{ "type": "bundle", "id": "bundle--546bba61-69d0-4c0e-8066-4942950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:56.000Z", "modified": "2014-11-18T21:47:56.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--546bba61-69d0-4c0e-8066-4942950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:56.000Z", "modified": "2014-11-18T21:47:56.000Z", "name": "OSINT ScanBox framework \u00e2\u20ac\u201c who\u00e2\u20ac\u2122s affected, and who\u00e2\u20ac\u2122s using it? by PWC", "published": "2016-02-22T14:24:04Z", "object_refs": [ "observed-data--546bba6b-9a8c-4bf5-89d1-f2ea950d210b", "url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b", "x-misp-attribute--546bba76-3cc8-4b33-9dfe-4606950d210b", "indicator--546bbb3e-4368-4df5-9ac8-c1e7950d210b", "indicator--546bbb3e-8954-4180-949f-c1e7950d210b", "indicator--546bbb3e-ce9c-4de3-b97a-c1e7950d210b", "indicator--546bbb3e-ee6c-4306-a2fa-c1e7950d210b", "indicator--546bbcc4-7f98-47cd-bd6f-f2ea950d210b", "indicator--546bbcc4-432c-4bf0-9de9-f2ea950d210b", "indicator--546bbcc4-20c4-4db3-80c2-f2ea950d210b", "indicator--546bbcc4-7060-4d50-a1c3-f2ea950d210b", "indicator--546bbcc4-0054-49a2-b302-f2ea950d210b", "indicator--546bbcc4-3404-4f9a-9be1-f2ea950d210b", "indicator--546bbcc4-6ad4-4729-bc19-f2ea950d210b", "indicator--546bbcc4-8698-46a1-ad1d-f2ea950d210b", "indicator--546bbcc4-4268-4365-a097-f2ea950d210b", "indicator--546bbcc4-bccc-4495-9216-f2ea950d210b", "indicator--546bbcc4-dc2c-43ea-9eed-f2ea950d210b", "indicator--546bbcc4-ec50-4d76-8c49-f2ea950d210b", "indicator--546bbcc4-0e94-478d-94c4-f2ea950d210b", "indicator--546bbcc4-3ccc-4472-992d-f2ea950d210b", "indicator--546bbcc5-e058-44ce-935f-f2ea950d210b", "indicator--546bbcc5-7f6c-4d20-8dd0-f2ea950d210b", "indicator--546bbcc5-ad04-44ff-b103-f2ea950d210b", "indicator--546bbcc5-57ec-447c-b898-f2ea950d210b", "indicator--546bbcc5-ac40-409f-871d-f2ea950d210b", "indicator--546bbcc5-fe4c-46e5-90eb-f2ea950d210b", "indicator--546bbcc5-2270-4453-972e-f2ea950d210b", "indicator--546bbcc5-48b0-430f-b8ae-f2ea950d210b", "indicator--546bbcc5-2f78-4bbe-b20f-f2ea950d210b", "indicator--546bbcc5-9a3c-45ce-8c7a-f2ea950d210b", "indicator--546bbcc5-4a1c-4230-8080-f2ea950d210b", "indicator--546bbcc5-3968-4998-a10e-f2ea950d210b", "indicator--546bbcc5-0054-4e5b-b4e9-f2ea950d210b", "indicator--546bbcc5-e040-4cb5-b7b9-f2ea950d210b", "indicator--546bbcc5-c16c-4b4a-9c65-f2ea950d210b", "indicator--546bbcc5-631c-4c8b-9b12-f2ea950d210b", "x-misp-attribute--546bbce2-d558-4d16-936a-40b5950d210b", "indicator--546bbcf6-4424-45e3-8311-c1e7950d210b", "indicator--546bbcf6-c62c-4f4e-ba03-c1e7950d210b", "indicator--546bbcf6-fc9c-41ae-a644-c1e7950d210b", "indicator--546bbcf7-ef90-4599-83e3-c1e7950d210b", "indicator--546bbcf7-5688-4d06-a32a-c1e7950d210b", "x-misp-attribute--546bbd4e-8f78-4624-94a5-4549950d210b", "x-misp-attribute--546bbd4e-a0c8-4f0f-8907-4b0e950d210b", "x-misp-attribute--546bbd4e-acc4-48dd-9b77-4d9a950d210b", "x-misp-attribute--546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b", "x-misp-attribute--546bbd4e-ccb0-4125-934c-4d79950d210b", "x-misp-attribute--546bbd4e-f8f8-4b00-9d87-4fb6950d210b", "x-misp-attribute--546bbd4e-1e74-4c4e-9270-438a950d210b", "x-misp-attribute--546bbd4e-11f0-4f71-8e09-484c950d210b", "indicator--546bbdd9-cfe4-4981-a196-427b950d210b", "indicator--546bbdd9-3350-4dcd-a976-4613950d210b", "indicator--546bbdd9-105c-45b3-8d3d-44f4950d210b", "indicator--546bbdd9-a580-4fc3-9500-40ab950d210b", "indicator--546bbdd9-77c8-4316-80b3-443f950d210b", "indicator--546bbdd9-42c0-41ab-8658-4651950d210b", "indicator--546bbdd9-cf38-4e46-b166-4361950d210b", "indicator--546bbdd9-09e8-441e-8ce3-43ca950d210b", "indicator--546bbdda-39c8-4b05-82f6-4974950d210b", "indicator--546bbdda-3ce8-4279-a9d8-4c0b950d210b", "indicator--546bbdda-d4a4-43cd-a0d7-42b1950d210b", "indicator--546bbdda-7a08-4763-a01e-40e6950d210b", "indicator--546bbdda-3610-4dca-ae68-482e950d210b", "indicator--546bbdf4-7fd4-4468-8b42-48d8950d210b", "indicator--546bbdf4-58bc-4c7f-9c82-42cf950d210b", "indicator--546bbdf4-a8d4-41c5-9605-4022950d210b", "indicator--546bbdf4-738c-4064-a280-4610950d210b", "indicator--546bbdf4-78b8-4695-ba4b-46a3950d210b", "indicator--546bbdf5-d00c-488f-9f54-488b950d210b", "indicator--546bbdf5-8da8-431a-8e6d-4cab950d210b", "indicator--546bbdf5-69b8-4be7-a1d7-4b7a950d210b", "indicator--546bbdf5-4f44-4b35-8668-47b7950d210b", "indicator--546bbdf5-3e18-40da-814d-47c1950d210b", "indicator--546bbdf5-c948-4282-9089-4833950d210b", "indicator--546bbdf5-25d0-487f-9cd1-4f32950d210b", "indicator--546bbdf5-83fc-4077-a35d-4319950d210b", "indicator--546bbdf5-e768-4f05-ad93-4a80950d210b", "indicator--546bbdf5-decc-4e66-a846-4887950d210b", "indicator--546bbdf5-62d0-4e9f-8e06-45d9950d210b", "indicator--546bbdf5-93f4-440e-aeb1-4a9f950d210b", "indicator--546bbdf5-36f4-4098-8327-4437950d210b", "indicator--546bbdf5-9568-4717-8c9a-46b9950d210b", "indicator--546bbdf5-c33c-4cc2-addd-4476950d210b", "indicator--546bbdf5-6210-425a-87cc-4bc5950d210b", "indicator--546bbdf6-57a8-4218-bc08-4746950d210b", "indicator--546bbdf6-7190-4839-a303-4142950d210b", "indicator--546bbdf6-d510-4776-bc3f-42c3950d210b", "indicator--546bbdf6-edb4-415a-be1b-45f3950d210b", "indicator--546bbdf6-e4ac-470f-85f8-4522950d210b", "indicator--546bbdf6-7df8-405b-a3a5-4b20950d210b", "indicator--546bbdf6-5c80-480d-a5e5-4de5950d210b", "indicator--546bbdf6-60a4-4ec3-a5a9-4ea3950d210b", "indicator--546bbdf6-fff0-4482-8e4e-4aa8950d210b", "indicator--546bbdf6-0988-4b57-9817-409d950d210b", "indicator--546bbdf6-f7b4-40b1-bf9b-4f19950d210b", "indicator--546bbdf6-691c-414a-8a4a-4544950d210b", "indicator--546bbdf6-cc5c-4130-8069-4b57950d210b", "indicator--546bbdf6-9604-437e-b5a3-4c1a950d210b", "indicator--546bbdf6-ad20-4d88-97b8-42ba950d210b", "indicator--546bbdf6-ae10-4d34-b1b6-4f55950d210b", "indicator--546bbdf6-5de8-407d-89c7-4981950d210b", "indicator--546bbdf7-b6ec-4578-a13f-422d950d210b", "indicator--546bbdf7-906c-47dd-9451-4022950d210b", "indicator--546bbdf7-73c4-489e-9934-4af3950d210b", "indicator--546bbdf7-e34c-4b8a-9f8b-46c7950d210b", "indicator--546bbdf7-0b60-4dc1-9ad9-4f32950d210b", "indicator--546bbdf7-dc60-4584-ae1e-4e4e950d210b", "indicator--546bbdf7-e2f8-452a-920e-4de6950d210b", "indicator--546bbdf7-8a14-4832-bf9d-4568950d210b", "indicator--546bbdf7-4424-4ef2-8734-45ba950d210b", "indicator--546bbdf7-fd88-4ffc-b261-484f950d210b", "indicator--546bbdf7-a440-4b39-89ae-4136950d210b", "indicator--546bbdf7-0cac-41d4-80b7-4dc7950d210b", "indicator--546bbdf7-bddc-4690-b3cd-435f950d210b", "indicator--546bbdf7-8f14-46eb-8eb9-4ca2950d210b", "indicator--546bbdf7-e5e4-4414-a817-45ad950d210b", "indicator--546bbe8c-2b00-4cd0-b6b0-467c950d210b", "indicator--546bbe8c-af58-4742-808c-435c950d210b", "indicator--546bbe8d-4bf4-4563-84f4-42a2950d210b", "indicator--546bbe8d-fbb8-4283-a2b7-4755950d210b", "indicator--546bbe8d-a95c-47dc-a98c-4d6d950d210b", "indicator--546bbe8d-4934-48e1-9f52-4b0d950d210b", "indicator--546bbe8d-461c-4be5-9121-45ff950d210b", "indicator--56c645e3-80e8-4b89-bbbf-599e950d210f", "indicator--56c645e5-ed90-41b7-98dc-59a0950d210f", "indicator--56c645e7-596c-4636-bce9-59a3950d210f", "indicator--56c645e4-8bec-477d-805a-44b8950d210f", "indicator--56c645e6-a24c-4f4c-912a-599f950d210f", "indicator--56c645e8-20e0-4063-8968-4832950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--546bba6b-9a8c-4bf5-89d1-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:30:19.000Z", "modified": "2014-11-18T21:30:19.000Z", "first_observed": "2014-11-18T21:30:19Z", "last_observed": "2014-11-18T21:30:19Z", "number_observed": 1, "object_refs": [ "url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b", "value": "http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bba76-3cc8-4b33-9dfe-4606950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:30:30.000Z", "modified": "2014-11-18T21:30:30.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Scanbox" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbb3e-4368-4df5-9ac8-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:33:50.000Z", "modified": "2014-11-18T21:33:50.000Z", "pattern": "[domain-name:value = 'js.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:33:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbb3e-8954-4180-949f-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:33:50.000Z", "modified": "2014-11-18T21:33:50.000Z", "pattern": "[domain-name:value = 'code.googlecaches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:33:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbb3e-ce9c-4de3-b97a-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:33:50.000Z", "modified": "2014-11-18T21:33:50.000Z", "pattern": "[domain-name:value = 'news.foundationssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:33:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbb3e-ee6c-4306-a2fa-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:33:50.000Z", "modified": "2014-11-18T21:33:50.000Z", "pattern": "[domain-name:value = 'qoog1e.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:33:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-7f98-47cd-bd6f-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.246.247.246']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-432c-4bf0-9de9-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.61.114']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-20c4-4db3-80c2-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.61.39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-7060-4d50-a1c3-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.201.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-0054-49a2-b302-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.153.201']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-3404-4f9a-9be1-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.10.210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-6ad4-4729-bc19-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.9.109']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-8698-46a1-ad1d-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.108.111.209']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-4268-4365-a097-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.53.22.143']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-bccc-4495-9216-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.206.225']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-dc2c-43ea-9eed-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.163.121']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-ec50-4d76-8c49-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.82.123.222']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-0e94-478d-94c4-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.82.46.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc4-3ccc-4472-992d-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:20.000Z", "modified": "2014-11-18T21:40:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.61.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-e058-44ce-935f-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.96.92.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-7f6c-4d20-8dd0-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.152.198.100']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-ad04-44ff-b103-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.0.176.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-57ec-447c-b898-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.0.176.23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-ac40-409f-871d-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.114']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-fe4c-46e5-90eb-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.32']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-2270-4453-972e-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.39']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-48b0-430f-b8ae-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-2f78-4bbe-b20f-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.86.145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-9a3c-45ce-8c7a-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.96.172.209']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-4a1c-4230-8080-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.197.231.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-3968-4998-a10e-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.146.80']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-0054-4e5b-b4e9-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.142']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-e040-4cb5-b7b9-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.152']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-c16c-4b4a-9c65-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.159']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcc5-631c-4c8b-9b12-f2ea950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:21.000Z", "modified": "2014-11-18T21:40:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:40:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbce2-d558-4d16-936a-40b5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:40:50.000Z", "modified": "2014-11-18T21:40:50.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David Andr\u00c3\u00a9" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcf6-4424-45e3-8311-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:41:10.000Z", "modified": "2014-11-18T21:41:10.000Z", "pattern": "[file:hashes.MD5 = 'ef498ea09bf51b002fc7eb3dfd0d19d3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:41:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcf6-c62c-4f4e-ba03-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:41:10.000Z", "modified": "2014-11-18T21:41:10.000Z", "pattern": "[file:hashes.MD5 = '409ae279d7c44b11156318848ddb4a3f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:41:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcf6-fc9c-41ae-a644-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:41:10.000Z", "modified": "2014-11-18T21:41:10.000Z", "pattern": "[file:hashes.MD5 = '9cf5523da799277a4d40881199eb8325']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:41:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcf7-ef90-4599-83e3-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:41:10.000Z", "modified": "2014-11-18T21:41:10.000Z", "pattern": "[file:hashes.MD5 = '9d1f8822b92ad3224db1c9ec89b529ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:41:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbcf7-5688-4d06-a32a-c1e7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:41:11.000Z", "modified": "2014-11-18T21:41:11.000Z", "pattern": "[file:hashes.MD5 = 'be3a3daa7d0d11df2380d3401696624a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:41:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-8f78-4624-94a5-4549950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "james_boodle@yahoo.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-a0c8-4f0f-8907-4b0e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "li2384826402@yahoo.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-acc4-48dd-9b77-4d9a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "networkedu@hotmail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "qinyz001@163.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-ccb0-4125-934c-4d79950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "some.trouble@yahoo.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-f8f8-4b00-9d87-4fb6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "wangsongxu@gmail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-1e74-4c4e-9270-438a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "xingyadi2008@gmail.com" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--546bbd4e-11f0-4f71-8e09-484c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:42:38.000Z", "modified": "2014-11-18T21:42:38.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Attribution\"" ], "x_misp_category": "Attribution", "x_misp_type": "text", "x_misp_value": "yuming@yinsibaohu.aliyun.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-cfe4-4981-a196-427b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = '9aaa.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-3350-4dcd-a976-4613950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'educationel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-105c-45b3-8d3d-44f4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'foundationssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-a580-4fc3-9500-40ab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'googlecaches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-77c8-4316-80b3-443f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'googlewebcache.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-42c0-41ab-8658-4651950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'hudsononlinenews.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-cf38-4e46-b166-4361950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'lifewalden.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdd9-09e8-441e-8ce3-43ca950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdda-39c8-4b05-82f6-4974950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:57.000Z", "modified": "2014-11-18T21:44:57.000Z", "pattern": "[domain-name:value = 'msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdda-3ce8-4279-a9d8-4c0b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:58.000Z", "modified": "2014-11-18T21:44:58.000Z", "pattern": "[domain-name:value = 'outlookssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdda-d4a4-43cd-a0d7-42b1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:58.000Z", "modified": "2014-11-18T21:44:58.000Z", "pattern": "[domain-name:value = 'qoog1e.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdda-7a08-4763-a01e-40e6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:58.000Z", "modified": "2014-11-18T21:44:58.000Z", "pattern": "[domain-name:value = 'webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdda-3610-4dca-ae68-482e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:44:58.000Z", "modified": "2014-11-18T21:44:58.000Z", "pattern": "[domain-name:value = 'windowsautoupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:44:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf4-7fd4-4468-8b42-48d8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:24.000Z", "modified": "2014-11-18T21:45:24.000Z", "pattern": "[domain-name:value = 'blog.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf4-58bc-4c7f-9c82-42cf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:24.000Z", "modified": "2014-11-18T21:45:24.000Z", "pattern": "[domain-name:value = 'blog.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf4-a8d4-41c5-9605-4022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:24.000Z", "modified": "2014-11-18T21:45:24.000Z", "pattern": "[domain-name:value = 'blogs.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf4-738c-4064-a280-4610950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:24.000Z", "modified": "2014-11-18T21:45:24.000Z", "pattern": "[domain-name:value = 'boxun.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf4-78b8-4695-ba4b-46a3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:24.000Z", "modified": "2014-11-18T21:45:24.000Z", "pattern": "[domain-name:value = 'ccac.dyndns-web.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-d00c-488f-9f54-488b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'dns.symantec-sync.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-8da8-431a-8e6d-4cab950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'download.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-69b8-4be7-a1d7-4b7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'download.symantec-sync.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-4f44-4b35-8668-47b7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'email.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-3e18-40da-814d-47c1950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'files.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-c948-4282-9089-4833950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'flash0day.4pu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-25d0-487f-9cd1-4f32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'flashplayer.proxydns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-83fc-4077-a35d-4319950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'ftp.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-e768-4f05-ad93-4a80950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'googlebot1.dyndns-office.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-decc-4e66-a846-4887950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'googlebot5.dyndns-office.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-62d0-4e9f-8e06-45d9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'image.googlecaches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-93f4-440e-aeb1-4a9f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'image.symantec-sync.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-36f4-4098-8327-4437950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'images.googlewebcache.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-9568-4717-8c9a-46b9950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'imap.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-c33c-4cc2-addd-4476950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'inbox.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf5-6210-425a-87cc-4bc5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:25.000Z", "modified": "2014-11-18T21:45:25.000Z", "pattern": "[domain-name:value = 'inbox.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-57a8-4218-bc08-4746950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'lenovocn.dyndns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-7190-4839-a303-4142950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'mail.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-d510-4776-bc3f-42c3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'news.educationel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-edb4-415a-be1b-45f3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'news.googlecaches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-e4ac-470f-85f8-4522950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'news.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-7df8-405b-a3a5-4b20950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'news.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-5c80-480d-a5e5-4de5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'pop.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-60a4-4ec3-a5a9-4ea3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'proxy.otzo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-fff0-4482-8e4e-4aa8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'remote.googlewebcache.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-0988-4b57-9817-409d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'shared.images.googlewebcache.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-f7b4-40b1-bf9b-4f19950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'smtp.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-691c-414a-8a4a-4544950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'smtp.outlookssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-cc5c-4130-8069-4b57950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'smtp.windowsautoupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-9604-437e-b5a3-4c1a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'socks5.proxydns.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-ad20-4d88-97b8-42ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'symantec-sync.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-ae10-4d34-b1b6-4f55950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'tem.dyndns.tv']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf6-5de8-407d-89c7-4981950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:26.000Z", "modified": "2014-11-18T21:45:26.000Z", "pattern": "[domain-name:value = 'test.googlecaches.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-b6ec-4578-a13f-422d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'update.windowsautoupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-906c-47dd-9451-4022950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'upload.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-73c4-489e-9934-4af3950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'vpn.foundationssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-e34c-4b8a-9f8b-46c7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'vpn.ssl443.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-0b60-4dc1-9ad9-4f32950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'web.windowsautoupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-dc60-4584-ae1e-4e4e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.educationel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-e2f8-452a-920e-4de6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.foundationssl.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-8a14-4832-bf9d-4568950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.hudsononlinenews.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-4424-4ef2-8734-45ba950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-fd88-4ffc-b261-484f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.msdnblog.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-a440-4b39-89ae-4136950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.qoog1e.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-0cac-41d4-80b7-4dc7950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.webmailgoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-bddc-4690-b3cd-435f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'www.windowsautoupdate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-8f14-46eb-8eb9-4ca2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'yahoo.mailaunch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbdf7-e5e4-4414-a817-45ad950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:45:27.000Z", "modified": "2014-11-18T21:45:27.000Z", "pattern": "[domain-name:value = 'zhfdc.dyndns.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-18T21:45:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8c-2b00-4cd0-b6b0-467c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:56.000Z", "modified": "2014-11-18T21:47:56.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Plugin used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"=scanbox.info.\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8c-af58-4742-808c-435c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:56.000Z", "modified": "2014-11-18T21:47:56.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Java Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"\\\"No Java or Disable\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8d-4bf4-4563-84f4-42a2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:57.000Z", "modified": "2014-11-18T21:47:57.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework AV Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"avg2012check()\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8d-fbb8-4283-a2b7-4755950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:57.000Z", "modified": "2014-11-18T21:47:57.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework and legitimate websites Flash Detection\"; flow:from_server,established; file_data; content:\"var flash=function(){}\\;flash.prototype.controlVersion=function\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8d-a95c-47dc-a98c-4d6d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:57.000Z", "modified": "2014-11-18T21:47:57.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Local IP Detection\"; flow:from_server,established; file_data; content:\"if (evt.candidate) grepSDP(evt.candidate.candidate)\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8d-4934-48e1-9f52-4b0d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:57.000Z", "modified": "2014-11-18T21:47:57.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Javscript Keylogging\"; flow:from_server,established; file_data; content:\"CapsLock=currKey>=65&&currKey<=90\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--546bbe8d-461c-4be5-9121-45ff950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-18T21:47:57.000Z", "modified": "2014-11-18T21:47:57.000Z", "pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Navigator Plugin Detection\"; flow:from_server,established; file_data; content:\"navigator.plugins[x].filename.replace(/,/g,\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]", "pattern_type": "snort", "valid_from": "2014-11-18T21:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"snort\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e3-80e8-4b89-bbbf-599e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:29:55.000Z", "modified": "2016-02-18T22:29:55.000Z", "description": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)", "pattern": "[file:hashes.SHA1 = 'e8a8ffe39040fe36e95217b4e4f1316177d675ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:29:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e5-ed90-41b7-98dc-59a0950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:29:57.000Z", "modified": "2016-02-18T22:29:57.000Z", "description": "Automatically added (via 9cf5523da799277a4d40881199eb8325)", "pattern": "[file:hashes.SHA1 = '809959f390d5a49c8999ad6fff27fdc92ff1b2b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:29:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e7-596c-4636-bce9-59a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:29:59.000Z", "modified": "2016-02-18T22:29:59.000Z", "description": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)", "pattern": "[file:hashes.SHA1 = 'f1890cc9d6dc84021426834063394539414f68d8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:29:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e4-8bec-477d-805a-44b8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:29:56.000Z", "modified": "2016-02-18T22:29:56.000Z", "description": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)", "pattern": "[file:hashes.SHA256 = 'ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:29:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e6-a24c-4f4c-912a-599f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:29:58.000Z", "modified": "2016-02-18T22:29:58.000Z", "description": "Automatically added (via 9cf5523da799277a4d40881199eb8325)", "pattern": "[file:hashes.SHA256 = '4639c30b3666cb11b3927d5579790a88bff68e8137f18241f4693e0d4539c608']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:29:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56c645e8-20e0-4063-8968-4832950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2016-02-18T22:30:00.000Z", "modified": "2016-02-18T22:30:00.000Z", "description": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)", "pattern": "[file:hashes.SHA256 = '3112420afeb829a575ba46512314c0fab2fc80870c153de35cde4d3140a2dd26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-18T22:30:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }