{ "type": "bundle", "id": "bundle--5a5de39e-cb60-4839-af53-c1be950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:25:07.000Z", "modified": "2018-01-16T12:25:07.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a5de39e-cb60-4839-af53-c1be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:25:07.000Z", "modified": "2018-01-16T12:25:07.000Z", "name": "Finding Nemo(hosts) from Sofacy by ThreatConnect", "published": "2018-01-16T12:25:10Z", "object_refs": [ "observed-data--5a5de3aa-9528-4f42-bb53-c23a950d210f", "url--5a5de3aa-9528-4f42-bb53-c23a950d210f", "indicator--5a5de3bd-2a70-4b29-9a3b-bec8950d210f", "indicator--5a5de3be-7050-413e-9696-bec8950d210f", "indicator--5a5de471-f70c-4b95-bd94-c23a950d210f", "indicator--5a5de99c-b3cc-4956-bb91-49ab950d210f", "indicator--5a5de99d-d700-46a5-b239-44f7950d210f", "indicator--5a5dea54-e838-4396-bf7c-4ce7950d210f", "indicator--5a5deace-b2b0-4540-9f0d-4ea8950d210f", "indicator--5a5deaf4-4f08-48d8-bb3f-4bf3950d210f", "indicator--5a5deaf5-adbc-4c58-b662-4563950d210f", "indicator--5a5deaf5-8704-4ddf-a777-4962950d210f", "indicator--5a5deaf6-0fa0-4c54-b78a-410e950d210f", "indicator--5a5deaf6-1d38-4a77-a829-4364950d210f", "indicator--5a5deaf7-c018-46f6-a75b-4407950d210f", "indicator--5a5deaf7-48fc-499e-92bc-4abc950d210f", "indicator--5a5deaf7-ac9c-42f9-9a06-49ca950d210f", "indicator--5a5deaf8-035c-4bd6-8ff2-4649950d210f", "indicator--5a5deaf8-5b10-4fd3-a016-499d950d210f", "indicator--5a5deaf9-2d20-4ca2-aeba-4a1b950d210f", "indicator--5a5deaf9-e390-42d9-98b3-4511950d210f", "indicator--5a5deaf9-6130-46ac-bc41-47b4950d210f", "indicator--5a5deafa-a520-4f9d-a97f-4d60950d210f", "indicator--5a5deafa-b4c0-4fca-9b1f-4ba4950d210f", "indicator--5a5deafb-f7a8-485f-a305-4cbb950d210f", "indicator--5a5deafb-08cc-4537-890e-414e950d210f", "x-misp-attribute--5a5deb5a-d0fc-453a-a5d9-489b950d210f", "x-misp-attribute--5a5deb5b-767c-49fc-bb8f-49e9950d210f", "x-misp-attribute--5a5deb5b-8e34-448f-91fb-4a6c950d210f", "x-misp-attribute--5a5deb5c-701c-41cf-a0d4-4498950d210f", "x-misp-attribute--5a5deb5c-3f7c-4619-a3db-422b950d210f", "x-misp-attribute--5a5deb5d-e5f4-41ee-b3b1-4590950d210f", "x-misp-attribute--5a5deb5d-0858-429c-86ed-4ff3950d210f", "indicator--5a5dec09-d1cc-436a-82f5-4452950d210f", "indicator--5a5dec09-00a8-407b-97cb-4de7950d210f", "indicator--5a5dec0a-694c-4ea8-bf32-421e950d210f", "indicator--5a5dec0a-3ba4-4130-8e4f-41d6950d210f", "indicator--5a5dec0a-5de4-4a46-b062-4baa950d210f", "indicator--5a5dec0b-7610-4a5c-9b80-4d70950d210f", "indicator--5a5dec0b-8794-4b86-b6f5-4590950d210f", "indicator--5a5dec0c-1698-4d87-bdbd-495a950d210f", "indicator--5a5dec0c-d9e0-4f0b-a0bb-40de950d210f", "indicator--5a5dec0d-ccb0-46ce-8c91-40ab950d210f", "indicator--5a5dec0d-7150-4857-8097-4e5b950d210f", "indicator--5a5dec0d-61e0-4718-8d78-4404950d210f", "indicator--5a5dec0e-62e8-4215-b8ff-412f950d210f", "indicator--5a5dec0e-c9ac-4d4e-a9ef-4f5f950d210f", "indicator--5a5dec0e-61a4-40a0-b316-491e950d210f", "indicator--5a5dec0f-5c38-4d8a-9d88-4bee950d210f", "indicator--5a5dec0f-1bc4-4a8d-9e98-4196950d210f", "indicator--5a5dec10-52a8-4562-815d-4ebc950d210f", "indicator--5a5dec10-0f44-4341-90de-4092950d210f", "indicator--5a5dec10-fbbc-4796-a000-40ef950d210f", "indicator--5a5dec11-aa90-4fbf-8668-46fb950d210f", "indicator--5a5dec11-fdb4-4a07-b615-42da950d210f", "indicator--5a5dec12-566c-4636-aeb3-41f3950d210f", "indicator--5a5dec12-049c-44a5-8f0d-4cd6950d210f", "indicator--5a5dec12-af94-4539-92c1-4e3a950d210f", "indicator--5a5dec13-3588-4d2b-bc4e-46de950d210f", "indicator--5a5dec13-5360-4b7a-817e-4999950d210f", "indicator--5a5dec83-b510-42c1-9000-4df4950d210f", "indicator--5a5dec84-7140-4201-8f2b-4c6e950d210f", "indicator--5a5dec84-55a4-449e-b4ad-4533950d210f", "indicator--5a5dec85-9a44-4bfe-99de-4d4d950d210f", "indicator--5a5dec85-2ec0-4717-a571-46fd950d210f", "indicator--5a5dec86-9f6c-4562-85dd-415f950d210f", "indicator--5a5dec86-bb04-45d4-bf71-4048950d210f", "indicator--5a5dec86-598c-4136-8df3-4cec950d210f", "indicator--5a5dec87-ca40-4461-953b-4014950d210f", "indicator--5a5dec87-d6c0-4e32-9fd7-476f950d210f", "indicator--5a5dec88-b2ec-4d09-b552-422c950d210f", "indicator--5a5dec88-2010-49ba-9452-4c09950d210f", "indicator--5a5dec89-8ab8-4acc-bdc8-4107950d210f", "indicator--5a5dec89-b4a8-4297-88de-4fbd950d210f", "indicator--5a5dec8a-62d8-42a1-b520-40ed950d210f", "indicator--5a5dec8a-d078-4166-8004-47d5950d210f", "indicator--5a5dec8a-9ffc-421f-8192-4a42950d210f", "indicator--5a5dec8b-74b4-495a-879c-4190950d210f", "indicator--5a5dec8b-2328-4f6e-bc5e-4df1950d210f", "indicator--5a5dec8c-9c08-44e4-aae1-475f950d210f", "indicator--5a5dec8c-9848-4f12-9d60-47a0950d210f", "indicator--5a5dec8d-8000-4e9d-94db-4223950d210f", "indicator--5a5dec8d-9cbc-4543-914a-41ee950d210f", "indicator--5a5dec8e-62e8-405f-b58b-4666950d210f", "indicator--5a5dec8e-92f4-4ea0-824b-487b950d210f", "indicator--5a5dec8f-e274-4ed5-9ba1-4d31950d210f", "indicator--5a5dec8f-6e74-4ba5-a3ff-40a8950d210f", "indicator--5a5dec90-4bc8-4db4-a9c8-42f8950d210f", "indicator--5a5dec90-0f8c-47c8-837a-4923950d210f", "indicator--5a5dec91-d268-4585-80ad-4fbb950d210f", "indicator--5a5dec91-7fa8-471b-ae4d-4264950d210f", "indicator--5a5dec92-4b20-4826-897f-4d2e950d210f", "indicator--5a5dec92-59a4-4b8d-b730-433f950d210f", "indicator--5a5dec93-0cc8-4564-b794-4ff3950d210f", "indicator--5a5dec93-0194-4657-96d3-4c99950d210f", "indicator--5a5dec94-189c-4904-a7e9-43db950d210f", "indicator--5a5dec94-7adc-462f-adbb-4c8a950d210f", "indicator--5a5dec94-666c-4f5c-a787-4e5d950d210f", "indicator--5a5dec95-2a70-4932-8d9e-484b950d210f", "indicator--5a5dec95-6aec-4d18-a41f-42c1950d210f", "indicator--5a5dec96-e758-42dc-9c9c-4cb3950d210f", "indicator--5a5dec96-7c1c-48cd-abf4-425e950d210f", "indicator--5a5dec97-ba64-4951-9286-45f8950d210f", "indicator--5a5dec97-9a74-4f84-b658-4c9f950d210f", "indicator--5a5dec97-8840-4f94-9aa2-4ee6950d210f", "indicator--5a5dec98-3d70-4a9d-ba68-4e60950d210f", "indicator--5a5dec98-9fd0-4bee-b0a8-416c950d210f", "indicator--5a5dec99-00e0-4247-a5a0-443c950d210f", "indicator--5a5dec99-0a20-4898-b89b-4c6a950d210f", "indicator--5a5dec9a-7d78-4cd3-94b5-48a2950d210f", "indicator--5a5dec9a-2588-4ab6-b70c-457f950d210f", "indicator--5a5dec9b-40bc-4f31-aa8f-4763950d210f", "indicator--5a5dec9b-4218-4f0c-b05c-4182950d210f", "indicator--5a5dec9c-a4ec-451e-9d21-42c7950d210f", "indicator--5a5dec9c-e000-4621-a429-4188950d210f", "indicator--5a5dec9c-6864-418d-b7de-4eb7950d210f", "indicator--5a5dec9d-9ee0-4843-b277-4673950d210f", "indicator--5a5dec9d-c9f8-4d9f-b28a-4274950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "admiralty-scale:information-credibility=\"3\"", "admiralty-scale:source-reliability=\"c\"", "misp-galaxy:threat-actor=\"Sofacy\"", "osint:source-type=\"blog-post\"", "APT", "Threat:Sofacy/APT28" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a5de3aa-9528-4f42-bb53-c23a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T11:36:10.000Z", "modified": "2018-01-16T11:36:10.000Z", "first_observed": "2018-01-16T11:36:10Z", "last_observed": "2018-01-16T11:36:10Z", "number_observed": 1, "object_refs": [ "url--5a5de3aa-9528-4f42-bb53-c23a950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a5de3aa-9528-4f42-bb53-c23a950d210f", "value": "https://www.threatconnect.com/blog/finding-nemohost-fancy-bear-infrastructure/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5de3bd-2a70-4b29-9a3b-bec8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T11:36:29.000Z", "modified": "2018-01-16T11:36:29.000Z", "pattern": "[domain-name:value = 'unisecproper.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T11:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5de3be-7050-413e-9696-bec8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T11:36:30.000Z", "modified": "2018-01-16T11:36:30.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.114.92.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T11:36:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5de471-f70c-4b95-bd94-c23a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T11:39:40.000Z", "modified": "2018-01-16T11:39:40.000Z", "pattern": "[x509-certificate:hashes.SHA256 = 'f27c4270b9b9291f465ba5962c36ce38f438377acff300b5c82b3b145f0c9e94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T11:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Attribution" } ], "labels": [ "misp:type=\"x509-fingerprint-sha256\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5de99c-b3cc-4956-bb91-49ab950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:01:53.000Z", "modified": "2018-01-16T12:01:53.000Z", "pattern": "[x509-certificate:hashes.MD5 = '6e51db99647450387e583ecb67de7f6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:01:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Attribution" } ], "labels": [ "misp:type=\"x509-fingerprint-md5\"", "misp:category=\"Attribution\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5de99d-d700-46a5-b239-44f7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:01:33.000Z", "modified": "2018-01-16T12:01:33.000Z", "pattern": "[x509-certificate:hashes.SHA1 = 'a1833c32d5f61d6ef9d1bb0133585112069d770e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:01:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dea54-e838-4396-bf7c-4ce7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:04:36.000Z", "modified": "2018-01-16T12:04:36.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.107.42.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:04:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deace-b2b0-4540-9f0d-4ea8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:06:38.000Z", "modified": "2018-01-16T12:06:38.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.43.128.218']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:06:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf4-4f08-48d8-bb3f-4bf3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:16.000Z", "modified": "2018-01-16T12:07:16.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.197.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf5-adbc-4c58-b662-4563950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:17.000Z", "modified": "2018-01-16T12:07:17.000Z", "pattern": "[domain-name:value = 'wmiapp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf5-8704-4ddf-a777-4962950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:17.000Z", "modified": "2018-01-16T12:07:17.000Z", "pattern": "[domain-name:value = 'networkxc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf6-0fa0-4c54-b78a-410e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:18.000Z", "modified": "2018-01-16T12:07:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.183.107.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf6-1d38-4a77-a829-4364950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:18.000Z", "modified": "2018-01-16T12:07:18.000Z", "pattern": "[domain-name:value = 'ndsee.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf7-c018-46f6-a75b-4407950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:19.000Z", "modified": "2018-01-16T12:07:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.150.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf7-48fc-499e-92bc-4abc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:19.000Z", "modified": "2018-01-16T12:07:19.000Z", "pattern": "[domain-name:value = 'neoderb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf7-ac9c-42f9-9a06-49ca950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:19.000Z", "modified": "2018-01-16T12:07:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.155.241']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf8-035c-4bd6-8ff2-4649950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:20.000Z", "modified": "2018-01-16T12:07:20.000Z", "pattern": "[domain-name:value = 'remnet.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf8-5b10-4fd3-a016-499d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:20.000Z", "modified": "2018-01-16T12:07:20.000Z", "pattern": "[domain-name:value = 'remotemanagesvc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf9-2d20-4ca2-aeba-4a1b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:21.000Z", "modified": "2018-01-16T12:07:21.000Z", "pattern": "[domain-name:value = 'netcorpscanprotect.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf9-e390-42d9-98b3-4511950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:21.000Z", "modified": "2018-01-16T12:07:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.157']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deaf9-6130-46ac-bc41-47b4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:21.000Z", "modified": "2018-01-16T12:07:21.000Z", "pattern": "[domain-name:value = 'zpfgr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deafa-a520-4f9d-a97f-4d60950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:22.000Z", "modified": "2018-01-16T12:07:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.74']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deafa-b4c0-4fca-9b1f-4ba4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:22.000Z", "modified": "2018-01-16T12:07:22.000Z", "pattern": "[domain-name:value = 'connectsmd.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deafb-f7a8-485f-a305-4cbb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:23.000Z", "modified": "2018-01-16T12:07:23.000Z", "pattern": "[domain-name:value = 'ckgob.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5deafb-08cc-4537-890e-414e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:07:23.000Z", "modified": "2018-01-16T12:07:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.99.21.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:07:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5a-d0fc-453a-a5d9-489b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:08:58.000Z", "modified": "2018-01-16T12:08:58.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "le0nard0@mail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5b-767c-49fc-bb8f-49e9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:08:59.000Z", "modified": "2018-01-16T12:08:59.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "bertfuhrmann@gmx.de" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5b-8e34-448f-91fb-4a6c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:08:59.000Z", "modified": "2018-01-16T12:08:59.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "manuel.herez@centrum.cz" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5c-701c-41cf-a0d4-4498950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:09:00.000Z", "modified": "2018-01-16T12:09:00.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "cameron_gordon@centrum.cz" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5c-3f7c-4619-a3db-422b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:09:00.000Z", "modified": "2018-01-16T12:09:00.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "ernesto.rivero@mail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5d-e5f4-41ee-b3b1-4590950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:09:01.000Z", "modified": "2018-01-16T12:09:01.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "olavi_nieminen@suomi24.fi" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a5deb5d-0858-429c-86ed-4ff3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:09:01.000Z", "modified": "2018-01-16T12:09:01.000Z", "labels": [ "misp:type=\"whois-registrant-email\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "whois-registrant-email", "x_misp_value": "luc_ma@iname.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec09-d1cc-436a-82f5-4452950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:53.000Z", "modified": "2018-01-16T12:11:53.000Z", "pattern": "[domain-name:value = 'dmsclock.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec09-00a8-407b-97cb-4de7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:53.000Z", "modified": "2018-01-16T12:11:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.187.151.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0a-694c-4ea8-bf32-421e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:54.000Z", "modified": "2018-01-16T12:11:54.000Z", "pattern": "[domain-name:value = 'systemfromcuriousmoment.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0a-3ba4-4130-8e4f-41d6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:54.000Z", "modified": "2018-01-16T12:11:54.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.150.188']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0a-5de4-4a46-b062-4baa950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:54.000Z", "modified": "2018-01-16T12:11:54.000Z", "pattern": "[domain-name:value = 'driverfordell.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0b-7610-4a5c-9b80-4d70950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:55.000Z", "modified": "2018-01-16T12:11:55.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.80.50']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0b-8794-4b86-b6f5-4590950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:55.000Z", "modified": "2018-01-16T12:11:55.000Z", "pattern": "[domain-name:value = 'hostsvcnet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0c-1698-4d87-bdbd-495a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:56.000Z", "modified": "2018-01-16T12:11:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.190.199']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0c-d9e0-4f0b-a0bb-40de950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:56.000Z", "modified": "2018-01-16T12:11:56.000Z", "pattern": "[domain-name:value = 'intelstatistics.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0d-ccb0-46ce-8c91-40ab950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:56.000Z", "modified": "2018-01-16T12:11:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.199.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0d-7150-4857-8097-4e5b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:57.000Z", "modified": "2018-01-16T12:11:57.000Z", "pattern": "[domain-name:value = 'knightconsults.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0d-61e0-4718-8d78-4404950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:57.000Z", "modified": "2018-01-16T12:11:57.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.128.253.215']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0e-62e8-4215-b8ff-412f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:58.000Z", "modified": "2018-01-16T12:11:58.000Z", "pattern": "[domain-name:value = 'lopback.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0e-c9ac-4d4e-a9ef-4f5f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:58.000Z", "modified": "2018-01-16T12:11:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.150.151']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0e-61a4-40a0-b316-491e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:58.000Z", "modified": "2018-01-16T12:11:58.000Z", "pattern": "[domain-name:value = 'nethostnet.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0f-5c38-4d8a-9d88-4bee950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:59.000Z", "modified": "2018-01-16T12:11:59.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec0f-1bc4-4a8d-9e98-4196950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:11:59.000Z", "modified": "2018-01-16T12:11:59.000Z", "pattern": "[domain-name:value = 'perfect-remote-service.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:11:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec10-52a8-4562-815d-4ebc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:00.000Z", "modified": "2018-01-16T12:12:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.241.68.175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec10-0f44-4341-90de-4092950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:00.000Z", "modified": "2018-01-16T12:12:00.000Z", "pattern": "[domain-name:value = 'probenet.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec10-fbbc-4796-a000-40ef950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:00.000Z", "modified": "2018-01-16T12:12:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.114']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec11-aa90-4fbf-8668-46fb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:01.000Z", "modified": "2018-01-16T12:12:01.000Z", "pattern": "[domain-name:value = 'remonitor.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec11-fdb4-4a07-b615-42da950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:01.000Z", "modified": "2018-01-16T12:12:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.192.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec12-566c-4636-aeb3-41f3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:02.000Z", "modified": "2018-01-16T12:12:02.000Z", "pattern": "[domain-name:value = 'societyatcuriousteacher.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec12-049c-44a5-8f0d-4cd6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:02.000Z", "modified": "2018-01-16T12:12:02.000Z", "pattern": "[domain-name:value = 'spelns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec12-af94-4539-92c1-4e3a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:02.000Z", "modified": "2018-01-16T12:12:02.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.44.103.18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec13-3588-4d2b-bc4e-46de950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:03.000Z", "modified": "2018-01-16T12:12:03.000Z", "pattern": "[domain-name:value = 'unitedprosoftcompany.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec13-5360-4b7a-817e-4999950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:12:03.000Z", "modified": "2018-01-16T12:12:03.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.153.31.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:12:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec83-b510-42c1-9000-4df4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:55.000Z", "modified": "2018-01-16T12:13:55.000Z", "pattern": "[domain-name:value = '90update.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec84-7140-4201-8f2b-4c6e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:56.000Z", "modified": "2018-01-16T12:13:56.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.244.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec84-55a4-449e-b4ad-4533950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:56.000Z", "modified": "2018-01-16T12:13:56.000Z", "pattern": "[domain-name:value = 'aljazeera-news.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec85-9a44-4bfe-99de-4d4d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:57.000Z", "modified": "2018-01-16T12:13:57.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.244.114']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec85-2ec0-4717-a571-46fd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:57.000Z", "modified": "2018-01-16T12:13:57.000Z", "pattern": "[domain-name:value = 'ambcomission.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec86-9f6c-4562-85dd-415f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:58.000Z", "modified": "2018-01-16T12:13:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.51.38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec86-bb04-45d4-bf71-4048950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:58.000Z", "modified": "2018-01-16T12:13:58.000Z", "pattern": "[domain-name:value = 'cryptokind.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec86-598c-4136-8df3-4cec950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:58.000Z", "modified": "2018-01-16T12:13:58.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.246.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec87-ca40-4461-953b-4014950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:59.000Z", "modified": "2018-01-16T12:13:59.000Z", "pattern": "[domain-name:value = 'deshcoin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec87-d6c0-4e32-9fd7-476f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:13:59.000Z", "modified": "2018-01-16T12:13:59.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.48.249']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:13:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec88-b2ec-4d09-b552-422c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:00.000Z", "modified": "2018-01-16T12:14:00.000Z", "pattern": "[domain-name:value = 'dochardproofing.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec88-2010-49ba-9452-4c09950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:00.000Z", "modified": "2018-01-16T12:14:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.51.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec89-8ab8-4acc-bdc8-4107950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:01.000Z", "modified": "2018-01-16T12:14:01.000Z", "pattern": "[domain-name:value = 'ebramka.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec89-b4a8-4297-88de-4fbd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:01.000Z", "modified": "2018-01-16T12:14:01.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.156']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8a-62d8-42a1-b520-40ed950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:02.000Z", "modified": "2018-01-16T12:14:02.000Z", "pattern": "[domain-name:value = 'fes-auth.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8a-d078-4166-8004-47d5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:02.000Z", "modified": "2018-01-16T12:14:02.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.108.68.209']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8a-9ffc-421f-8192-4a42950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:02.000Z", "modified": "2018-01-16T12:14:02.000Z", "pattern": "[domain-name:value = 'hello76.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8b-74b4-495a-879c-4190950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:03.000Z", "modified": "2018-01-16T12:14:03.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.64.105.7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8b-2328-4f6e-bc5e-4df1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:03.000Z", "modified": "2018-01-16T12:14:03.000Z", "pattern": "[domain-name:value = 'hostedopenfiles.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8c-9c08-44e4-aae1-475f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:04.000Z", "modified": "2018-01-16T12:14:04.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8c-9848-4f12-9d60-47a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:04.000Z", "modified": "2018-01-16T12:14:04.000Z", "pattern": "[domain-name:value = 'kiteim.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8d-8000-4e9d-94db-4223950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:05.000Z", "modified": "2018-01-16T12:14:05.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.80.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8d-9cbc-4543-914a-41ee950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:05.000Z", "modified": "2018-01-16T12:14:05.000Z", "pattern": "[domain-name:value = 'kremotevn.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8e-62e8-405f-b58b-4666950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:06.000Z", "modified": "2018-01-16T12:14:06.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8e-92f4-4ea0-824b-487b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:06.000Z", "modified": "2018-01-16T12:14:06.000Z", "pattern": "[domain-name:value = 'lasarenas.lt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8f-e274-4ed5-9ba1-4d31950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:07.000Z", "modified": "2018-01-16T12:14:07.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.216.163.204']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec8f-6e74-4ba5-a3ff-40a8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:07.000Z", "modified": "2018-01-16T12:14:07.000Z", "pattern": "[domain-name:value = 'megauploadfiles.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec90-4bc8-4db4-a9c8-42f8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:08.000Z", "modified": "2018-01-16T12:14:08.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.199.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec90-0f8c-47c8-837a-4923950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:08.000Z", "modified": "2018-01-16T12:14:08.000Z", "pattern": "[domain-name:value = 'nemaskalitnium.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec91-d268-4585-80ad-4fbb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:09.000Z", "modified": "2018-01-16T12:14:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.44.58.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec91-7fa8-471b-ae4d-4264950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:09.000Z", "modified": "2018-01-16T12:14:09.000Z", "pattern": "[domain-name:value = 'networkfilehosting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec92-4b20-4826-897f-4d2e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:10.000Z", "modified": "2018-01-16T12:14:10.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.167']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec92-59a4-4b8d-b730-433f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:10.000Z", "modified": "2018-01-16T12:14:10.000Z", "pattern": "[domain-name:value = 'news-almasirah.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec93-0cc8-4564-b794-4ff3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:11.000Z", "modified": "2018-01-16T12:14:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.244.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec93-0194-4657-96d3-4c99950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:11.000Z", "modified": "2018-01-16T12:14:11.000Z", "pattern": "[domain-name:value = 'newsfromsource.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec94-189c-4904-a7e9-43db950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:11.000Z", "modified": "2018-01-16T12:14:11.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.216.163.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec94-7adc-462f-adbb-4c8a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:12.000Z", "modified": "2018-01-16T12:14:12.000Z", "pattern": "[domain-name:value = 'platnosci.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec94-666c-4f5c-a787-4e5d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:12.000Z", "modified": "2018-01-16T12:14:12.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec95-2a70-4932-8d9e-484b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:13.000Z", "modified": "2018-01-16T12:14:13.000Z", "pattern": "[domain-name:value = 'postmarksmtp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec95-6aec-4d18-a41f-42c1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:13.000Z", "modified": "2018-01-16T12:14:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.51.120']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec96-e758-42dc-9c9c-4cb3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:14.000Z", "modified": "2018-01-16T12:14:14.000Z", "pattern": "[domain-name:value = 'remsvc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec96-7c1c-48cd-abf4-425e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:14.000Z", "modified": "2018-01-16T12:14:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.108.68.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec97-ba64-4951-9286-45f8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:15.000Z", "modified": "2018-01-16T12:14:15.000Z", "pattern": "[domain-name:value = 'rhfcoin.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec97-9a74-4f84-b658-4c9f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:15.000Z", "modified": "2018-01-16T12:14:15.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.216.163.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec97-8840-4f94-9aa2-4ee6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:15.000Z", "modified": "2018-01-16T12:14:15.000Z", "pattern": "[domain-name:value = 'sa7efa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec98-3d70-4a9d-ba68-4e60950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:16.000Z", "modified": "2018-01-16T12:14:16.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.216.163.237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec98-9fd0-4bee-b0a8-416c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:16.000Z", "modified": "2018-01-16T12:14:16.000Z", "pattern": "[domain-name:value = 'searchbrain.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec99-00e0-4247-a5a0-443c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:17.000Z", "modified": "2018-01-16T12:14:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.216.163.203']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec99-0a20-4898-b89b-4c6a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:17.000Z", "modified": "2018-01-16T12:14:17.000Z", "pattern": "[domain-name:value = 'serbview.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9a-7d78-4cd3-94b5-48a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:18.000Z", "modified": "2018-01-16T12:14:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.93.224']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9a-2588-4ab6-b70c-457f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:18.000Z", "modified": "2018-01-16T12:14:18.000Z", "pattern": "[domain-name:value = 'startthedownload.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9b-40bc-4f31-aa8f-4763950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:19.000Z", "modified": "2018-01-16T12:14:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9b-4218-4f0c-b05c-4182950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:19.000Z", "modified": "2018-01-16T12:14:19.000Z", "pattern": "[domain-name:value = 'showitem.lt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9c-a4ec-451e-9d21-42c7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:20.000Z", "modified": "2018-01-16T12:14:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9c-e000-4621-a429-4188950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:20.000Z", "modified": "2018-01-16T12:14:20.000Z", "pattern": "[domain-name:value = 'uploadsforyou.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9c-6864-418d-b7de-4eb7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:20.000Z", "modified": "2018-01-16T12:14:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9d-9ee0-4843-b277-4673950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:21.000Z", "modified": "2018-01-16T12:14:21.000Z", "pattern": "[domain-name:value = 'wintwinbtc.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a5dec9d-c9f8-4d9f-b28a-4274950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-16T12:14:21.000Z", "modified": "2018-01-16T12:14:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.48.27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-16T12:14:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }