{ "type": "bundle", "id": "bundle--571bd702-031c-400b-a851-43ce02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:10.000Z", "modified": "2016-06-19T22:22:10.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--571bd702-031c-400b-a851-43ce02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:10.000Z", "modified": "2016-06-19T22:22:10.000Z", "name": "OSINT The Ghost Dragon by Cylance", "published": "2016-06-19T22:22:20Z", "object_refs": [ "observed-data--571bd91f-9188-41c4-be32-451e02de0b81", "url--571bd91f-9188-41c4-be32-451e02de0b81", "indicator--571be427-a170-40cd-89dc-424802de0b81", "indicator--571be427-a4e0-405e-81a7-4cc502de0b81", "indicator--571be428-1c90-44ba-b368-4cc302de0b81", "indicator--571be428-a8d8-41f5-86fb-463102de0b81", "indicator--571be42a-dc8c-4b29-9f4b-4a3602de0b81", "observed-data--571be42b-0f40-467f-8224-41ed02de0b81", "file--571be42b-0f40-467f-8224-41ed02de0b81", "indicator--571be42b-d1c4-45f7-bdb5-44a002de0b81", "indicator--571be42b-8458-48cd-b651-407302de0b81", "observed-data--571be42c-f8b8-448f-a79a-47cb02de0b81", "file--571be42c-f8b8-448f-a79a-47cb02de0b81", "indicator--571be42c-b8ec-40a1-b61b-45d002de0b81", "indicator--571be42d-7360-4dc5-bf99-4daf02de0b81", "indicator--571be42d-f770-4152-b05b-436f02de0b81", "indicator--571be42d-4b98-4735-ad9a-49a902de0b81", "indicator--571be42e-2ea0-4e56-9f6d-44d702de0b81", "observed-data--571be42e-5c6c-417e-a3ce-411502de0b81", "file--571be42e-5c6c-417e-a3ce-411502de0b81", "indicator--571be42e-4bd8-43f3-9abe-476d02de0b81", "indicator--571be49c-3030-4fdf-a450-4a9902de0b81", "indicator--571be49c-adf4-4c5c-95c8-4a9302de0b81", "indicator--571be4ca-86cc-46a2-9850-473402de0b81", "observed-data--571be4ca-6358-4226-98e4-46e302de0b81", "file--571be4ca-6358-4226-98e4-46e302de0b81", "indicator--571be4cb-3094-4ac2-9f05-4bed02de0b81", "indicator--571be4f8-d4b4-4fd4-bbd6-06e102de0b81", "indicator--571be4f9-9774-41d2-aded-06e102de0b81", "indicator--571be4f9-7740-4c83-9093-06e102de0b81", "indicator--571be4f9-a1d0-4c09-84e5-06e102de0b81", "indicator--571be4fa-461c-42e4-93fa-06e102de0b81", "indicator--571be4fa-bb6c-49fb-b075-06e102de0b81", "indicator--571be4fa-8a9c-4421-928c-06e102de0b81", "indicator--571be4fb-8758-4049-9f58-06e102de0b81", "indicator--571be4fb-7924-4c78-9e51-06e102de0b81", "indicator--571be4fb-1f28-4329-bdae-06e102de0b81", "indicator--571be4fc-d3f0-4d86-9ce1-06e102de0b81", "indicator--571be4fc-81e0-4a36-a78f-06e102de0b81", "indicator--571be4fc-8adc-4e08-8124-06e102de0b81", "indicator--571be4fd-032c-4978-8c75-06e102de0b81", "indicator--571be4fd-ae64-43a9-a7f6-06e102de0b81", "indicator--571be4fd-5028-420b-86bf-06e102de0b81", "indicator--571be4fe-d028-4b71-bd19-06e102de0b81", "indicator--571be4fe-d204-4aeb-a607-06e102de0b81", "indicator--571be4fe-75b8-4416-9a76-06e102de0b81", "indicator--571be4fe-d334-47f4-95e0-06e102de0b81", "indicator--571be4ff-58f4-4b7a-93f5-06e102de0b81", "indicator--571be4ff-9ba0-467f-8a37-06e102de0b81", "indicator--571be4ff-0b78-471f-986c-06e102de0b81", "indicator--571be500-b3f4-499b-aa45-06e102de0b81", "indicator--571be500-f398-4261-8b04-06e102de0b81", "indicator--571be500-3f24-47ca-999e-06e102de0b81", "indicator--571be501-6ec8-4744-97ef-06e102de0b81", "indicator--571be51a-ff48-497d-9d1b-43d402de0b81", "indicator--571be531-44f8-4a0b-bb88-4c7f02de0b81", "indicator--571be532-e580-47e0-9962-401002de0b81", "indicator--571be532-8338-4447-84e3-46b002de0b81", "indicator--571be532-cf9c-4853-ae92-481602de0b81", "indicator--571be6ba-4950-4c42-9a39-4478950d210f", "indicator--571be6be-69bc-41f9-8d52-458a950d210f", "indicator--571be6bc-b398-4413-b63a-4735950d210f", "indicator--571be6bf-6840-4bec-a572-43ba950d210f", "indicator--571db8f2-77a0-4e9f-9d8c-414802de0b81", "indicator--571db8f2-3bd0-4b0b-a56a-45ab02de0b81", "observed-data--571db8f3-45c8-4d16-bbc3-494a02de0b81", "url--571db8f3-45c8-4d16-bbc3-494a02de0b81", "indicator--571db8f3-cf1c-45bb-b8c8-4ba802de0b81", "indicator--571db8f3-1fc8-4824-b761-4ec402de0b81", "observed-data--571db8f4-c7b0-47bb-a1e8-4f1802de0b81", "url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81", "observed-data--571db8f4-f494-48ea-8383-454102de0b81", "url--571db8f4-f494-48ea-8383-454102de0b81", "observed-data--571db8f5-e1b8-4a2f-82fb-48b802de0b81", "url--571db8f5-e1b8-4a2f-82fb-48b802de0b81", "indicator--571db8f5-feb8-4fe4-a3c9-403902de0b81", "indicator--571db8f6-c8f8-4236-8f17-4c3002de0b81", "observed-data--571db8f6-3730-42a3-9b88-416102de0b81", "url--571db8f6-3730-42a3-9b88-416102de0b81", "indicator--571db8f6-3758-426d-acc0-4a8b02de0b81", "indicator--571db8f7-8c74-46ad-893b-4eff02de0b81", "observed-data--571db8f7-0858-4cab-849d-4e7702de0b81", "url--571db8f7-0858-4cab-849d-4e7702de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "OSINT", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571bd91f-9188-41c4-be32-451e02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T20:20:46.000Z", "modified": "2016-04-23T20:20:46.000Z", "first_observed": "2016-04-23T20:20:46Z", "last_observed": "2016-04-23T20:20:46Z", "number_observed": 1, "object_refs": [ "url--571bd91f-9188-41c4-be32-451e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571bd91f-9188-41c4-be32-451e02de0b81", "value": "https://blog.cylance.com/the-ghost-dragon" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be427-a170-40cd-89dc-424802de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:51.000Z", "modified": "2016-04-23T21:07:51.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be427-a4e0-405e-81a7-4cc502de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:51.000Z", "modified": "2016-04-23T21:07:51.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = '71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be428-1c90-44ba-b368-4cc302de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:52.000Z", "modified": "2016-04-23T21:07:52.000Z", "description": "Imported via the freetext import.", "pattern": "[file:name = 'AdobeWpkReg.tmp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be428-a8d8-41f5-86fb-463102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:08:58.000Z", "modified": "2016-04-23T21:08:58.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'http://info.winupdate.net/robots.txt']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:08:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42a-dc8c-4b29-9f4b-4a3602de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:54.000Z", "modified": "2016-04-23T21:07:54.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = '1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571be42b-0f40-467f-8224-41ed02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:10.000Z", "modified": "2016-06-19T22:22:10.000Z", "first_observed": "2016-06-19T22:22:10Z", "last_observed": "2016-06-19T22:22:10Z", "number_observed": 1, "object_refs": [ "file--571be42b-0f40-467f-8224-41ed02de0b81" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--571be42b-0f40-467f-8224-41ed02de0b81", "name": "iconfig.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42b-d1c4-45f7-bdb5-44a002de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:55.000Z", "modified": "2016-04-23T21:07:55.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'bbs.winupdate.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42b-8458-48cd-b651-407302de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:55.000Z", "modified": "2016-04-23T21:07:55.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571be42c-f8b8-448f-a79a-47cb02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:09.000Z", "modified": "2016-06-19T22:22:09.000Z", "first_observed": "2016-06-19T22:22:09Z", "last_observed": "2016-06-19T22:22:09Z", "number_observed": 1, "object_refs": [ "file--571be42c-f8b8-448f-a79a-47cb02de0b81" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--571be42c-f8b8-448f-a79a-47cb02de0b81", "name": "install.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42c-b8ec-40a1-b61b-45d002de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:56.000Z", "modified": "2016-04-23T21:07:56.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'ooxxxoo.gicp.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42d-7360-4dc5-bf99-4daf02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:57.000Z", "modified": "2016-04-23T21:07:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.winupdate.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42d-f770-4152-b05b-436f02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:57.000Z", "modified": "2016-04-23T21:07:57.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = '99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42d-4b98-4735-ad9a-49a902de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:57.000Z", "modified": "2016-04-23T21:07:57.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.searchhappynews.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42e-2ea0-4e56-9f6d-44d702de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:58.000Z", "modified": "2016-04-23T21:07:58.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571be42e-5c6c-417e-a3ce-411502de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:09.000Z", "modified": "2016-06-19T22:22:09.000Z", "first_observed": "2016-06-19T22:22:09Z", "last_observed": "2016-06-19T22:22:09Z", "number_observed": 1, "object_refs": [ "file--571be42e-5c6c-417e-a3ce-411502de0b81" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--571be42e-5c6c-417e-a3ce-411502de0b81", "name": "ExtensionManager.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be42e-4bd8-43f3-9abe-476d02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:07:58.000Z", "modified": "2016-04-23T21:07:58.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.fhtd.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:07:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be49c-3030-4fdf-a450-4a9902de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:09:48.000Z", "modified": "2016-04-23T21:09:48.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.18.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:09:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be49c-adf4-4c5c-95c8-4a9302de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:09:48.000Z", "modified": "2016-04-23T21:09:48.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.36.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:09:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4ca-86cc-46a2-9850-473402de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:10:34.000Z", "modified": "2016-04-23T21:10:34.000Z", "description": "Imported via the freetext import.", "pattern": "[file:hashes.SHA256 = 'fb5a7cb34040b1e98b077edaf91cb59a446d8ff07263afe875cf6bd85bfb359d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:10:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571be4ca-6358-4226-98e4-46e302de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-06-19T22:22:10.000Z", "modified": "2016-06-19T22:22:10.000Z", "first_observed": "2016-06-19T22:22:10Z", "last_observed": "2016-06-19T22:22:10Z", "number_observed": 1, "object_refs": [ "file--571be4ca-6358-4226-98e4-46e302de0b81" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload installation\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--571be4ca-6358-4226-98e4-46e302de0b81", "name": "operas.exe" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4cb-3094-4ac2-9f05-4bed02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:10:35.000Z", "modified": "2016-04-23T21:10:35.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'www.swgabeg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:10:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4f8-d4b4-4fd4-bbd6-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:20.000Z", "modified": "2016-04-23T21:11:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.55.33.39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4f9-9774-41d2-aded-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:21.000Z", "modified": "2016-04-23T21:11:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.232.215.144']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4f9-7740-4c83-9093-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:21.000Z", "modified": "2016-04-23T21:11:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.246.245.147']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4f9-a1d0-4c09-84e5-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:21.000Z", "modified": "2016-04-23T21:11:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.68.8.130']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fa-461c-42e4-93fa-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:22.000Z", "modified": "2016-04-23T21:11:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.125.17.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fa-bb6c-49fb-b075-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:22.000Z", "modified": "2016-04-23T21:11:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.148.161']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fa-8a9c-4421-928c-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:22.000Z", "modified": "2016-04-23T21:11:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.148.205']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fb-8758-4049-9f58-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:23.000Z", "modified": "2016-04-23T21:11:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.41.85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fb-7924-4c78-9e51-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:23.000Z", "modified": "2016-04-23T21:11:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.83.75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fb-1f28-4329-bdae-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:23.000Z", "modified": "2016-04-23T21:11:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.85.35']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fc-d3f0-4d86-9ce1-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:24.000Z", "modified": "2016-04-23T21:11:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.128']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fc-81e0-4a36-a78f-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:24.000Z", "modified": "2016-04-23T21:11:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fc-8adc-4e08-8124-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:24.000Z", "modified": "2016-04-23T21:11:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.216']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fd-032c-4978-8c75-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:25.000Z", "modified": "2016-04-23T21:11:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.9.247.56']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fd-ae64-43a9-a7f6-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:25.000Z", "modified": "2016-04-23T21:11:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.254.111.87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fd-5028-420b-86bf-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:25.000Z", "modified": "2016-04-23T21:11:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.103.90']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fe-d028-4b71-bd19-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:26.000Z", "modified": "2016-04-23T21:11:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.128.255.228']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fe-d204-4aeb-a607-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:26.000Z", "modified": "2016-04-23T21:11:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.45.192.234']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fe-75b8-4416-9a76-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:26.000Z", "modified": "2016-04-23T21:11:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.172.32.172']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4fe-d334-47f4-95e0-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:26.000Z", "modified": "2016-04-23T21:11:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.174.130.116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4ff-58f4-4b7a-93f5-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:27.000Z", "modified": "2016-04-23T21:11:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.232.28.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4ff-9ba0-467f-8a37-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:27.000Z", "modified": "2016-04-23T21:11:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.85.84.165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be4ff-0b78-471f-986c-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:27.000Z", "modified": "2016-04-23T21:11:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.85.84.167']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be500-b3f4-499b-aa45-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:28.000Z", "modified": "2016-04-23T21:11:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.179.179']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be500-f398-4261-8b04-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:28.000Z", "modified": "2016-04-23T21:11:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.64.187.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be500-3f24-47ca-999e-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:28.000Z", "modified": "2016-04-23T21:11:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.215.128.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be501-6ec8-4744-97ef-06e102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:29.000Z", "modified": "2016-04-23T21:11:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.111.220.218']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be51a-ff48-497d-9d1b-43d402de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:11:54.000Z", "modified": "2016-04-23T21:11:54.000Z", "pattern": "[domain-name:value = 'info.winupdate.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be531-44f8-4a0b-bb88-4c7f02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:12:17.000Z", "modified": "2016-04-23T21:12:17.000Z", "pattern": "[domain-name:value = 'winupdate.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:12:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be532-e580-47e0-9962-401002de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:12:18.000Z", "modified": "2016-04-23T21:12:18.000Z", "pattern": "[domain-name:value = 'searchhappynews.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:12:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be532-8338-4447-84e3-46b002de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:12:18.000Z", "modified": "2016-04-23T21:12:18.000Z", "pattern": "[domain-name:value = 'fhtd.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:12:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be532-cf9c-4853-ae92-481602de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:12:18.000Z", "modified": "2016-04-23T21:12:18.000Z", "pattern": "[domain-name:value = 'swgabeg.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:12:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be6ba-4950-4c42-9a39-4478950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:18:50.000Z", "modified": "2016-04-23T21:18:50.000Z", "description": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)", "pattern": "[file:hashes.MD5 = 'ba6eaf301344de6fe1e079fa960bc698']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:18:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be6be-69bc-41f9-8d52-458a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:18:54.000Z", "modified": "2016-04-23T21:18:54.000Z", "description": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)", "pattern": "[file:hashes.MD5 = 'b0a2c91d85195a72f86399590ac2c549']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:18:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be6bc-b398-4413-b63a-4735950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:18:52.000Z", "modified": "2016-04-23T21:18:52.000Z", "description": "Automatically added (via 1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42)", "pattern": "[file:hashes.SHA1 = 'c0eea2b52460d5fef1c4c439c56cf51ea74b5abd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:18:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571be6bf-6840-4bec-a572-43ba950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-23T21:18:55.000Z", "modified": "2016-04-23T21:18:55.000Z", "description": "Automatically added (via f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197)", "pattern": "[file:hashes.SHA1 = '63323dc4bfa47548317a19ae52d6f179f807bba0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-23T21:18:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f2-77a0-4e9f-9d8c-414802de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:02.000Z", "modified": "2016-04-25T06:28:02.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5", "pattern": "[file:hashes.SHA1 = 'f24a47d4d197b06331aa9c86b915799d0ad9c8c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f2-3bd0-4b0b-a56a-45ab02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:02.000Z", "modified": "2016-04-25T06:28:02.000Z", "description": "Imported via the freetext import. - Xchecked via VT: b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5", "pattern": "[file:hashes.MD5 = '8b4b1c933f5f7b47e3c2a9da35fb7dc3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f3-45c8-4d16-bbc3-494a02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:03.000Z", "modified": "2016-04-25T06:28:03.000Z", "first_observed": "2016-04-25T06:28:03Z", "last_observed": "2016-04-25T06:28:03Z", "number_observed": 1, "object_refs": [ "url--571db8f3-45c8-4d16-bbc3-494a02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f3-45c8-4d16-bbc3-494a02de0b81", "value": "https://www.virustotal.com/file/b803381535ac24ce7c8fdcf6155566d208dfca63fd66ec71bbc6754233e251f5/analysis/1376040471/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f3-cf1c-45bb-b8c8-4ba802de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:03.000Z", "modified": "2016-04-25T06:28:03.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2", "pattern": "[file:hashes.SHA1 = '83fe6ace20b721a67d7bf6090d78a053b24d0d06']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f3-1fc8-4824-b761-4ec402de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:03.000Z", "modified": "2016-04-25T06:28:03.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2", "pattern": "[file:hashes.MD5 = '8f513ea6bbfb8b6a439eef9b68aca11c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f4-c7b0-47bb-a1e8-4f1802de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:04.000Z", "modified": "2016-04-25T06:28:04.000Z", "first_observed": "2016-04-25T06:28:04Z", "last_observed": "2016-04-25T06:28:04Z", "number_observed": 1, "object_refs": [ "url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f4-c7b0-47bb-a1e8-4f1802de0b81", "value": "https://www.virustotal.com/file/99ee5b764a5db1cb6b8a4f62605b5536487d9c35a28a23de8f9174659f65bcb2/analysis/1423637719/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f4-f494-48ea-8383-454102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:04.000Z", "modified": "2016-04-25T06:28:04.000Z", "first_observed": "2016-04-25T06:28:04Z", "last_observed": "2016-04-25T06:28:04Z", "number_observed": 1, "object_refs": [ "url--571db8f4-f494-48ea-8383-454102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f4-f494-48ea-8383-454102de0b81", "value": "https://www.virustotal.com/file/f9a669d22866cd041e2d520c5eb093188962bea8864fdfd0c0abb2b254e9f197/analysis/1453437365/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f5-e1b8-4a2f-82fb-48b802de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:05.000Z", "modified": "2016-04-25T06:28:05.000Z", "first_observed": "2016-04-25T06:28:05Z", "last_observed": "2016-04-25T06:28:05Z", "number_observed": 1, "object_refs": [ "url--571db8f5-e1b8-4a2f-82fb-48b802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f5-e1b8-4a2f-82fb-48b802de0b81", "value": "https://www.virustotal.com/file/1be9c68b31247357328596a388010c9cfffadcb6e9841fb22de8b0dc2d161c42/analysis/1455814047/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f5-feb8-4fe4-a3c9-403902de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:05.000Z", "modified": "2016-04-25T06:28:05.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97", "pattern": "[file:hashes.SHA1 = '4e93941aa05dd908e7cd7bfa6f8ca7b446e7b6f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f6-c8f8-4236-8f17-4c3002de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:06.000Z", "modified": "2016-04-25T06:28:06.000Z", "description": "Imported via the freetext import. - Xchecked via VT: 71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97", "pattern": "[file:hashes.MD5 = '1a7772d0fbedf103e4f21d949392a34b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f6-3730-42a3-9b88-416102de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:06.000Z", "modified": "2016-04-25T06:28:06.000Z", "first_observed": "2016-04-25T06:28:06Z", "last_observed": "2016-04-25T06:28:06Z", "number_observed": 1, "object_refs": [ "url--571db8f6-3730-42a3-9b88-416102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f6-3730-42a3-9b88-416102de0b81", "value": "https://www.virustotal.com/file/71a52058f6b5cef66302c19169f67cf304507b4454cca83e2c36151da8da1d97/analysis/1445871730/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f6-3758-426d-acc0-4a8b02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:06.000Z", "modified": "2016-04-25T06:28:06.000Z", "description": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67", "pattern": "[file:hashes.SHA1 = 'c17a9c6841c554ebc5273ff021f5aed5c76920c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--571db8f7-8c74-46ad-893b-4eff02de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:07.000Z", "modified": "2016-04-25T06:28:07.000Z", "description": "Imported via the freetext import. - Xchecked via VT: a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67", "pattern": "[file:hashes.MD5 = '0875cf64928da6c9b365384e6dbb3c33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-25T06:28:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--571db8f7-0858-4cab-849d-4e7702de0b81", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-04-25T06:28:07.000Z", "modified": "2016-04-25T06:28:07.000Z", "first_observed": "2016-04-25T06:28:07Z", "last_observed": "2016-04-25T06:28:07Z", "number_observed": 1, "object_refs": [ "url--571db8f7-0858-4cab-849d-4e7702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--571db8f7-0858-4cab-849d-4e7702de0b81", "value": "https://www.virustotal.com/file/a48f881f254dc8452561a8f13e2fb81933473ff22e549787f0ca67f19ba7fe67/analysis/1432189489/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }