{ "type": "bundle", "id": "bundle--560c0a37-28c4-4654-a507-6221950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:28.000Z", "modified": "2015-10-01T06:18:28.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--560c0a37-28c4-4654-a507-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:28.000Z", "modified": "2015-10-01T06:18:28.000Z", "name": "OSINT Dyreza Campaigners Set Sights on the Fulfillment and Warehousing Industry by ProofPoint", "published": "2015-10-01T06:18:34Z", "object_refs": [ "observed-data--560c0a4d-4754-4dba-a7df-2c1b950d210b", "url--560c0a4d-4754-4dba-a7df-2c1b950d210b", "indicator--560c0a9b-b39c-4a64-a56d-801c950d210b", "indicator--560c0a9b-1554-4f61-a857-801c950d210b", "indicator--560c0a9c-b960-4867-bba4-801c950d210b", "indicator--560c0a9c-ea60-4aff-961a-801c950d210b", "indicator--560c0a9c-c834-48c8-8e29-801c950d210b", "indicator--560c0a9d-66f8-4597-bc7c-801c950d210b", "indicator--560c0a9d-2eac-4c54-93b0-801c950d210b", "indicator--560c0a9e-a340-4017-891b-801c950d210b", "indicator--560c0a9e-ceac-4366-a142-801c950d210b", "indicator--560c0a9f-5270-4277-818b-801c950d210b", "indicator--560c0a9f-a68c-4d13-a607-801c950d210b", "indicator--560c0aa0-1b10-43f0-9689-801c950d210b", "indicator--560c0aa0-6f24-49b1-8dc0-801c950d210b", "indicator--560c0aa0-9d08-4bc0-9487-801c950d210b", "indicator--560c0aa1-83c4-4fbd-90e2-801c950d210b", "indicator--560c0aa1-9190-4a79-8979-801c950d210b", "indicator--560c0aa2-f1a4-4edd-a8d8-801c950d210b", "indicator--560c0aa2-4b28-498a-8433-801c950d210b", "indicator--560c0aa3-70c8-4791-80de-801c950d210b", "indicator--560c0aa3-bdf0-4eff-9160-801c950d210b", "indicator--560c0aa4-b060-4b9f-8297-801c950d210b", "indicator--560c0aa4-0fbc-4ca1-b74a-801c950d210b", "indicator--560c0aa5-c49c-4ce8-a8df-801c950d210b", "indicator--560c0aa5-6acc-4924-aa38-801c950d210b", "indicator--560c0aa6-6c64-431a-8afe-801c950d210b", "indicator--560c0aa6-4868-4b4e-85e9-801c950d210b", "indicator--560c0aa6-d4d4-408a-9f3f-801c950d210b", "indicator--560c0aa7-d1b0-43a5-a905-801c950d210b", "indicator--560c0aa7-6848-4ee5-9534-801c950d210b", "indicator--560c0aa8-92e4-412b-ae18-801c950d210b", "indicator--560c0aa8-a680-4744-905c-801c950d210b", "indicator--560c0aa9-9888-4b5f-ae4e-801c950d210b", "indicator--560c0aa9-8028-4576-953d-801c950d210b", "indicator--560c0aaa-70fc-4fa8-a7b5-801c950d210b", "indicator--560c0aaa-dfd0-454c-9f49-801c950d210b", "indicator--560c0aab-a3f8-4236-9967-801c950d210b", "indicator--560c0aab-4824-4614-97a9-801c950d210b", "indicator--560c0aab-e19c-45ed-b835-801c950d210b", "indicator--560c0aac-a130-4e36-a00f-801c950d210b", "indicator--560c0aac-41fc-40db-8812-801c950d210b", "indicator--560c0aad-8850-4d43-bb12-801c950d210b", "indicator--560c0aad-a9c8-4ae4-82dc-801c950d210b", "indicator--560c0aae-8180-44b7-800e-801c950d210b", "indicator--560c0aae-afd8-4650-b899-801c950d210b", "indicator--560c0aaf-92ac-448e-bb33-801c950d210b", "indicator--560c0aaf-03cc-4af8-b00d-801c950d210b", "indicator--560c0aaf-5834-4a02-a437-801c950d210b", "indicator--560c0ab0-609c-414a-abe8-801c950d210b", "indicator--560c0ab0-85b0-4233-9207-801c950d210b", "indicator--560c0ab1-69c4-4bbe-bb56-801c950d210b", "indicator--560c0ab1-fab0-4457-bde2-801c950d210b", "indicator--560c0ab2-a508-48fa-94b6-801c950d210b", "indicator--560c0ab2-c948-470c-9b77-801c950d210b", "indicator--560c0ab3-19e8-49b0-8875-801c950d210b", "indicator--560c0ab3-1dbc-4039-9443-801c950d210b", "indicator--560c0ab3-f48c-4f43-abcb-801c950d210b", "indicator--560c0b02-f7f8-4999-af1e-8024950d210b", "indicator--560c0b03-76f0-4bd6-8b4a-8024950d210b", "indicator--560c0b03-0800-4f9f-b294-8024950d210b", "indicator--560c0b04-57f4-47e2-bb55-8024950d210b", "indicator--560c0b04-a9c0-4ca8-915e-8024950d210b", "indicator--560c0b04-a4e4-4ce0-9025-8024950d210b", "indicator--560c0b05-e784-4dda-b82c-8024950d210b", "indicator--560c0b05-a2d0-4696-b25c-8024950d210b", "indicator--560c0b06-0388-40ca-a336-8024950d210b", "indicator--560c0b07-f714-4b6c-a235-8024950d210b", "indicator--560c0b07-bd58-456f-b9e2-8024950d210b", "indicator--560c0b08-a104-4bef-9481-8024950d210b", "indicator--560c0b09-5148-4e3a-9f4b-8024950d210b", "indicator--560c0b0a-1250-40a9-ae80-8024950d210b", "indicator--560c0b0a-21f4-41ca-b5ce-8024950d210b", "indicator--560c0b0b-5338-4e84-b53d-8024950d210b", "indicator--560c0b0c-9668-4567-b5f4-8024950d210b", "indicator--560c0b0d-bb78-4575-98b9-8024950d210b", "indicator--560c0b0e-86c0-4048-8088-8024950d210b", "indicator--560c0b0e-828c-4788-8943-8024950d210b", "indicator--560c0b0f-df50-4d35-b4a2-8024950d210b", "indicator--560c0b10-3a08-4c66-84c1-8024950d210b", "indicator--560c0b11-06a8-4aea-8b4c-8024950d210b", "indicator--560c0b11-cd30-4183-b9c1-8024950d210b", "indicator--560c0b12-caf8-4c72-ab6c-8024950d210b", "indicator--560c0b13-ffac-4387-9f80-8024950d210b", "indicator--560c0b14-5d18-4170-8182-8024950d210b", "indicator--560c0b15-307c-4f97-b64d-8024950d210b", "indicator--560c0b15-03c8-48e1-8392-8024950d210b", "indicator--560c0b16-f550-4758-b165-8024950d210b", "indicator--560c0b17-a588-4fbb-9572-8024950d210b", "indicator--560c0b18-83a0-42fb-b0fd-8024950d210b", "indicator--560c0b18-3f74-43cc-a026-8024950d210b", "indicator--560c0b19-6be8-418b-8b24-8024950d210b", "indicator--560c0b1a-d270-4ff2-92ac-8024950d210b", "indicator--560c0b1b-1d5c-4876-9844-8024950d210b", "indicator--560c0b1c-a6fc-43c7-86ff-8024950d210b", "indicator--560c0b1c-fd24-4dd2-8b62-8024950d210b", "indicator--560c0b1d-6db0-45ec-bdf4-8024950d210b", "indicator--560c0b1e-2c10-46ae-9acb-8024950d210b", "indicator--560c0b1f-d05c-4a90-8795-8024950d210b", "indicator--560c0b1f-cd5c-45ab-9ce3-8024950d210b", "indicator--560c0b20-f104-4d39-898b-8024950d210b", "indicator--560c0b21-2ffc-46a6-ba4b-8024950d210b", "indicator--560c0b22-f4fc-4ca4-884d-8024950d210b", "indicator--560c0b23-a3ec-48d8-9a95-8024950d210b", "indicator--560c0b51-2b14-448e-802c-801c950d210b", "indicator--560c0b52-a140-4534-9cb3-801c950d210b", "indicator--560c0b52-4d9c-4f09-b8b8-801c950d210b", "indicator--560c0b6d-66a0-41c0-ad3c-8023950d210b", "indicator--560c0b6d-de34-454b-bc5a-8023950d210b", "indicator--560c0b6e-a818-4f1a-9e3f-8023950d210b", "indicator--560c0ba9-0474-43a7-ab02-6789950d210b", "indicator--560c0ba9-e23c-44cf-9560-6789950d210b", "indicator--560c0baa-9064-4a68-a023-6789950d210b", "indicator--560c0baa-58c4-4165-bc49-6789950d210b", "indicator--560c0bab-13a4-4976-864d-6789950d210b", "indicator--560cd020-8424-4fee-a01c-6221950d210b", "indicator--560cd020-0a68-4277-860c-6221950d210b", "observed-data--560cd021-3128-418d-8394-6221950d210b", "url--560cd021-3128-418d-8394-6221950d210b", "indicator--560cd021-7c28-437c-bb92-6221950d210b", "indicator--560cd022-6bd8-4997-8302-6221950d210b", "observed-data--560cd022-fc14-4020-8e06-6221950d210b", "url--560cd022-fc14-4020-8e06-6221950d210b", "indicator--560cd023-2e7c-46a8-8597-6221950d210b", "indicator--560cd023-f5b0-45c7-ac21-6221950d210b", "observed-data--560cd024-91ac-4d95-a274-6221950d210b", "url--560cd024-91ac-4d95-a274-6221950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560c0a4d-4754-4dba-a7df-2c1b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:14:05.000Z", "modified": "2015-09-30T16:14:05.000Z", "first_observed": "2015-09-30T16:14:05Z", "last_observed": "2015-09-30T16:14:05Z", "number_observed": 1, "object_refs": [ "url--560c0a4d-4754-4dba-a7df-2c1b950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560c0a4d-4754-4dba-a7df-2c1b950d210b", "value": "https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9b-b39c-4a64-a56d-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:23.000Z", "modified": "2015-09-30T16:15:23.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.147.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9b-1554-4f61-a857-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:23.000Z", "modified": "2015-09-30T16:15:23.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9c-b960-4867-bba4-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:23.000Z", "modified": "2015-09-30T16:15:23.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.8.174.25']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9c-ea60-4aff-961a-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:24.000Z", "modified": "2015-09-30T16:15:24.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.106.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9c-c834-48c8-8e29-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:24.000Z", "modified": "2015-09-30T16:15:24.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.252.48.79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9d-66f8-4597-bc7c-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:25.000Z", "modified": "2015-09-30T16:15:25.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.182.101.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9d-2eac-4c54-93b0-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:25.000Z", "modified": "2015-09-30T16:15:25.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.8.9.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9e-a340-4017-891b-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:26.000Z", "modified": "2015-09-30T16:15:26.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.74.84.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9e-ceac-4366-a142-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:26.000Z", "modified": "2015-09-30T16:15:26.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.232.45.149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9f-5270-4277-818b-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:27.000Z", "modified": "2015-09-30T16:15:27.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.232.45.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0a9f-a68c-4d13-a607-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:27.000Z", "modified": "2015-09-30T16:15:27.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa0-1b10-43f0-9689-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:28.000Z", "modified": "2015-09-30T16:15:28.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.161.51.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa0-6f24-49b1-8dc0-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:28.000Z", "modified": "2015-09-30T16:15:28.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.87.63.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa0-9d08-4bc0-9487-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:28.000Z", "modified": "2015-09-30T16:15:28.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.30.73.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa1-83c4-4fbd-90e2-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:29.000Z", "modified": "2015-09-30T16:15:29.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.119.250.245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa1-9190-4a79-8979-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:29.000Z", "modified": "2015-09-30T16:15:29.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.252.50.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa2-f1a4-4edd-a8d8-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:30.000Z", "modified": "2015-09-30T16:15:30.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.174.91.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa2-4b28-498a-8433-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:30.000Z", "modified": "2015-09-30T16:15:30.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.46.142.66']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa3-70c8-4791-80de-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:31.000Z", "modified": "2015-09-30T16:15:31.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.255.154.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa3-bdf0-4eff-9160-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:31.000Z", "modified": "2015-09-30T16:15:31.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.191.34.245']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa4-b060-4b9f-8297-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:32.000Z", "modified": "2015-09-30T16:15:32.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.116.171.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa4-0fbc-4ca1-b74a-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:32.000Z", "modified": "2015-09-30T16:15:32.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.123.60.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa5-c49c-4ce8-a8df-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:33.000Z", "modified": "2015-09-30T16:15:33.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.109.179.197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa5-6acc-4924-aa38-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:33.000Z", "modified": "2015-09-30T16:15:33.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.57.165.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa6-6c64-431a-8afe-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:34.000Z", "modified": "2015-09-30T16:15:34.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.146.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa6-4868-4b4e-85e9-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:34.000Z", "modified": "2015-09-30T16:15:34.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.146.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa6-d4d4-408a-9f3f-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:34.000Z", "modified": "2015-09-30T16:15:34.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa7-d1b0-43a5-a905-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:35.000Z", "modified": "2015-09-30T16:15:35.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.27.57.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa7-6848-4ee5-9534-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:35.000Z", "modified": "2015-09-30T16:15:35.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.241.176.230']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa8-92e4-412b-ae18-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:36.000Z", "modified": "2015-09-30T16:15:36.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.140.63.207']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa8-a680-4744-905c-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:36.000Z", "modified": "2015-09-30T16:15:36.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.230.220.8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa9-9888-4b5f-ae4e-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:37.000Z", "modified": "2015-09-30T16:15:37.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.86.226.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aa9-8028-4576-953d-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:37.000Z", "modified": "2015-09-30T16:15:37.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.48.147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aaa-70fc-4fa8-a7b5-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:38.000Z", "modified": "2015-09-30T16:15:38.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.49.139']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aaa-dfd0-454c-9f49-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:38.000Z", "modified": "2015-09-30T16:15:38.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.185.166.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aab-a3f8-4236-9967-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:39.000Z", "modified": "2015-09-30T16:15:39.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.120.201.9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aab-4824-4614-97a9-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:39.000Z", "modified": "2015-09-30T16:15:39.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.112.153.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aab-e19c-45ed-b835-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:39.000Z", "modified": "2015-09-30T16:15:39.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.190.64.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aac-a130-4e36-a00f-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:40.000Z", "modified": "2015-09-30T16:15:40.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.120.194.101']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aac-41fc-40db-8812-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:40.000Z", "modified": "2015-09-30T16:15:40.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.123.58.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aad-8850-4d43-bb12-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:41.000Z", "modified": "2015-09-30T16:15:41.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.123.135.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aad-a9c8-4ae4-82dc-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:41.000Z", "modified": "2015-09-30T16:15:41.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.100.4.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aae-8180-44b7-800e-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:42.000Z", "modified": "2015-09-30T16:15:42.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.49.162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aae-afd8-4650-b899-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:42.000Z", "modified": "2015-09-30T16:15:42.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.125.38.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aaf-92ac-448e-bb33-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:43.000Z", "modified": "2015-09-30T16:15:43.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.92.204.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aaf-03cc-4af8-b00d-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:43.000Z", "modified": "2015-09-30T16:15:43.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.238.241.26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0aaf-5834-4a02-a437-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:43.000Z", "modified": "2015-09-30T16:15:43.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.54.191.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab0-609c-414a-abe8-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:44.000Z", "modified": "2015-09-30T16:15:44.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.174.116.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab0-85b0-4233-9207-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:44.000Z", "modified": "2015-09-30T16:15:44.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.117.104.102']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab1-69c4-4bbe-bb56-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:45.000Z", "modified": "2015-09-30T16:15:45.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.189.77.76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab1-fab0-4457-bde2-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:45.000Z", "modified": "2015-09-30T16:15:45.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.239.244.187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab2-a508-48fa-94b6-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:46.000Z", "modified": "2015-09-30T16:15:46.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.174.237.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab2-c948-470c-9b77-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:46.000Z", "modified": "2015-09-30T16:15:46.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.38.228.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab3-19e8-49b0-8875-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:47.000Z", "modified": "2015-09-30T16:15:47.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.222.25.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab3-1dbc-4039-9443-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:47.000Z", "modified": "2015-09-30T16:15:47.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.105.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ab3-f48c-4f43-abcb-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:15:47.000Z", "modified": "2015-09-30T16:15:47.000Z", "description": "Dyre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:15:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b02-f7f8-4999-af1e-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:06.000Z", "modified": "2015-09-30T16:17:06.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://109.199.11.51/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b03-76f0-4bd6-8b4a-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:07.000Z", "modified": "2015-09-30T16:17:07.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://112.133.203.43/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b03-0800-4f9f-b294-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:07.000Z", "modified": "2015-09-30T16:17:07.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://142.47.213.123/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b04-57f4-47e2-bb55-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:08.000Z", "modified": "2015-09-30T16:17:08.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://150.129.49.11/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b04-a9c0-4ca8-915e-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:08.000Z", "modified": "2015-09-30T16:17:08.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://173.216.247.74/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b04-a4e4-4ce0-9025-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:08.000Z", "modified": "2015-09-30T16:17:08.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://173.248.31.6/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b05-e784-4dda-b82c-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:09.000Z", "modified": "2015-09-30T16:17:09.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://176.101.135.103/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b05-a2d0-4696-b25c-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:09.000Z", "modified": "2015-09-30T16:17:09.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://180.233.123.210/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b06-0388-40ca-a336-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:10.000Z", "modified": "2015-09-30T16:17:10.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://185.89.64.160/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b07-f714-4b6c-a235-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:11.000Z", "modified": "2015-09-30T16:17:11.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://186.68.94.38/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b07-bd58-456f-b9e2-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:11.000Z", "modified": "2015-09-30T16:17:11.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://194.28.191.245/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b08-a104-4bef-9481-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:12.000Z", "modified": "2015-09-30T16:17:12.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://197.210.199.21/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b09-5148-4e3a-9f4b-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:13.000Z", "modified": "2015-09-30T16:17:13.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://203.115.103.27/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0a-1250-40a9-ae80-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:14.000Z", "modified": "2015-09-30T16:17:14.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://203.129.197.50/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0a-21f4-41ca-b5ce-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:14.000Z", "modified": "2015-09-30T16:17:14.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://208.117.68.78/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0b-5338-4e84-b53d-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:15.000Z", "modified": "2015-09-30T16:17:15.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://209.27.49.117/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0c-9668-4567-b5f4-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:16.000Z", "modified": "2015-09-30T16:17:16.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://213.92.138.154/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0d-bb78-4575-98b9-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:17.000Z", "modified": "2015-09-30T16:17:17.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://24.148.217.188/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0e-86c0-4048-8088-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:18.000Z", "modified": "2015-09-30T16:17:18.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://24.33.131.116/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0e-828c-4788-8943-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:18.000Z", "modified": "2015-09-30T16:17:18.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://27.109.20.53/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b0f-df50-4d35-b4a2-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:19.000Z", "modified": "2015-09-30T16:17:19.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://37.57.144.177/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b10-3a08-4c66-84c1-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:20.000Z", "modified": "2015-09-30T16:17:20.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://42.47.213.123/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b11-06a8-4aea-8b4c-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:21.000Z", "modified": "2015-09-30T16:17:21.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://45.64.159.18/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b11-cd30-4183-b9c1-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:21.000Z", "modified": "2015-09-30T16:17:21.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://63.248.156.246/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b12-caf8-4c72-ab6c-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:22.000Z", "modified": "2015-09-30T16:17:22.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://65.33.236.173/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b13-ffac-4387-9f80-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:23.000Z", "modified": "2015-09-30T16:17:23.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://67.207.229.215/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b14-5d18-4170-8182-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:24.000Z", "modified": "2015-09-30T16:17:24.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://67.221.147.66/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b15-307c-4f97-b64d-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:25.000Z", "modified": "2015-09-30T16:17:25.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://67.221.195.6/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b15-03c8-48e1-8392-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:25.000Z", "modified": "2015-09-30T16:17:25.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://67.222.201.222/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b16-f550-4758-b165-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:26.000Z", "modified": "2015-09-30T16:17:26.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://67.222.201.61/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b17-a588-4fbb-9572-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:27.000Z", "modified": "2015-09-30T16:17:27.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://68.70.242.203/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b18-83a0-42fb-b0fd-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:28.000Z", "modified": "2015-09-30T16:17:28.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://69.144.171.44/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b18-3f74-43cc-a026-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:28.000Z", "modified": "2015-09-30T16:17:28.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://69.9.204.114/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b19-6be8-418b-8b24-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:29.000Z", "modified": "2015-09-30T16:17:29.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://72.175.10.116/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1a-d270-4ff2-92ac-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:30.000Z", "modified": "2015-09-30T16:17:30.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://72.230.82.80/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1b-1d5c-4876-9844-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:31.000Z", "modified": "2015-09-30T16:17:31.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://77.48.30.156/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1c-a6fc-43c7-86ff-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:32.000Z", "modified": "2015-09-30T16:17:32.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://78.108.101.67/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1c-fd24-4dd2-8b62-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:32.000Z", "modified": "2015-09-30T16:17:32.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://78.72.233.105/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1d-6db0-45ec-bdf4-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:33.000Z", "modified": "2015-09-30T16:17:33.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://82.115.76.211/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1e-2c10-46ae-9acb-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:34.000Z", "modified": "2015-09-30T16:17:34.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://82.160.64.45/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1f-d05c-4a90-8795-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:35.000Z", "modified": "2015-09-30T16:17:35.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://85.135.104.170/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b1f-cd5c-45ab-9ce3-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:35.000Z", "modified": "2015-09-30T16:17:35.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://87.249.142.189/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b20-f104-4d39-898b-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:36.000Z", "modified": "2015-09-30T16:17:36.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://89.239.120.43/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b21-2ffc-46a6-ba4b-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:37.000Z", "modified": "2015-09-30T16:17:37.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://91.246.105.164/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b22-f4fc-4ca4-884d-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:38.000Z", "modified": "2015-09-30T16:17:38.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://94.141.130.9/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b23-a3ec-48d8-9a95-8024950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:17:38.000Z", "modified": "2015-09-30T16:17:38.000Z", "description": "Upatre Downloading Dyre", "pattern": "[url:value = 'https://94.40.82.66/Ares13.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:17:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b51-2b14-448e-802c-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:25.000Z", "modified": "2015-09-30T16:18:25.000Z", "description": "Attachment hash", "pattern": "[file:hashes.SHA256 = '5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b52-a140-4534-9cb3-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:26.000Z", "modified": "2015-09-30T16:18:26.000Z", "description": "Upatre (id 22_U13) hash", "pattern": "[file:hashes.SHA256 = 'afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b52-4d9c-4f09-b8b8-801c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:26.000Z", "modified": "2015-09-30T16:18:26.000Z", "description": "Dyreza (id 2209us13) hash", "pattern": "[file:hashes.SHA256 = 'dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b6d-66a0-41c0-ad3c-8023950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:53.000Z", "modified": "2015-09-30T16:18:53.000Z", "description": "Upatre C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.149.90.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b6d-de34-454b-bc5a-8023950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:53.000Z", "modified": "2015-09-30T16:18:53.000Z", "description": "Dyreza C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.105.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0b6e-a818-4f1a-9e3f-8023950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:18:54.000Z", "modified": "2015-09-30T16:18:54.000Z", "description": "Dyreza C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.99']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:18:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ba9-0474-43a7-ab02-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:19:53.000Z", "modified": "2015-09-30T16:19:53.000Z", "description": "Xbagging additional code", "pattern": "[url:value = 'http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/5716367236.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:19:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0ba9-e23c-44cf-9560-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:19:53.000Z", "modified": "2015-09-30T16:19:53.000Z", "description": "Xbagging additional code", "pattern": "[url:value = 'http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/5716367236.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:19:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0baa-9064-4a68-a023-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:19:54.000Z", "modified": "2015-09-30T16:19:54.000Z", "description": "Xbagging payload URL", "pattern": "[url:value = 'http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/pipi.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:19:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0baa-58c4-4165-bc49-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:19:54.000Z", "modified": "2015-09-30T16:19:54.000Z", "description": "Xbagging payload URL", "pattern": "[url:value = 'http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/pipi.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:19:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560c0bab-13a4-4976-864d-6789950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-09-30T16:19:55.000Z", "modified": "2015-09-30T16:19:55.000Z", "description": "Upatre", "pattern": "[url:value = 'http://pcsolutionsexpert.com/wp-content/uploads/2015/08/calc.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-30T16:19:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd020-8424-4fee-a01c-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:08.000Z", "modified": "2015-10-01T06:18:08.000Z", "description": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c", "pattern": "[file:hashes.SHA1 = 'eae3eafac1334886ddbcf80a79895e5ff8fcbe98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd020-0a68-4277-860c-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:08.000Z", "modified": "2015-10-01T06:18:08.000Z", "description": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c", "pattern": "[file:hashes.MD5 = '512d1c84ca16c2d968ffcbf5c7a08780']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd021-3128-418d-8394-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:09.000Z", "modified": "2015-10-01T06:18:09.000Z", "first_observed": "2015-10-01T06:18:09Z", "last_observed": "2015-10-01T06:18:09Z", "number_observed": 1, "object_refs": [ "url--560cd021-3128-418d-8394-6221950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd021-3128-418d-8394-6221950d210b", "value": "https://www.virustotal.com/file/dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c/analysis/1443014113/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd021-7c28-437c-bb92-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:09.000Z", "modified": "2015-10-01T06:18:09.000Z", "description": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237", "pattern": "[file:hashes.SHA1 = 'e9c9b888e1e9b952ee65d71e2d2ac29f50655425']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd022-6bd8-4997-8302-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:10.000Z", "modified": "2015-10-01T06:18:10.000Z", "description": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237", "pattern": "[file:hashes.MD5 = '842cedae3fdfb20457aa8038c1893b2f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd022-fc14-4020-8e06-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:10.000Z", "modified": "2015-10-01T06:18:10.000Z", "first_observed": "2015-10-01T06:18:10Z", "last_observed": "2015-10-01T06:18:10Z", "number_observed": 1, "object_refs": [ "url--560cd022-fc14-4020-8e06-6221950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd022-fc14-4020-8e06-6221950d210b", "value": "https://www.virustotal.com/file/afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237/analysis/1443102943/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd023-2e7c-46a8-8597-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:11.000Z", "modified": "2015-10-01T06:18:11.000Z", "description": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae", "pattern": "[file:hashes.SHA1 = '7d706930bb0e66bd58012634b6f7333f9f3c7324']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--560cd023-f5b0-45c7-ac21-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:11.000Z", "modified": "2015-10-01T06:18:11.000Z", "description": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae", "pattern": "[file:hashes.MD5 = '32ec9366e495e049cdd762ba3e2efe1a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-01T06:18:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--560cd024-91ac-4d95-a274-6221950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-01T06:18:12.000Z", "modified": "2015-10-01T06:18:12.000Z", "first_observed": "2015-10-01T06:18:12Z", "last_observed": "2015-10-01T06:18:12Z", "number_observed": 1, "object_refs": [ "url--560cd024-91ac-4d95-a274-6221950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--560cd024-91ac-4d95-a274-6221950d210b", "value": "https://www.virustotal.com/file/5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae/analysis/1443436758/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }