{ "type": "bundle", "id": "bundle--59b286e5-9604-4c1c-a51b-423b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:11:24.000Z", "modified": "2017-09-08T12:11:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--59b286e5-9604-4c1c-a51b-423b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:11:24.000Z", "modified": "2017-09-08T12:11:24.000Z", "name": "OSINT - Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms", "published": "2017-09-11T12:05:44Z", "object_refs": [ "indicator--59b28702-1778-4627-9722-4b49950d210f", "indicator--59b28702-0bb0-4db6-a142-4b58950d210f", "indicator--59b28702-3dac-4ad2-b02c-4a4c950d210f", "indicator--59b28702-41d4-4b35-95e4-4564950d210f", "observed-data--59b28713-8418-4ce6-82c2-45f3950d210f", "url--59b28713-8418-4ce6-82c2-45f3950d210f", "x-misp-attribute--59b2872b-a554-4084-93d6-446e950d210f", "indicator--59b287b0-87c4-4842-991f-4808950d210f", "indicator--59b287b0-43ec-4f65-9e3d-42a0950d210f", "indicator--59b287b0-7248-4106-b838-4abf950d210f", "indicator--59b287b0-93c0-427a-90b6-46fe950d210f", "indicator--59b287b0-060c-4687-bf26-4cba950d210f", "indicator--59b287b0-1654-4c10-a4a6-4ff2950d210f", "indicator--59b287b0-5130-4017-be0a-4c8a950d210f", "indicator--59b287b0-cb30-494d-b0f4-4318950d210f", "indicator--59b287b0-44e8-4377-88dc-4ae1950d210f", "indicator--59b287b0-2fcc-4bfa-ae81-4b15950d210f", "indicator--59b287b0-c460-48a3-818b-462d950d210f", "indicator--59b287b0-6570-40bb-9cb5-4ab4950d210f", "indicator--59b287b0-7570-4cbd-8774-4ac0950d210f", "indicator--59b287b0-2364-466d-83c7-4ca7950d210f", "indicator--59b287b0-6ee8-4d08-8e1e-42c6950d210f", "indicator--59b287b0-e7bc-4cc2-a703-476e950d210f", "indicator--59b287b0-3bb4-4b19-b867-4baa950d210f", "indicator--59b287b0-af50-48e2-bbda-4dc4950d210f", "indicator--59b287b0-5d84-49b7-a4ed-4bec950d210f", "indicator--59b287b0-8894-443d-91ec-47d6950d210f", "indicator--59b287b0-ee3c-4073-a648-416a950d210f", "indicator--59b287b0-5534-47db-85d0-45fc950d210f", "indicator--59b287b0-6550-4b4f-bf85-4e04950d210f", "indicator--59b287b0-9278-4cec-9ac8-4bdb950d210f", "indicator--59b287b0-9080-4a75-9b5d-4e23950d210f", "indicator--59b287b0-adc8-49bb-8e86-4561950d210f", "indicator--59b287b0-683c-4688-b7dc-4113950d210f", "indicator--59b287b0-a15c-4395-bc71-4377950d210f", "indicator--59b287b0-7254-4553-bd86-4b2c950d210f", "indicator--59b287b0-dc50-499a-815e-4bb5950d210f", "indicator--59b28818-19a0-4f5a-9979-47b0950d210f", "indicator--59b28818-e66c-4aa3-990a-4389950d210f", "indicator--59b28819-1b00-4ccb-b033-4b5f950d210f", "indicator--59b28819-8d0c-419a-846f-45eb950d210f", "indicator--59b28819-fbf8-4bdd-96bd-46a1950d210f", "indicator--59b28819-43d4-4cd5-93a3-4434950d210f", "indicator--59b28819-0938-4edb-8955-40cf950d210f", "indicator--59b28819-0b44-482b-a3b5-4594950d210f", "indicator--59b28819-3b4c-4937-8492-43fc950d210f", "indicator--59b28819-693c-43c6-a8ff-40bc950d210f", "indicator--59b28819-7f58-46ff-ac78-4e35950d210f", "indicator--59b28819-b57c-4f41-978a-48d9950d210f", "indicator--59b28819-df8c-4554-bfff-47a4950d210f", "indicator--59b28819-7d6c-4404-bf40-4b8f950d210f", "indicator--59b28819-3ea0-4ef3-8206-41bd950d210f", "indicator--59b28819-5f48-437c-a7cd-4d76950d210f", "indicator--59b28819-8be8-4f1e-b1c3-4914950d210f", "indicator--59b28819-3de0-45de-9811-44e2950d210f", "indicator--59b28819-1f80-4fc1-bb4a-4065950d210f", "indicator--59b28819-a748-424a-b213-432d950d210f", "indicator--59b28819-4acc-47ed-b461-4153950d210f", "indicator--59b28819-33d8-4321-84d1-4a96950d210f", "indicator--59b28819-4ec8-42b9-8667-4976950d210f", "indicator--59b28819-6f0c-4384-8dd5-4335950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:source-type=\"blog-post\"", "ms-caro-malware:malware-type=\"DDoS\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28702-1778-4627-9722-4b49950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:03:14.000Z", "modified": "2017-09-08T12:03:14.000Z", "pattern": "[domain-name:value = 'shashenddos.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:03:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28702-0bb0-4db6-a142-4b58950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:03:14.000Z", "modified": "2017-09-08T12:03:14.000Z", "pattern": "[domain-name:value = '87ddos.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:03:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28702-3dac-4ad2-b02c-4a4c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:03:14.000Z", "modified": "2017-09-08T12:03:14.000Z", "pattern": "[domain-name:value = 'www.dk.ps88.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:03:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28702-41d4-4b35-95e4-4564950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:03:14.000Z", "modified": "2017-09-08T12:03:14.000Z", "pattern": "[domain-name:value = 'www.pc4.tw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:03:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--59b28713-8418-4ce6-82c2-45f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:04:52.000Z", "modified": "2017-09-08T12:04:52.000Z", "first_observed": "2017-09-08T12:04:52Z", "last_observed": "2017-09-08T12:04:52Z", "number_observed": 1, "object_refs": [ "url--59b28713-8418-4ce6-82c2-45f3950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--59b28713-8418-4ce6-82c2-45f3950d210f", "value": "http://blog.talosintelligence.com/2017/08/chinese-online-ddos-platforms.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--59b2872b-a554-4084-93d6-446e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:04:58.000Z", "modified": "2017-09-08T12:04:58.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "In the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target\u00e2\u20ac\u2122s host, port, attack method, and duration of attack. In addition, the majority of these sites have been registered within the past six months. However, the websites operate under different group names and have different registrants. In addition, Talos has observed administrators of these websites launching attacks on one another. Talos sought to research the actors responsible for creating these platforms and analyze why they have become more prevalent lately." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-87c4-4842-991f-4808950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.794ddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-43ec-4f65-9e3d-42a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.tmddos.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-7248-4106-b838-4abf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.wm-ddos.win']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-93c0-427a-90b6-46fe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.tc4.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-060c-4687-bf26-4cba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.hkddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-1654-4c10-a4a6-4ff2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.ppddos.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-5130-4017-be0a-4c8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.lnddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-cb30-494d-b0f4-4318950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.711ddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-44e8-4377-88dc-4ae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.830ddos.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-2fcc-4bfa-ae81-4b15950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.bbddos.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-c460-48a3-818b-462d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.941ddos.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-6570-40bb-9cb5-4ab4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.123ddos.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-7570-4cbd-8774-4ac0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.the-dos.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-2364-466d-83c7-4ca7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.etddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-6ee8-4d08-8e1e-42c6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.jtddos.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-e7bc-4cc2-a703-476e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.ccddos.ml']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-3bb4-4b19-b867-4baa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.87ddos.cc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-af50-48e2-bbda-4dc4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.ddos.cx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-5d84-49b7-a4ed-4bec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.hackdd.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-8894-443d-91ec-47d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.shashenddos.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-ee3c-4073-a648-416a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.minddos.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-5534-47db-85d0-45fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.caihongtangddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-6550-4b4f-bf85-4e04950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.zfxcb.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-9278-4cec-9ac8-4bdb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.91moyu.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-9080-4a75-9b5d-4e23950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.xcbzy.club']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-adc8-49bb-8e86-4561950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.this-ddos.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-683c-4688-b7dc-4113950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.aaajb.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-a15c-4395-bc71-4377950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.ddos.qv5.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-7254-4553-bd86-4b2c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.tdddos.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b287b0-dc50-499a-815e-4bb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:06:08.000Z", "modified": "2017-09-08T12:06:08.000Z", "description": "Online DDoS Websites", "pattern": "[domain-name:value = 'www.ddos.blue']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:06:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28818-19a0-4f5a-9979-47b0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:52.000Z", "modified": "2017-09-08T12:07:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.54.93']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28818-e66c-4aa3-990a-4389950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:52.000Z", "modified": "2017-09-08T12:07:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.40.150']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-1b00-4ccb-b033-4b5f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.159.30.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-8d0c-419a-846f-45eb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.161.160']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-fbf8-4bdd-96bd-46a1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.174.49']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-43d4-4cd5-93a3-4434950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.128.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-0938-4edb-8955-40cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.217.162.94']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-0b44-482b-a3b5-4594950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.130.205']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-3b4c-4937-8492-43fc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.237.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-693c-43c6-a8ff-40bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.202.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-7f58-46ff-ac78-4e35950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.177.67']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-b57c-4f41-978a-48d9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.86.177']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-df8c-4554-bfff-47a4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.42.212.68']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-7d6c-4404-bf40-4b8f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.210.15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-3ea0-4ef3-8206-41bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.33.110']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-5f48-437c-a7cd-4d76950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.154.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-8be8-4f1e-b1c3-4914950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.27.137.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-3de0-45de-9811-44e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.230.235.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-1f80-4fc1-bb4a-4065950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.42.18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-a748-424a-b213-432d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.251.93.27']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-4acc-47ed-b461-4153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.18.62.202']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-33d8-4321-84d1-4a96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.24.117.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-4ec8-42b9-8667-4976950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.28.4.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--59b28819-6f0c-4384-8dd5-4335950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-09-08T12:07:53.000Z", "modified": "2017-09-08T12:07:53.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.31.76.30']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-09-08T12:07:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }