{ "type": "bundle", "id": "bundle--57780118-b304-434e-b78f-478d950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:19:32.000Z", "modified": "2016-07-02T18:19:32.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57780118-b304-434e-b78f-478d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:19:32.000Z", "modified": "2016-07-02T18:19:32.000Z", "name": "OSINT H-Worm IOCs from WooYun", "published": "2016-07-02T18:19:37Z", "object_refs": [ "observed-data--57780148-548c-41c9-b29e-483e950d210f", "url--57780148-548c-41c9-b29e-483e950d210f", "indicator--57780162-a4fc-4810-987d-4f29950d210f", "indicator--57780162-d6ec-4acf-b61f-4008950d210f", "indicator--57780162-9cf8-4b76-a355-41ae950d210f", "indicator--57780162-9bd8-4e91-a01d-4551950d210f", "indicator--57780162-20f4-4ca0-812a-409a950d210f", "indicator--57780163-3538-4714-9237-4484950d210f", "indicator--57780163-5550-48fa-9c3b-49a6950d210f", "indicator--57780163-e160-42e3-81b6-4d85950d210f", "indicator--57780163-2390-46a1-ae8c-4bea950d210f", "indicator--57780163-99fc-474e-b7a9-4893950d210f", "indicator--57780163-e838-4e2d-9319-410b950d210f", "indicator--57780164-6dd4-4d96-9a8c-417d950d210f", "indicator--57780164-ac20-415d-9bbf-4af1950d210f", "indicator--57780164-e988-46ec-8b83-47d1950d210f", "indicator--57780164-6e90-42fe-8bd0-407e950d210f", "indicator--57780164-77f0-4f71-84c4-46fa950d210f", "indicator--57780164-2700-424a-9a2e-4857950d210f", "indicator--57780165-f9dc-4b8b-a389-4710950d210f", "indicator--57780165-b50c-48a7-8af4-4f9d950d210f", "indicator--57780165-e034-4ec0-a8e2-4537950d210f", "indicator--57780165-ca3c-4fd2-9594-49b3950d210f", "indicator--57780165-0fc8-408f-b09e-40d7950d210f", "indicator--57780166-35fc-4540-abc2-4535950d210f", "indicator--57780166-2e48-47b4-9b74-4e2d950d210f", "indicator--57780166-80b0-489a-9ccd-484b950d210f", "indicator--57780166-47cc-4ff6-9e70-4f3e950d210f", "indicator--57780166-7178-4ca2-8d30-4559950d210f", "indicator--57780166-9038-4536-933f-4353950d210f", "indicator--57780167-8a4c-480e-bf4d-484e950d210f", "indicator--57780167-a468-4e10-b8a1-49d0950d210f", "indicator--57780167-038c-43c6-b141-4050950d210f", "indicator--57780167-271c-4e45-a979-4838950d210f", "indicator--57780167-552c-43a8-a437-4a51950d210f", "indicator--57780167-b560-475e-9c82-4af5950d210f", "indicator--57780168-0e08-48ba-8b8e-42d0950d210f", "indicator--57780168-fd9c-4eaf-93ae-4136950d210f", "indicator--57780168-2778-40ec-ae28-44f8950d210f", "indicator--57780168-cd38-40b4-98a5-4fb1950d210f", "indicator--57780168-d4c4-4b5d-a257-428c950d210f", "indicator--57780168-df7c-4ed7-bab8-43b7950d210f", "indicator--57780169-bf84-4677-a72f-4e32950d210f", "indicator--57780169-0664-45ee-b006-4e22950d210f", "indicator--57780169-4104-4d2d-814f-4fd8950d210f", "indicator--57780169-073c-444a-add2-4868950d210f", "indicator--57780169-612c-41dd-9a7a-4643950d210f", "indicator--5778016a-fbac-40b6-b2b2-4070950d210f", "indicator--5778016a-3700-41cf-acd6-49e0950d210f", "indicator--5778016a-9fac-44fc-993b-4150950d210f", "indicator--5778016a-0c2c-4682-b7a3-4f2c950d210f", "indicator--5778016a-b8b4-4b19-b761-487f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57780148-548c-41c9-b29e-483e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:00:40.000Z", "modified": "2016-07-02T18:00:40.000Z", "first_observed": "2016-07-02T18:00:40Z", "last_observed": "2016-07-02T18:00:40Z", "number_observed": 1, "object_refs": [ "url--57780148-548c-41c9-b29e-483e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57780148-548c-41c9-b29e-483e950d210f", "value": "http://drops.wooyun.org/papers/17374" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780162-a4fc-4810-987d-4f29950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:06.000Z", "modified": "2016-07-02T18:01:06.000Z", "pattern": "[domain-name:value = 'zzzch.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780162-d6ec-4acf-b61f-4008950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:06.000Z", "modified": "2016-07-02T18:01:06.000Z", "pattern": "[domain-name:value = 'ysf.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780162-9cf8-4b76-a355-41ae950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:06.000Z", "modified": "2016-07-02T18:01:06.000Z", "pattern": "[domain-name:value = 'ycemufkk6g.bounceme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780162-9bd8-4e91-a01d-4551950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:06.000Z", "modified": "2016-07-02T18:01:06.000Z", "pattern": "[domain-name:value = 'xxx-xxx.no-ip.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780162-20f4-4ca0-812a-409a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:06.000Z", "modified": "2016-07-02T18:01:06.000Z", "pattern": "[domain-name:value = 'xkiller.no-ip.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-3538-4714-9237-4484950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'wach.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-5550-48fa-9c3b-49a6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'tariqalr.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-e160-42e3-81b6-4d85950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'shagagy21.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-2390-46a1-ae8c-4bea950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'sexcam.3utilities.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-99fc-474e-b7a9-4893950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'servecounterstrike.servecounterstrike.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780163-e838-4e2d-9319-410b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:07.000Z", "modified": "2016-07-02T18:01:07.000Z", "pattern": "[domain-name:value = 'playgame.servecounterstrike.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-6dd4-4d96-9a8c-417d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'p-dark.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-ac20-415d-9bbf-4af1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'nouna1985.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-e988-46ec-8b83-47d1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'n0it.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-6e90-42fe-8bd0-407e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'mzab47.myq-see.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-77f0-4f71-84c4-46fa950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'modox.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780164-2700-424a-9a2e-4857950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:08.000Z", "modified": "2016-07-02T18:01:08.000Z", "pattern": "[domain-name:value = 'mmoohhaammeedd.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780165-f9dc-4b8b-a389-4710950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:09.000Z", "modified": "2016-07-02T18:01:09.000Z", "pattern": "[domain-name:value = 'mlcrosoft.serveftp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780165-b50c-48a7-8af4-4f9d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:09.000Z", "modified": "2016-07-02T18:01:09.000Z", "pattern": "[domain-name:value = 'microsoftupgrades.servehttp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780165-e034-4ec0-a8e2-4537950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:09.000Z", "modified": "2016-07-02T18:01:09.000Z", "pattern": "[domain-name:value = 'microsoftsystem.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780165-ca3c-4fd2-9594-49b3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:09.000Z", "modified": "2016-07-02T18:01:09.000Z", "pattern": "[domain-name:value = 'micr0s0ftsoft.myftp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780165-0fc8-408f-b09e-40d7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:09.000Z", "modified": "2016-07-02T18:01:09.000Z", "pattern": "[domain-name:value = 'mda.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-35fc-4540-abc2-4535950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'maroco.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-2e48-47b4-9b74-4e2d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'maroco.myq-see.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-80b0-489a-9ccd-484b950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'maroco.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-47cc-4ff6-9e70-4f3e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'man2010.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-7178-4ca2-8d30-4559950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'korom.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780166-9038-4536-933f-4353950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:10.000Z", "modified": "2016-07-02T18:01:10.000Z", "pattern": "[domain-name:value = 'koko.myftp.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-8a4c-480e-bf4d-484e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'klonkino.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-a468-4e10-b8a1-49d0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'king.servemp3.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-038c-43c6-b141-4050950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'herohero.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-271c-4e45-a979-4838950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'hacker20133.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-552c-43a8-a437-4a51950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'googlechrome.servequake.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780167-b560-475e-9c82-4af5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:11.000Z", "modified": "2016-07-02T18:01:11.000Z", "pattern": "[domain-name:value = 'g00gle.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-0e08-48ba-8b8e-42d0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'dzhacker15.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-fd9c-4eaf-93ae-4136950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'dz47.servehttp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-2778-40ec-ae28-44f8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'dz47.myq-see.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-cd38-40b4-98a5-4fb1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'dz47.linkpc.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-d4c4-4b5d-a257-428c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'dream7.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780168-df7c-4ed7-bab8-43b7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:12.000Z", "modified": "2016-07-02T18:01:12.000Z", "pattern": "[domain-name:value = 'diiimaria.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780169-bf84-4677-a72f-4e32950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:13.000Z", "modified": "2016-07-02T18:01:13.000Z", "pattern": "[domain-name:value = 'desha10.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780169-0664-45ee-b006-4e22950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:13.000Z", "modified": "2016-07-02T18:01:13.000Z", "pattern": "[domain-name:value = 'dataday3.no-ip.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780169-4104-4d2d-814f-4fd8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:13.000Z", "modified": "2016-07-02T18:01:13.000Z", "pattern": "[domain-name:value = 'darkanony0501.no-ip.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780169-073c-444a-add2-4868950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:13.000Z", "modified": "2016-07-02T18:01:13.000Z", "pattern": "[domain-name:value = 'cupidon.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57780169-612c-41dd-9a7a-4643950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:13.000Z", "modified": "2016-07-02T18:01:13.000Z", "pattern": "[domain-name:value = 'chrom.no-ip.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5778016a-fbac-40b6-b2b2-4070950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:14.000Z", "modified": "2016-07-02T18:01:14.000Z", "pattern": "[domain-name:value = 'bog5151.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5778016a-3700-41cf-acd6-49e0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:14.000Z", "modified": "2016-07-02T18:01:14.000Z", "pattern": "[domain-name:value = 'blackmind.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5778016a-9fac-44fc-993b-4150950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:14.000Z", "modified": "2016-07-02T18:01:14.000Z", "pattern": "[domain-name:value = 'albertino.no-ip.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5778016a-0c2c-4682-b7a3-4f2c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:14.000Z", "modified": "2016-07-02T18:01:14.000Z", "pattern": "[domain-name:value = 'adolf2013.sytes.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5778016a-b8b4-4b19-b761-487f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-07-02T18:01:14.000Z", "modified": "2016-07-02T18:01:14.000Z", "pattern": "[domain-name:value = 'adamdam.zapto.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-02T18:01:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }