.000Z", "modified": "2019-06-06T14:01:12.000Z", "description": "Example of dropping URLs", "pattern": "[url:value = 'http://extrastoragesandiego.com/akpoAP?mng=2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ca8-4cf8-4b64-80a6-4f5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:01:12.000Z", "modified": "2019-06-06T14:01:12.000Z", "description": "Example of dropping URLs", "pattern": "[url:value = 'http://allspanawaystorage.net/RlBH?ZnnP=6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-592c-43d1-a859-44b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'allspanawayselfstorage.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-0f0c-4bba-bf10-44aa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'allspanawaystorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-80b8-4366-9ce0-493c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'allspanawaystorage.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-939c-4902-88d4-46ac950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'allspanawaystorage.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-2a5c-4503-8a4e-407a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamboatstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-b964-4192-aa2c-4e89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamboatstorage.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-de80-4efb-97e1-4a41950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamrvandboatstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-7f6c-485b-bdbf-4c9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamrvandboatstorage.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-0dc4-44df-897d-47ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamrvandboatstorage.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-e010-4fca-b5c5-466b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'bellinghamrvstorage.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce4-cd10-4e89-9da8-4c11950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:12.000Z", "modified": "2019-06-06T14:02:12.000Z", "pattern": "[domain-name:value = 'cheapsilkscreenprinting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-2e7c-4d1b-95a7-41ab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'extrastorageoflemongrove.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-ec38-4c72-911c-4ca2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'extrastoragesandiego.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-f264-408e-99a8-4a43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'findstoragequote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-8468-4739-b4e0-4a9e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'freeselfstoragequote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-6bf0-4f97-ae07-459b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'freestoragequote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-37fc-4acf-a3f1-4a6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'freewayselfstoragetacoma.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-f808-4aa8-b09f-4d9b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'freewaystoragetacoma.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-b36c-4092-88e4-475a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'goodchoicefoodservice.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-2834-4591-8c4d-40d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'intlblvdselfstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-ee2c-4b61-9112-4b2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'intlblvdselfstorage.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-f03c-403e-baa6-4c0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'intlblvdselfstorage.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-a2d0-47fc-a954-4c80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'intlblvdstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-c76c-4f40-85c8-45a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'intlblvdstorage.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-a044-42da-802a-44e4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'portorchardheatedstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-7024-4acc-9456-404a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'portorchardss.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-e2cc-4938-9cb6-401f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'quachieprinting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-8328-4756-a407-4595950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'rayspizzabagelcafenyc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-dfcc-4e06-aaf0-4ec8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'riehmconstruction.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-14fc-46a2-bbd0-486d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'salspizzeriacateringlowereast.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-5c88-4cc3-9f37-450f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'sanlocowilliamsburg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-c3b8-40f7-8af1-4678950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'searchselfstoragenetwork.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-ab08-42c8-aefc-47cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'searchselfstoragequote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-bb08-4294-acc0-4309950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'searchstoragenetwork.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-300c-4c4d-897e-4c99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'searchstoragequote.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-98f0-47b4-889b-4df1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'seatacministorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-f788-4f6d-bf00-4506950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'sea-tacselfstorage.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-dd64-467d-a025-4f2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'shinerestaurantchicago.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-d454-4cb6-a3bb-4f1d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'smokeyislandgrillebk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-6a40-4239-9344-4cb3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'sosasdeligrillbk.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-a3d0-4eeb-aab5-4810950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'starofsiamsantamonica.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-09d4-429f-82be-48a3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'superdumplingnewyork.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-ea68-4652-a778-4b64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'sushiakioforesthills.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-67a4-4093-a8b3-4ae3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'usaselfstoragenetwork.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-a9c8-4bc0-a233-4c7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'usastoragenetwork.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-3420-459e-8e28-402f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[domain-name:value = 'westseattlenailsalon.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cf91ce5-2748-42b1-976a-4ab1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:02:13.000Z", "modified": "2019-06-06T14:02:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.39.25.194']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-06T14:02:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5cf910f8-b968-406e-8e57-4530950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-06T14:00:49.000Z", "modified": "2019-06-06T14:00:49.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "#Signed #Ursnif malspam campaign, targets Italy IOC (link: https://pastebin.com/T0r3j92f) pastebin.com/T0r3j92f @JAMESWT_MHT\r\n @James_inthe_box\r\n @DissectMalware\r\n @executemalware\r\n @JayTHL\r\n @NelsonSecurity\r\n @HazMalware\r\n @dvk01uk\r\n @malwrhunterteam\r\n @DynamicAnalysis\r\n @JRoosen\r\n @bad_packets\r\n @thlnk3r\r\n @luc4m", "category": "Other", "uuid": "5cf910f8-4fbc-473e-b78d-4041950d210f" }, { "type": "url", "object_relation": "url", "value": "https://mobile.twitter.com/Mesiagh/status/1136355140523266048", "category": "Network activity", "to_ids": true, "uuid": "5cf910f8-99a4-46b4-a3b2-4e29950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@JAMESWT_MHT", "category": "Other", "uuid": "5cf910f9-bc78-4d18-af35-46bd950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@James_inthe_box", "category": "Other", "uuid": "5cf910f9-1278-4e8e-ab47-43b1950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@DissectMalware", "category": "Other", "uuid": "5cf910f9-962c-4e2a-8c47-4bd2950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@executemalware", "category": "Other", "uuid": "5cf910f9-5008-4e2f-b262-4bb8950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@JayTHL", "category": "Other", "uuid": "5cf910f9-7cf4-44d3-8a2b-4b6c950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@NelsonSecurity", "category": "Other", "uuid": "5cf910f9-4314-45d1-b90a-4e3e950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@HazMalware", "category": "Other", "uuid": "5cf910f9-df40-4d68-b42a-458f950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@dvk01uk", "category": "Other", "uuid": "5cf910f9-48c8-4c02-a5ac-43ae950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@malwrhunterteam", "category": "Other", "uuid": "5cf910f9-8ca4-4d14-9977-49af950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@DynamicAnalysis", "category": "Other", "uuid": "5cf91c92-baec-4e44-ac69-4e1c950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@JRoosen", "category": "Other", "uuid": "5cf91c92-1540-4a91-9981-4d27950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@bad_packets", "category": "Other", "uuid": "5cf91c92-3da8-45fc-b238-413c950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@thlnk3r", "category": "Other", "uuid": "5cf91c92-bb9c-4f1e-a378-4f75950d210f" }, { "type": "text", "object_relation": "username-quoted", "value": "@luc4m", "category": "Other", "uuid": "5cf91c92-9f24-4d40-85bd-47d8950d210f" }, { "type": "text", "object_relation": "username", "value": "Mesiagh", "category": "Other", "uuid": "5cf91c92-c448-43f0-857c-4017950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "Jun 5, 2019 9:32 PM", "category": "Other", "uuid": "5cf91c92-c854-4957-a2ba-40bf950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }