{ "type": "bundle", "id": "bundle--5a698fd0-f3dc-4e06-a580-4d34950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T12:47:21.000Z", "modified": "2018-01-25T12:47:21.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a698fd0-f3dc-4e06-a580-4d34950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T12:47:21.000Z", "modified": "2018-01-25T12:47:21.000Z", "name": "Malicious Chrome browser extensions injecting code", "published": "2018-01-25T12:47:30Z", "object_refs": [ "observed-data--5a699016-4e10-4b03-831e-49e4950d210f", "url--5a699016-4e10-4b03-831e-49e4950d210f", "indicator--5a69906a-8014-442a-bcc8-46fd950d210f", "indicator--5a69906b-219c-492c-a9ed-41f6950d210f", "indicator--5a69906b-f408-49b5-becc-4a95950d210f", "indicator--5a69906c-0df8-45da-9ac8-480a950d210f", "indicator--5a69906c-48d4-4066-a57f-4713950d210f", "indicator--5a69906d-d2ec-457f-9401-4843950d210f", "indicator--5a69906d-5610-4f04-85d5-485f950d210f", "indicator--5a69906d-ce24-4045-80c8-4e7e950d210f", "indicator--5a69906e-c63c-47a6-8180-4c0a950d210f", "indicator--5a69906e-fd34-42a8-9afc-4e1a950d210f", "indicator--5a69906e-5590-49c8-a58e-44a2950d210f", "indicator--5a69906f-5110-4a74-9f39-4d4f950d210f", "indicator--5a69906f-a1ac-4909-a062-4fa9950d210f", "indicator--5a699070-4c28-48af-9d47-4c2c950d210f", "indicator--5a699070-fdc8-470b-985a-4aac950d210f", "indicator--5a699070-7454-4f66-80c2-461a950d210f", "indicator--5a699071-b0f8-4eda-8714-405c950d210f", "indicator--5a699071-173c-4880-bff4-464f950d210f", "indicator--5a699072-6948-4c15-b16a-4c47950d210f", "indicator--5a699072-04a8-4517-973c-4dbb950d210f", "indicator--5a699072-4c00-4238-978a-423e950d210f", "indicator--5a699073-274c-4e95-8b1e-4cd3950d210f", "indicator--5a699073-66bc-49fa-a283-42d7950d210f", "indicator--5a699074-9010-4bd4-919d-44fc950d210f", "indicator--5a699074-60bc-44db-95fa-4bb8950d210f", "indicator--5a699074-3bcc-4681-9a48-44be950d210f", "indicator--5a699075-43c8-437d-924b-459f950d210f", "indicator--5a699075-a360-4bfa-8128-4d45950d210f", "indicator--5a699076-3a50-4309-99f0-416d950d210f", "indicator--5a699076-8568-49d8-a475-4709950d210f", "indicator--5a699076-ff60-4712-986f-48c5950d210f", "indicator--5a699077-a89c-443c-8ce3-4f23950d210f", "indicator--5a699077-f0a0-4e7b-bdc2-4cf1950d210f", "indicator--5a699078-d2fc-4056-9c27-4958950d210f", "indicator--5a699078-0308-4ec1-94a8-434e950d210f", "indicator--5a699078-9060-45de-9968-4cc7950d210f", "indicator--5a699079-d880-4382-ace5-40b8950d210f", "indicator--5a699079-fc34-4b3d-8a4b-4342950d210f", "indicator--5a69907a-f8cc-478f-b2a4-4f9e950d210f", "indicator--5a69907a-4b0c-4214-a67a-4c06950d210f", "indicator--5a69907a-837c-4750-8d95-47a3950d210f", "indicator--5a69907b-cbdc-4520-8e92-4a2d950d210f", "indicator--5a69907b-4340-4570-8011-4e27950d210f", "indicator--5a69907c-83dc-4e86-80fe-47f8950d210f", "indicator--5a69907c-74d0-4dcc-809f-4503950d210f", "indicator--5a69907c-1fd8-4853-a020-4ddb950d210f", "indicator--5a69907d-e360-475e-8ebf-4d26950d210f", "indicator--5a69907d-95bc-4234-92ba-4d41950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a699016-4e10-4b03-831e-49e4950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:06:46.000Z", "modified": "2018-01-25T08:06:46.000Z", "first_observed": "2018-01-25T08:06:46Z", "last_observed": "2018-01-25T08:06:46Z", "number_observed": 1, "object_refs": [ "url--5a699016-4e10-4b03-831e-49e4950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a699016-4e10-4b03-831e-49e4950d210f", "value": "https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906a-8014-442a-bcc8-46fd950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:10.000Z", "modified": "2018-01-25T08:08:10.000Z", "pattern": "[domain-name:value = 'change-request.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906b-219c-492c-a9ed-41f6950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:11.000Z", "modified": "2018-01-25T08:08:11.000Z", "pattern": "[domain-name:value = 'lite-bookmarks.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906b-f408-49b5-becc-4a95950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:11.000Z", "modified": "2018-01-25T08:08:11.000Z", "pattern": "[domain-name:value = 'stickies.pro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:11Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906c-0df8-45da-9ac8-480a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:12.000Z", "modified": "2018-01-25T08:08:12.000Z", "pattern": "[domain-name:value = 'a.stickies.pro']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906c-48d4-4066-a57f-4713950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:12.000Z", "modified": "2018-01-25T08:08:12.000Z", "pattern": "[domain-name:value = 'nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906d-d2ec-457f-9401-4843950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:13.000Z", "modified": "2018-01-25T08:08:13.000Z", "pattern": "[domain-name:value = 's1.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906d-5610-4f04-85d5-485f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:13.000Z", "modified": "2018-01-25T08:08:13.000Z", "pattern": "[domain-name:value = 's2.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906d-ce24-4045-80c8-4e7e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:13.000Z", "modified": "2018-01-25T08:08:13.000Z", "pattern": "[domain-name:value = 's3.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906e-c63c-47a6-8180-4c0a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:14.000Z", "modified": "2018-01-25T08:08:14.000Z", "pattern": "[domain-name:value = 's4.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906e-fd34-42a8-9afc-4e1a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:14.000Z", "modified": "2018-01-25T08:08:14.000Z", "pattern": "[domain-name:value = 's5.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906e-5590-49c8-a58e-44a2950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:14.000Z", "modified": "2018-01-25T08:08:14.000Z", "pattern": "[domain-name:value = 's6.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906f-5110-4a74-9f39-4d4f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:15.000Z", "modified": "2018-01-25T08:08:15.000Z", "pattern": "[domain-name:value = 's7.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69906f-a1ac-4909-a062-4fa9950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:15.000Z", "modified": "2018-01-25T08:08:15.000Z", "pattern": "[domain-name:value = 's8.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699070-4c28-48af-9d47-4c2c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:16.000Z", "modified": "2018-01-25T08:08:16.000Z", "pattern": "[domain-name:value = 's9.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699070-fdc8-470b-985a-4aac950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:16.000Z", "modified": "2018-01-25T08:08:16.000Z", "pattern": "[domain-name:value = 's10.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699070-7454-4f66-80c2-461a950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:16.000Z", "modified": "2018-01-25T08:08:16.000Z", "pattern": "[domain-name:value = 's11.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699071-b0f8-4eda-8714-405c950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:17.000Z", "modified": "2018-01-25T08:08:17.000Z", "pattern": "[domain-name:value = 's12.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699071-173c-4880-bff4-464f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:17.000Z", "modified": "2018-01-25T08:08:17.000Z", "pattern": "[domain-name:value = 's13.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699072-6948-4c15-b16a-4c47950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:18.000Z", "modified": "2018-01-25T08:08:18.000Z", "pattern": "[domain-name:value = 's14.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699072-04a8-4517-973c-4dbb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:18.000Z", "modified": "2018-01-25T08:08:18.000Z", "pattern": "[domain-name:value = 's15.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699072-4c00-4238-978a-423e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:18.000Z", "modified": "2018-01-25T08:08:18.000Z", "pattern": "[domain-name:value = 's16.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699073-274c-4e95-8b1e-4cd3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:19.000Z", "modified": "2018-01-25T08:08:19.000Z", "pattern": "[domain-name:value = 's17.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699073-66bc-49fa-a283-42d7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:19.000Z", "modified": "2018-01-25T08:08:19.000Z", "pattern": "[domain-name:value = 's18.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699074-9010-4bd4-919d-44fc950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:20.000Z", "modified": "2018-01-25T08:08:20.000Z", "pattern": "[domain-name:value = 's19.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699074-60bc-44db-95fa-4bb8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:20.000Z", "modified": "2018-01-25T08:08:20.000Z", "pattern": "[domain-name:value = 's20.nyoogle.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699074-3bcc-4681-9a48-44be950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:20.000Z", "modified": "2018-01-25T08:08:20.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.12']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699075-43c8-437d-924b-459f950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:21.000Z", "modified": "2018-01-25T08:08:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699075-a360-4bfa-8128-4d45950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:21.000Z", "modified": "2018-01-25T08:08:21.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.15']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699076-3a50-4309-99f0-416d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:22.000Z", "modified": "2018-01-25T08:08:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.16']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699076-8568-49d8-a475-4709950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:22.000Z", "modified": "2018-01-25T08:08:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.17']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699076-ff60-4712-986f-48c5950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:22.000Z", "modified": "2018-01-25T08:08:22.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699077-a89c-443c-8ce3-4f23950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:23.000Z", "modified": "2018-01-25T08:08:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699077-f0a0-4e7b-bdc2-4cf1950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:23.000Z", "modified": "2018-01-25T08:08:23.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699078-d2fc-4056-9c27-4958950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:24.000Z", "modified": "2018-01-25T08:08:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.115']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699078-0308-4ec1-94a8-434e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:24.000Z", "modified": "2018-01-25T08:08:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699078-9060-45de-9968-4cc7950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:24.000Z", "modified": "2018-01-25T08:08:24.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699079-d880-4382-ace5-40b8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:25.000Z", "modified": "2018-01-25T08:08:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.123']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a699079-fc34-4b3d-8a4b-4342950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:25.000Z", "modified": "2018-01-25T08:08:25.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907a-f8cc-478f-b2a4-4f9e950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:26.000Z", "modified": "2018-01-25T08:08:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907a-4b0c-4214-a67a-4c06950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:26.000Z", "modified": "2018-01-25T08:08:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907a-837c-4750-8d95-47a3950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:26.000Z", "modified": "2018-01-25T08:08:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907b-cbdc-4520-8e92-4a2d950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:27.000Z", "modified": "2018-01-25T08:08:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907b-4340-4570-8011-4e27950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:27.000Z", "modified": "2018-01-25T08:08:27.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907c-83dc-4e86-80fe-47f8950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:28.000Z", "modified": "2018-01-25T08:08:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907c-74d0-4dcc-809f-4503950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:28.000Z", "modified": "2018-01-25T08:08:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907c-1fd8-4853-a020-4ddb950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:28.000Z", "modified": "2018-01-25T08:08:28.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.108']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907d-e360-475e-8ebf-4d26950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:29.000Z", "modified": "2018-01-25T08:08:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a69907d-95bc-4234-92ba-4d41950d210f", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2018-01-25T08:08:29.000Z", "modified": "2018-01-25T08:08:29.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.206.161.124']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-01-25T08:08:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }