{ "type": "bundle", "id": "bundle--5943a31f-8a90-4206-b02e-4b5b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T12:38:39.000Z", "modified": "2017-06-16T12:38:39.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5943a31f-8a90-4206-b02e-4b5b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T12:38:39.000Z", "modified": "2017-06-16T12:38:39.000Z", "name": "M2M - #LokiBot goes with SWIFT theme", "published": "2017-06-16T12:39:25Z", "object_refs": [ "indicator--5943a320-b708-4bea-b973-4aee950d210f", "indicator--5943a320-bdc8-4aa9-921c-4e57950d210f", "indicator--5943a321-14d0-4114-96da-43e8950d210f", "observed-data--5943a322-3930-4aa8-9e32-4cde950d210f", "network-traffic--5943a322-3930-4aa8-9e32-4cde950d210f", "ipv4-addr--5943a322-3930-4aa8-9e32-4cde950d210f", "indicator--5943a322-cce4-4b30-bbda-4dcc950d210f", "indicator--5943a323-9274-42d6-9c64-4009950d210f", "indicator--5943a323-e660-43fb-b877-4bba950d210f", "indicator--5943a324-2b54-4e4d-b7b0-4a42950d210f", "indicator--5943a325-4144-43aa-a04d-456c950d210f", "indicator--5943a326-8b3c-443d-86a6-4ae7950d210f", "indicator--5943a326-5e20-48bb-bda5-488a950d210f", "indicator--5943a327-a878-47f8-a0e9-4161950d210f", "indicator--5943a328-bd60-4c82-acbd-4e06950d210f", "indicator--5943a329-81c4-4316-be69-48cc950d210f", "indicator--5943a32b-6d48-40fe-9a65-4103950d210f", "indicator--5943a32c-3a64-43b1-97d5-464e950d210f", "indicator--5943a32d-51ac-4c4f-a227-4c0c950d210f", "indicator--5943a32e-8db4-465b-9cb1-4c54950d210f", "indicator--5943a32f-4154-433d-89f1-48de950d210f", "indicator--5943a32f-9edc-4693-82e6-4347950d210f", "indicator--5943a330-4c18-4633-a663-46f9950d210f", "indicator--5943a331-1308-44fb-8e94-4c70950d210f", "indicator--5943a332-2268-459d-991d-4c0c950d210f", "indicator--5943a333-fd0c-4f2f-8364-459d950d210f", "indicator--5943a334-da08-4890-8cb8-4da0950d210f", "indicator--5943a335-a9d0-4d5a-a57c-4bf0950d210f", "indicator--5943a336-3824-4724-8b8e-4aec950d210f", "indicator--5943a337-0cc0-4405-9c52-4962950d210f", "indicator--5943a338-5000-4b61-bea6-48be950d210f", "indicator--5943a339-0204-476e-9eac-4ba4950d210f", "indicator--5943a339-ada4-4080-9fb5-42c4950d210f", "indicator--5943a33a-10e4-473c-98c7-45db950d210f", "indicator--5943a33b-9914-4eef-af6c-43ef950d210f", "indicator--5943a33c-d338-4bbd-8402-41e5950d210f", "indicator--5943a33e-57c8-4830-a935-4f2f950d210f", "indicator--5943a33e-c134-483d-94e7-4eb0950d210f", "indicator--5943a33f-45f4-4393-bbe9-4bf1950d210f", "indicator--5943a340-da3c-49ce-ae1d-4632950d210f", "indicator--5943a341-f75c-4109-8e69-4d54950d210f", "indicator--5943a342-9af8-490d-8aa8-44fb950d210f", "indicator--5943a343-eafc-4411-8881-44ee950d210f", "indicator--5943a344-8f40-4281-b31e-46e6950d210f", "indicator--5943a345-525c-4e26-9bfa-4bd3950d210f", "indicator--5943a345-9dd0-4e43-b009-4b2f950d210f", "indicator--5943a346-5120-48f1-82f9-4f98950d210f", "indicator--5943a347-f560-4a82-830f-4421950d210f", "indicator--5943a348-ecb4-4042-85d2-45cf950d210f", "indicator--5943a349-ecb8-4d38-b02f-4c07950d210f", "indicator--5943a34a-9678-4305-af6b-4e84950d210f", "indicator--5943a34b-de34-49dd-a3da-43bb950d210f", "indicator--5943a34c-0eb8-4dac-8eff-49d3950d210f", "indicator--5943a34c-7890-4203-885c-43c8950d210f", "indicator--5943a34d-fae8-4296-968c-4ba5950d210f", "indicator--5943a34e-2738-4e9e-b59a-4527950d210f", "indicator--5943a34f-5230-4979-8f5b-4390950d210f", "indicator--5943a350-f91c-411d-9858-4390950d210f", "indicator--5943a351-96b4-4002-b815-4b57950d210f", "indicator--5943a351-011c-4f9a-aebc-4f64950d210f", "indicator--5943a352-1b44-4396-8f4a-4c03950d210f", "indicator--5943a354-5af0-4568-a713-44a6950d210f", "indicator--5943a355-f048-4a9b-bc5f-496b950d210f", "indicator--5943a356-ab28-4867-ad85-486a950d210f", "indicator--5943a356-d654-4daa-83a0-48a9950d210f", "indicator--5943a357-9a54-4daa-96bf-41cc950d210f", "indicator--5943a358-edc0-4fd1-9bec-4505950d210f", "indicator--5943a359-3f1c-4e93-89aa-4346950d210f", "indicator--5943a35a-01d0-46b2-ac04-4084950d210f", "indicator--5943a35a-37d0-4de2-8919-43f5950d210f", "indicator--5943a35b-3200-4397-bc78-4de2950d210f", "indicator--5943a35c-e54c-43c9-989a-4f0e950d210f", "indicator--5943a35d-d7c4-4047-92ca-46d8950d210f", "indicator--5943a35e-fc70-4484-b624-4833950d210f", "indicator--5943a35f-dd6c-4d3a-8edc-4faf950d210f", "indicator--5943a35f-caac-45c2-8360-48cc950d210f", "indicator--5943a360-2a40-4c2f-845a-4aad950d210f", "indicator--5943a362-9d54-449b-a849-4a83950d210f", "indicator--5943a362-00f8-4af2-87e7-45c9950d210f", "indicator--5943a364-80ec-4047-abbe-47ef950d210f", "indicator--5943a365-5e20-484b-a633-40ed950d210f", "indicator--5943a366-a184-4fd2-9e11-4ff3950d210f", "indicator--5943a368-f8a4-47f1-bbd4-4d4a950d210f", "indicator--5943a369-73d8-46ce-a2a9-4cb1950d210f", "indicator--5943a36b-c8fc-4707-8c3b-4539950d210f", "indicator--5943a36c-c7a8-43cf-966a-432d950d210f", "indicator--5943a36d-3170-4f3f-8c96-41c9950d210f", "indicator--5943a36f-da7c-49cd-82b1-4967950d210f", "indicator--5943a370-ff78-4f9e-9039-47a5950d210f", "indicator--5943a371-cdb4-46ed-bb00-4ffc950d210f", "indicator--5943a373-8d4c-40ee-ba2b-4e89950d210f", "indicator--5943a374-956c-478c-8f7a-4020950d210f", "indicator--5943a375-fe6c-4c88-b38b-4d7f950d210f", "indicator--5943a377-0920-431e-b38a-4c9c950d210f", "indicator--5943a378-d5ac-4548-8dfa-4fe3950d210f", "indicator--5943a379-1988-41e3-8ed4-4b01950d210f", "indicator--5943a37a-e7f8-4511-ad9d-4b6d950d210f", "indicator--5943a37b-b234-42a3-a1d9-4a8c950d210f", "indicator--5943a37d-fcbc-433a-b10d-484b950d210f", "indicator--5943a37e-aacc-4d51-8f90-4ffa950d210f", "indicator--5943a37f-7a78-4c40-80c5-411a950d210f", "indicator--5943a380-98ac-47b8-b174-4867950d210f", "indicator--5943a381-b930-4cf1-8e41-4b46950d210f", "indicator--5943a382-b794-4ab6-a295-4787950d210f", "indicator--5943a385-180c-4484-a312-4fbf950d210f", "indicator--5943a386-5034-4883-a653-4ee2950d210f", "indicator--5943a387-a364-4380-9158-4f24950d210f", "observed-data--5943a389-095c-4833-803e-498a950d210f", "url--5943a389-095c-4833-803e-498a950d210f", "observed-data--5943a389-3504-466a-b7d2-4191950d210f", "url--5943a389-3504-466a-b7d2-4191950d210f", "indicator--5943ba6e-e43c-4433-9ae3-067402de0b81", "observed-data--5943ba6e-1bc8-4382-a637-067402de0b81", "url--5943ba6e-1bc8-4382-a637-067402de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Flokibot\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a320-b708-4bea-b973-4aee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[file:hashes.MD5 = '2c60a69b14f383043571e0bc41ecd88d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a320-bdc8-4aa9-921c-4e57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[file:hashes.SHA256 = '0871ecc08d27b5d1047c8162669db786a89e62ed12b6174f7a1ebe7716262f42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a321-14d0-4114-96da-43e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'acasiaenterprisellc.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943a322-3930-4aa8-9e32-4cde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "first_observed": "2017-06-16T11:00:14Z", "last_observed": "2017-06-16T11:00:14Z", "number_observed": 1, "object_refs": [ "network-traffic--5943a322-3930-4aa8-9e32-4cde950d210f", "ipv4-addr--5943a322-3930-4aa8-9e32-4cde950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--5943a322-3930-4aa8-9e32-4cde950d210f", "dst_ref": "ipv4-addr--5943a322-3930-4aa8-9e32-4cde950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--5943a322-3930-4aa8-9e32-4cde950d210f", "value": "89.223.28.124" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a322-cce4-4b30-bbda-4dcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'acpaeqypt.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a323-9274-42d6-9c64-4009950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'alam-maritlm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a323-e660-43fb-b877-4bba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'alimen.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a324-2b54-4e4d-b7b0-4a42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'almerlmarpuerto.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a325-4144-43aa-a04d-456c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'apaksahasp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a326-8b3c-443d-86a6-4ae7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'appollobafh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a326-5e20-48bb-bda5-488a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'avsmanager.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a327-a878-47f8-a0e9-4161950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'bugattijedo.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a328-bd60-4c82-acbd-4e06950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'carderforum.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a329-81c4-4316-be69-48cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'cerber-rp.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32b-6d48-40fe-9a65-4103950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'chester.agenteinformaticos.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32c-3a64-43b1-97d5-464e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'coatexindusties.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32d-51ac-4c4f-a227-4c0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'dellafoglia-it.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32e-8db4-465b-9cb1-4c54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'di-san-tr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32f-4154-433d-89f1-48de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'dragonballz.com.de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a32f-9edc-4693-82e6-4347950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'eglsm.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a330-4c18-4633-a663-46f9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'encryptedconnection.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a331-1308-44fb-8e94-4c70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'evrixbody.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a332-2268-459d-991d-4c0c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'farawayer.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a333-fd0c-4f2f-8364-459d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'fyzeeconnect.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a334-da08-4890-8cb8-4da0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'galladentals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a335-a9d0-4d5a-a57c-4bf0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'game349forum.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a336-3824-4724-8b8e-4aec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'gamneit.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a337-0cc0-4405-9c52-4962950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'gavionewab.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a338-5000-4b61-bea6-48be950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'generalpw.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a339-0204-476e-9eac-4ba4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'gfcdo.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a339-ada4-4080-9fb5-42c4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'gongotraa.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33a-10e4-473c-98c7-45db950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'googledocs.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33b-9914-4eef-af6c-43ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'gruping.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33c-d338-4bbd-8402-41e5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'jbbrother.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33e-57c8-4830-a935-4f2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'jonnychangginc.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33e-c134-483d-94e7-4eb0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'jyhugtfhfgt56565jdfhfhgfh.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a33f-45f4-4393-bbe9-4bf1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'leadskit.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a340-da3c-49ce-ae1d-4632950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'medumsout.cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a341-f75c-4109-8e69-4d54950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'mht6k2dkuf.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a342-9af8-490d-8aa8-44fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'montenig.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a343-eafc-4411-8881-44ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'myopps.ml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a344-8f40-4281-b31e-46e6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'natonlineaccess.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a345-525c-4e26-9bfa-4bd3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'newawechemical.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a345-9dd0-4e43-b009-4b2f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'no1carpart.co.uk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a346-5120-48f1-82f9-4f98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'olujan.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a347-f560-4a82-830f-4421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'opentop.ml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a348-ecb4-4042-85d2-45cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'openttn.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a349-ecb8-4d38-b02f-4c07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'osmn-no.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34a-9678-4305-af6b-4e84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'papergang.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34b-de34-49dd-a3da-43bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'pishqam-ied.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34c-0eb8-4dac-8eff-49d3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'powerbal.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34c-7890-4203-885c-43c8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'privateaccess.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34d-fae8-4296-968c-4ba5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'qazxswedc.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34e-2738-4e9e-b59a-4527950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'servkillfeel.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a34f-5230-4979-8f5b-4390950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'spymenowornever.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a350-f91c-411d-9858-4390950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'street-credibility.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a351-96b4-4002-b815-4b57950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'street-esteem.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a351-011c-4f9a-aebc-4f64950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'street-takeover.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a352-1b44-4396-8f4a-4c03950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'street-up.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a354-5af0-4568-a713-44a6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'street-wise.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a355-f048-4a9b-bc5f-496b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'succchfamily.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a356-ab28-4867-ad85-486a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'swzgvvpnj54atkfbp6in.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a356-d654-4daa-83a0-48a9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'tee-gr.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a357-9a54-4daa-96bf-41cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'tianythread.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a358-edc0-4fd1-9bec-4505950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'tokimecltd.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a359-3f1c-4e93-89aa-4346950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'ttmaiil.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35a-01d0-46b2-ac04-4084950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'westernunionsupport.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35a-37d0-4de2-8919-43f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'whoyouhelp.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35b-3200-4397-bc78-4de2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'workfromhomeplc.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35c-e54c-43c9-989a-4f0e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'wusupport.su']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35d-d7c4-4047-92ca-46d8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'www.bugattijedo.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35e-fc70-4484-b624-4833950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'www.fyzeeconnect.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35f-dd6c-4d3a-8edc-4faf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'www.jyhugtfhfgt56565jdfhfhgfh.tk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a35f-caac-45c2-8360-48cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'xbool.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a360-2a40-4c2f-845a-4aad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://acpaeqypt.com/enter/meme/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a362-9d54-449b-a849-4a83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://ajahhunterz.xyz/ajahhunt_emma/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a362-00f8-4af2-87e7-45c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'ajahhunterz.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a364-80ec-4047-abbe-47ef950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://ajahhunterz.xyz/ajahhunt_nonso/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a365-5e20-484b-a633-40ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://alimen.ru/fbd/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a366-a184-4fd2-9e11-4ff3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://avsmanager.com/basics/logout.php?pid=744']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a368-f8a4-47f1-bbd4-4d4a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://dragonballz.com.de/loki/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a369-73d8-46ce-a2a9-4cb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://evrixbody.ru/cally/blessing/good/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a36b-c8fc-4707-8c3b-4539950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://farawayer.ru/chibum/fire/blessing/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a36c-c7a8-43cf-966a-432d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://gamneit.com/sbtm/update/domain/index.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a36d-3170-4f3f-8c96-41c9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://gamneit.com/sbtm/update/domain/login.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a36f-da7c-49cd-82b1-4967950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://generalpw.ru/s/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a370-ff78-4f9e-9039-47a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://gongotraa.com/five/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a371-cdb4-46ed-bb00-4ffc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://lekkihunterz2.xyz/rokman/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a373-8d4c-40ee-ba2b-4e89950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'lekkihunterz2.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a374-956c-478c-8f7a-4020950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://myopps.ml/hot/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a375-fe6c-4c88-b38b-4d7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://no1carpart.co.uk/bema/panel/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a377-0920-431e-b38a-4c9c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://no1carpart.co.uk/kk10/klinsk/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a378-d5ac-4548-8dfa-4fe3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://openttn.tk/we/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a379-1988-41e3-8ed4-4b01950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://opixib.bid/bhutra/gate.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a37a-e7f8-4511-ad9d-4b6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[domain-name:value = 'opixib.bid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a37b-b234-42a3-a1d9-4a8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://street-takeover.ru/okeagwu/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a37d-fcbc-433a-b10d-484b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://street-up.ru/v1/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a37e-aacc-4d51-8f90-4ffa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://street-up.ru/v2/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a37f-7a78-4c40-80c5-411a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://street-wise.ru/v2/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a380-98ac-47b8-b174-4867950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://street-wise.ru/v3/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a381-b930-4cf1-8e41-4b46950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://tee-gr.com/nw/admin.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a382-b794-4ab6-a295-4787950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://tokimecltd.ru/emi/five/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a385-180c-4484-a312-4fbf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://tokimecltd.ru/home/five/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a386-5034-4883-a653-4ee2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://tokimecltd.ru/love/five/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943a387-a364-4380-9158-4f24950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "pattern": "[url:value = 'http://www.fyzeeconnect.ru/street-credibilty/fre.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:00:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943a389-095c-4833-803e-498a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "first_observed": "2017-06-16T11:00:14Z", "last_observed": "2017-06-16T11:00:14Z", "number_observed": 1, "object_refs": [ "url--5943a389-095c-4833-803e-498a950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5943a389-095c-4833-803e-498a950d210f", "value": "https://www.hybrid-analysis.com/sample/0871ecc08d27b5d1047c8162669db786a89e62ed12b6174f7a1ebe7716262f42?environmentId=100" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943a389-3504-466a-b7d2-4191950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:00:14.000Z", "modified": "2017-06-16T11:00:14.000Z", "first_observed": "2017-06-16T11:00:14Z", "last_observed": "2017-06-16T11:00:14Z", "number_observed": 1, "object_refs": [ "url--5943a389-3504-466a-b7d2-4191950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5943a389-3504-466a-b7d2-4191950d210f", "value": "https://www.virustotal.com/hr/file/0871ecc08d27b5d1047c8162669db786a89e62ed12b6174f7a1ebe7716262f42/analysis/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5943ba6e-e43c-4433-9ae3-067402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:01:02.000Z", "modified": "2017-06-16T11:01:02.000Z", "description": "- Xchecked via VT: 0871ecc08d27b5d1047c8162669db786a89e62ed12b6174f7a1ebe7716262f42", "pattern": "[file:hashes.SHA1 = '6ce73f0f4b3af04fc83033abf8b0fbb299cd1c7d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-06-16T11:01:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5943ba6e-1bc8-4382-a637-067402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-06-16T11:01:02.000Z", "modified": "2017-06-16T11:01:02.000Z", "first_observed": "2017-06-16T11:01:02Z", "last_observed": "2017-06-16T11:01:02Z", "number_observed": 1, "object_refs": [ "url--5943ba6e-1bc8-4382-a637-067402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5943ba6e-1bc8-4382-a637-067402de0b81", "value": "https://www.virustotal.com/file/0871ecc08d27b5d1047c8162669db786a89e62ed12b6174f7a1ebe7716262f42/analysis/1497587348/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }