{ "type": "bundle", "id": "bundle--56266091-a774-467e-b0f8-4d9c950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:35:56.000Z", "modified": "2015-12-22T14:35:56.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56266091-a774-467e-b0f8-4d9c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:35:56.000Z", "modified": "2015-12-22T14:35:56.000Z", "name": "OSINT Pay No Attention to the Server Behind the Proxy: Mapping FinFisher\u00e2\u20ac\u2122s Continuing Proliferation by Citizen Lab", "published": "2015-11-05T15:27:50Z", "object_refs": [ "observed-data--562660e7-4764-4382-ba31-4ea2950d210b", "url--562660e7-4764-4382-ba31-4ea2950d210b", "indicator--562662b4-1140-4793-8ef8-431b950d210b", "indicator--562662b5-a1f8-438d-a4fd-431b950d210b", "indicator--562662b5-0724-41a2-8447-431b950d210b", "indicator--562662b5-fa90-4116-bb04-431b950d210b", "indicator--562662b6-3008-4959-9571-431b950d210b", "indicator--562662b6-90f0-42a5-908e-431b950d210b", "indicator--562662b7-f508-454c-ac53-431b950d210b", "indicator--562662b7-8e44-441d-a45c-431b950d210b", "indicator--562662b7-8ab0-419f-b71e-431b950d210b", "indicator--562662b8-02bc-44c5-9d59-431b950d210b", "indicator--562662b9-6eb0-4a23-a7f0-431b950d210b", "indicator--562662b9-9790-40cc-8d4a-431b950d210b", "indicator--562662b9-d808-4e0e-b3c3-431b950d210b", "indicator--562662ba-f03c-45ee-bb92-431b950d210b", "indicator--562662ba-0d64-4643-86e5-431b950d210b", "indicator--562662bb-f058-4639-9a04-431b950d210b", "indicator--562662bb-33d0-418a-96ff-431b950d210b", "indicator--562662bb-f3a8-4faa-a1a0-431b950d210b", "indicator--562662bc-9070-48ef-8156-431b950d210b", "observed-data--562662bc-62d8-4480-8488-431b950d210b", "network-traffic--562662bc-62d8-4480-8488-431b950d210b", "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b", "indicator--562662bd-e2e4-431e-b611-431b950d210b", "indicator--562662bd-ad60-47de-9df6-431b950d210b", "indicator--562662be-cb74-4ef4-9c7f-431b950d210b", "indicator--562662be-5ea8-4a57-9450-431b950d210b", "indicator--562662be-5fb4-46df-9c41-431b950d210b", "indicator--562662bf-7790-4849-87a5-431b950d210b", "indicator--562662bf-f128-4ef6-8a70-431b950d210b", "indicator--562662c0-2940-45e7-a806-431b950d210b", "indicator--562662c0-cd50-42d1-bbbf-431b950d210b", "indicator--562662c0-f4b4-4802-90a8-431b950d210b", "indicator--562662c1-bc20-46fa-8c38-431b950d210b", "indicator--562662c1-83dc-45f0-a91a-431b950d210b", "indicator--562662c2-7f5c-484d-b8f4-431b950d210b", "indicator--562662c2-d2e8-41c9-a93d-431b950d210b", "indicator--5626641f-3868-460a-83b6-431b950d210b", "indicator--56266420-a3d8-4bab-a13f-431b950d210b", "indicator--56266420-6e24-4b43-9bbf-431b950d210b", "indicator--56266421-12a8-40ef-bf88-431b950d210b", "indicator--56266421-b968-4fed-b0f9-431b950d210b", "indicator--56266422-e1e0-42c2-ad42-431b950d210b", "indicator--56266422-e228-410c-9e84-431b950d210b", "indicator--56266422-d968-4fb6-822a-431b950d210b", "indicator--56266423-80d4-48bc-a89b-431b950d210b", "indicator--56266531-f698-405d-b709-432e950d210b", "indicator--56266532-5628-4c7f-8f0f-432e950d210b", "observed-data--56266532-a820-4819-bb9d-432e950d210b", "url--56266532-a820-4819-bb9d-432e950d210b", "indicator--56266533-3a48-4a84-9b40-432e950d210b", "indicator--56266533-5320-4fdc-8de7-432e950d210b", "observed-data--56266533-33d4-48ae-a553-432e950d210b", "url--56266533-33d4-48ae-a553-432e950d210b", "indicator--56266534-6460-4878-b7ed-432e950d210b", "observed-data--56266534-8d84-4c98-8e82-432e950d210b", "url--56266534-8d84-4c98-8e82-432e950d210b", "indicator--56266535-3ecc-4379-937d-432e950d210b", "indicator--56266535-8ddc-4658-b1c3-432e950d210b", "observed-data--56266535-5a00-4a05-9850-432e950d210b", "url--56266535-5a00-4a05-9850-432e950d210b", "indicator--56266536-c094-4474-a143-432e950d210b", "indicator--56266536-7fe8-42a9-bfe2-432e950d210b", "observed-data--56266537-23d0-48a2-b897-432e950d210b", "url--56266537-23d0-48a2-b897-432e950d210b", "indicator--56266537-f308-400a-acca-432e950d210b", "indicator--56266537-d774-412f-9835-432e950d210b", "observed-data--56266538-a9fc-469b-903e-432e950d210b", "url--56266538-a9fc-469b-903e-432e950d210b", "indicator--56266538-1904-4744-9993-432e950d210b", "indicator--56266538-a5d0-484c-9faa-432e950d210b", "observed-data--56266539-4848-4794-b0dc-432e950d210b", "url--56266539-4848-4794-b0dc-432e950d210b", "indicator--56266539-c514-478b-b868-432e950d210b", "indicator--5626653a-27a0-41f9-9e77-432e950d210b", "observed-data--5626653a-0084-4b65-a86f-432e950d210b", "url--5626653a-0084-4b65-a86f-432e950d210b", "indicator--562665f4-171c-4c6f-b471-432e950d210b", "indicator--562665f4-6c30-4efd-887c-432e950d210b", "indicator--562665f5-afec-4d12-94bf-432e950d210b", "indicator--56266694-656c-4cf8-9c4e-432e950d210b", "indicator--56266695-8bf4-4ddf-ab03-432e950d210b", "indicator--56795fcc-8df8-4ac3-9fa1-49d5950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--562660e7-4764-4382-ba31-4ea2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:42:31.000Z", "modified": "2015-10-20T15:42:31.000Z", "first_observed": "2015-10-20T15:42:31Z", "last_observed": "2015-10-20T15:42:31Z", "number_observed": 1, "object_refs": [ "url--562660e7-4764-4382-ba31-4ea2950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--562660e7-4764-4382-ba31-4ea2950d210b", "value": "https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b4-1140-4793-8ef8-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:12.000Z", "modified": "2015-10-20T15:50:12.000Z", "pattern": "[file:hashes.SHA256 = '1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b5-a1f8-438d-a4fd-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:13.000Z", "modified": "2015-10-20T15:50:13.000Z", "pattern": "[file:hashes.SHA256 = '94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b5-0724-41a2-8447-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:13.000Z", "modified": "2015-10-20T15:50:13.000Z", "pattern": "[domain-name:value = 'oogle.wwwhost.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b5-fa90-4116-bb04-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:13.000Z", "modified": "2015-10-20T15:50:13.000Z", "pattern": "[domain-name:value = 'google.wwwhost.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b6-3008-4959-9571-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:14.000Z", "modified": "2015-10-20T15:50:14.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.74.241.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b6-90f0-42a5-908e-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:14.000Z", "modified": "2015-10-20T15:50:14.000Z", "pattern": "[domain-name:value = 'info.dynamic-dns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b7-f508-454c-ac53-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:15.000Z", "modified": "2015-10-20T15:50:15.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.48.59']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b7-8e44-441d-a45c-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:15.000Z", "modified": "2015-10-20T15:50:15.000Z", "pattern": "[domain-name:value = 'update.ciscofreak.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b7-8ab0-419f-b71e-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:39.000Z", "modified": "2015-10-20T15:56:39.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.220.246.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b8-02bc-44c5-9d59-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:51:46.000Z", "modified": "2015-10-20T15:51:46.000Z", "pattern": "[domain-name:value = 'uae.kim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:51:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b9-6eb0-4a23-a7f0-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:17.000Z", "modified": "2015-10-20T15:50:17.000Z", "pattern": "[domain-name:value = 'r.ddns.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b9-9790-40cc-8d4a-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:17.000Z", "modified": "2015-10-20T15:50:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.125.158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662b9-d808-4e0e-b3c3-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:17.000Z", "modified": "2015-10-20T15:50:17.000Z", "pattern": "[domain-name:value = 'a.ddns.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662ba-f03c-45ee-bb92-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:18.000Z", "modified": "2015-10-20T15:50:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.3.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662ba-0d64-4643-86e5-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:18.000Z", "modified": "2015-10-20T15:50:18.000Z", "pattern": "[domain-name:value = 'test.cable-modem.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bb-f058-4639-9a04-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:19.000Z", "modified": "2015-10-20T15:50:19.000Z", "pattern": "[file:hashes.MD5 = '64c1ef8e0923bf44aaa96caeb28a6c11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bb-33d0-418a-96ff-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:19.000Z", "modified": "2015-10-20T15:50:19.000Z", "pattern": "[domain-name:value = 'googlecombq6xx.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bb-f3a8-4faa-a1a0-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:19.000Z", "modified": "2015-10-20T15:50:19.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.28']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bc-9070-48ef-8156-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:20.000Z", "modified": "2015-10-20T15:50:20.000Z", "pattern": "[domain-name:value = 'tvnew.otzo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--562662bc-62d8-4480-8488-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-11-05T15:27:44.000Z", "modified": "2015-11-05T15:27:44.000Z", "first_observed": "2015-11-05T15:27:44Z", "last_observed": "2015-11-05T15:27:44Z", "number_observed": 1, "object_refs": [ "network-traffic--562662bc-62d8-4480-8488-431b950d210b", "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--562662bc-62d8-4480-8488-431b950d210b", "dst_ref": "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--562662bc-62d8-4480-8488-431b950d210b", "value": "172.227.95.162" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bd-e2e4-431e-b611-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:21.000Z", "modified": "2015-10-20T15:50:21.000Z", "pattern": "[file:hashes.MD5 = '57ab5f60198d311226cdc246598729ea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bd-ad60-47de-9df6-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:57:35.000Z", "modified": "2015-10-20T15:57:35.000Z", "pattern": "[domain-name:value = 'google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:57:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662be-cb74-4ef4-9c7f-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:22.000Z", "modified": "2015-10-20T15:50:22.000Z", "pattern": "[domain-name:value = 'natco1.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662be-5ea8-4a57-9450-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:22.000Z", "modified": "2015-10-20T15:50:22.000Z", "pattern": "[domain-name:value = 'natco2.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662be-5fb4-46df-9c41-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:22.000Z", "modified": "2015-10-20T15:50:22.000Z", "pattern": "[domain-name:value = 'natco3.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bf-7790-4849-87a5-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:23.000Z", "modified": "2015-10-20T15:50:23.000Z", "pattern": "[domain-name:value = 'natco4.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662bf-f128-4ef6-8a70-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:23.000Z", "modified": "2015-10-20T15:50:23.000Z", "pattern": "[domain-name:value = 'natco5.no-ip.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c0-2940-45e7-a806-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:24.000Z", "modified": "2015-10-20T15:50:24.000Z", "pattern": "[file:hashes.SHA256 = '22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c0-cd50-42d1-bbbf-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:24.000Z", "modified": "2015-10-20T15:50:24.000Z", "pattern": "[url:value = 'http://workingulf.net/dfserv.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c0-f4b4-4802-90a8-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:24.000Z", "modified": "2015-10-20T15:50:24.000Z", "pattern": "[file:hashes.SHA256 = 'e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c1-bc20-46fa-8c38-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:25.000Z", "modified": "2015-10-20T15:50:25.000Z", "pattern": "[domain-name:value = 'workingulf.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c1-83dc-45f0-a91a-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:25.000Z", "modified": "2015-10-20T15:50:25.000Z", "pattern": "[file:hashes.SHA256 = 'd759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c2-7f5c-484d-b8f4-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:26.000Z", "modified": "2015-10-20T15:50:26.000Z", "pattern": "[url:value = 'http://wp.piedslibres.com/wp/wp-includes/js/next.scr']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562662c2-d2e8-41c9-a93d-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:50:26.000Z", "modified": "2015-10-20T15:50:26.000Z", "pattern": "[file:hashes.SHA256 = '08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:50:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5626641f-3868-460a-83b6-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:15.000Z", "modified": "2015-10-20T15:56:15.000Z", "pattern": "[file:hashes.MD5 = 'b53c492168e5b389b0e6a2fc8b4355f5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266420-a3d8-4bab-a13f-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:16.000Z", "modified": "2015-10-20T15:56:16.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.59.240.98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266420-6e24-4b43-9bbf-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:16.000Z", "modified": "2015-10-20T15:56:16.000Z", "pattern": "[domain-name:value = 'news.redirectme.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266421-12a8-40ef-bf88-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:17.000Z", "modified": "2015-10-20T15:56:17.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.123.112.5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266421-b968-4fed-b0f9-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:17.000Z", "modified": "2015-10-20T15:56:17.000Z", "pattern": "[domain-name:value = 'docs.gmailserver.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266422-e1e0-42c2-ad42-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:18.000Z", "modified": "2015-10-20T15:56:18.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.123.112.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266422-e228-410c-9e84-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:18.000Z", "modified": "2015-10-20T15:56:18.000Z", "pattern": "[domain-name:value = 'office.gmailserver.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266422-d968-4fb6-822a-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:18.000Z", "modified": "2015-10-20T15:56:18.000Z", "pattern": "[domain-name:value = 'verify-login.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266423-80d4-48bc-a89b-431b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T15:56:19.000Z", "modified": "2015-10-20T15:56:19.000Z", "pattern": "[domain-name:value = 'western.gmailserver.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T15:56:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266531-f698-405d-b709-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:49.000Z", "modified": "2015-10-20T16:00:49.000Z", "description": "- Xchecked via VT: 08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655", "pattern": "[file:hashes.SHA1 = '44529ffbfeb5bdfab852795c6d995616522ae63d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266532-5628-4c7f-8f0f-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:50.000Z", "modified": "2015-10-20T16:00:50.000Z", "description": "- Xchecked via VT: 08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655", "pattern": "[file:hashes.MD5 = '6b8f4dcfea0b4e9cbeb19cfad7f11e9e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266532-a820-4819-bb9d-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:50.000Z", "modified": "2015-10-20T16:00:50.000Z", "first_observed": "2015-10-20T16:00:50Z", "last_observed": "2015-10-20T16:00:50Z", "number_observed": 1, "object_refs": [ "url--56266532-a820-4819-bb9d-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266532-a820-4819-bb9d-432e950d210b", "value": "https://www.virustotal.com/file/08b32da8995ae094bfb703d7d975c3816cf04c075c32281e51158164d76cd655/analysis/1444961310/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266533-3a48-4a84-9b40-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:51.000Z", "modified": "2015-10-20T16:00:51.000Z", "description": "- Xchecked via VT: d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8", "pattern": "[file:hashes.SHA1 = '5ef1bf0fbc1e7543e65558bea6090ae2f92ec756']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266533-5320-4fdc-8de7-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:51.000Z", "modified": "2015-10-20T16:00:51.000Z", "description": "- Xchecked via VT: d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8", "pattern": "[file:hashes.MD5 = '111a622b041bf2e9813c831ef46403b5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266533-33d4-48ae-a553-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:51.000Z", "modified": "2015-10-20T16:00:51.000Z", "first_observed": "2015-10-20T16:00:51Z", "last_observed": "2015-10-20T16:00:51Z", "number_observed": 1, "object_refs": [ "url--56266533-33d4-48ae-a553-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266533-33d4-48ae-a553-432e950d210b", "value": "https://www.virustotal.com/file/d759dcbebee18a65fda434ba1da5d348c16d9d3775fe1652a1dacf983ffc93b8/analysis/1432824292/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266534-6460-4878-b7ed-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:52.000Z", "modified": "2015-10-20T16:00:52.000Z", "description": "- Xchecked via VT: e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119", "pattern": "[file:hashes.SHA1 = '874e41967e8c34b444ccecd365add06ab263165e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266534-8d84-4c98-8e82-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:52.000Z", "modified": "2015-10-20T16:00:52.000Z", "first_observed": "2015-10-20T16:00:52Z", "last_observed": "2015-10-20T16:00:52Z", "number_observed": 1, "object_refs": [ "url--56266534-8d84-4c98-8e82-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266534-8d84-4c98-8e82-432e950d210b", "value": "https://www.virustotal.com/file/e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119/analysis/1444961305/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266535-3ecc-4379-937d-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:53.000Z", "modified": "2015-10-20T16:00:53.000Z", "description": "- Xchecked via VT: 22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114", "pattern": "[file:hashes.SHA1 = '41e9c2e4935a2b39c7b5b066588986a363c58390']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266535-8ddc-4658-b1c3-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:53.000Z", "modified": "2015-10-20T16:00:53.000Z", "description": "- Xchecked via VT: 22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114", "pattern": "[file:hashes.MD5 = '3e766f5cedbc5a669622ced136f53fc9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266535-5a00-4a05-9850-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:53.000Z", "modified": "2015-10-20T16:00:53.000Z", "first_observed": "2015-10-20T16:00:53Z", "last_observed": "2015-10-20T16:00:53Z", "number_observed": 1, "object_refs": [ "url--56266535-5a00-4a05-9850-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266535-5a00-4a05-9850-432e950d210b", "value": "https://www.virustotal.com/file/22deea26981bc6183ac3945da8274111e7fd7a35fbb6da601348cc6d66240114/analysis/1432101483/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266536-c094-4474-a143-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:54.000Z", "modified": "2015-10-20T16:00:54.000Z", "description": "- Xchecked via VT: 94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389", "pattern": "[file:hashes.SHA1 = '5e98486f941091eae2fbb89eedc36082fd5d9153']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266536-7fe8-42a9-bfe2-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:54.000Z", "modified": "2015-10-20T16:00:54.000Z", "description": "- Xchecked via VT: 94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389", "pattern": "[file:hashes.MD5 = '4395feba04c6cafba33fa659df1ec5a3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266537-23d0-48a2-b897-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:55.000Z", "modified": "2015-10-20T16:00:55.000Z", "first_observed": "2015-10-20T16:00:55Z", "last_observed": "2015-10-20T16:00:55Z", "number_observed": 1, "object_refs": [ "url--56266537-23d0-48a2-b897-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266537-23d0-48a2-b897-432e950d210b", "value": "https://www.virustotal.com/file/94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3cee0389/analysis/1439466209/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266537-f308-400a-acca-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:55.000Z", "modified": "2015-10-20T16:00:55.000Z", "description": "- Xchecked via VT: 1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48", "pattern": "[file:hashes.SHA1 = 'ce3d62ca9d3ae2cc0e2d64c50745522503200ee0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266537-d774-412f-9835-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:55.000Z", "modified": "2015-10-20T16:00:55.000Z", "description": "- Xchecked via VT: 1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48", "pattern": "[file:hashes.MD5 = '471848024b7f7eb717a9597f54802428']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266538-a9fc-469b-903e-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:56.000Z", "modified": "2015-10-20T16:00:56.000Z", "first_observed": "2015-10-20T16:00:56Z", "last_observed": "2015-10-20T16:00:56Z", "number_observed": 1, "object_refs": [ "url--56266538-a9fc-469b-903e-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266538-a9fc-469b-903e-432e950d210b", "value": "https://www.virustotal.com/file/1610fc805f980f5c70cec8e138ba800b01ebc86919f42b375cfb161ce6365a48/analysis/1427332547/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266538-1904-4744-9993-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:56.000Z", "modified": "2015-10-20T16:00:56.000Z", "description": "- Xchecked via VT: 57ab5f60198d311226cdc246598729ea", "pattern": "[file:hashes.SHA256 = '089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266538-a5d0-484c-9faa-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:56.000Z", "modified": "2015-10-20T16:00:56.000Z", "description": "- Xchecked via VT: 57ab5f60198d311226cdc246598729ea", "pattern": "[file:hashes.SHA1 = '1d1c24ee7dd77f742e59f54626ff68211d24b64a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56266539-4848-4794-b0dc-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:57.000Z", "modified": "2015-10-20T16:00:57.000Z", "first_observed": "2015-10-20T16:00:57Z", "last_observed": "2015-10-20T16:00:57Z", "number_observed": 1, "object_refs": [ "url--56266539-4848-4794-b0dc-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56266539-4848-4794-b0dc-432e950d210b", "value": "https://www.virustotal.com/file/089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41/analysis/1444029943/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266539-c514-478b-b868-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:57.000Z", "modified": "2015-10-20T16:00:57.000Z", "description": "- Xchecked via VT: 64c1ef8e0923bf44aaa96caeb28a6c11", "pattern": "[file:hashes.SHA256 = '6001692fde7a070df22a184fa8ecd844ab7b304a79fc7852aac8d81466ec3860']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5626653a-27a0-41f9-9e77-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:58.000Z", "modified": "2015-10-20T16:00:58.000Z", "description": "- Xchecked via VT: 64c1ef8e0923bf44aaa96caeb28a6c11", "pattern": "[file:hashes.SHA1 = '8aad6f55c47e7079977b107918c1e4cd30613379']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:00:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5626653a-0084-4b65-a86f-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:00:58.000Z", "modified": "2015-10-20T16:00:58.000Z", "first_observed": "2015-10-20T16:00:58Z", "last_observed": "2015-10-20T16:00:58Z", "number_observed": 1, "object_refs": [ "url--5626653a-0084-4b65-a86f-432e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5626653a-0084-4b65-a86f-432e950d210b", "value": "https://www.virustotal.com/file/6001692fde7a070df22a184fa8ecd844ab7b304a79fc7852aac8d81466ec3860/analysis/1422287826/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562665f4-171c-4c6f-b471-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:04:04.000Z", "modified": "2015-10-20T16:04:04.000Z", "pattern": "[domain-name:value = 'pal4u.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:04:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562665f4-6c30-4efd-887c-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:04:04.000Z", "modified": "2015-10-20T16:04:04.000Z", "pattern": "[domain-name:value = 'pal2me.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:04:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--562665f5-afec-4d12-94bf-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:04:05.000Z", "modified": "2015-10-20T16:04:05.000Z", "pattern": "[domain-name:value = 'shop8d.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:04:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266694-656c-4cf8-9c4e-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:06:44.000Z", "modified": "2015-10-20T16:06:44.000Z", "pattern": "[domain-name:value = 'news-youm7.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:06:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56266695-8bf4-4ddf-ab03-432e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-10-20T16:06:45.000Z", "modified": "2015-10-20T16:06:45.000Z", "pattern": "[domain-name:value = 'to70.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-10-20T16:06:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56795fcc-8df8-4ac3-9fa1-49d5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-12-22T14:35:56.000Z", "modified": "2015-12-22T14:35:56.000Z", "pattern": "[url:value = 'https://www.virustotal.com/file/089a31178bff1a4001016e51b4f59ae90c8847a9d5397a611c6fbeb028fc8d41/analysis/1447091115/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-12-22T14:35:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "External analysis" } ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }