{ "type": "bundle", "id": "bundle--5d13be9e-bb04-4946-899d-409e02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-07-10T13:26:48.000Z", "modified": "2020-07-10T13:26:48.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d13be9e-bb04-4946-899d-409e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-07-10T13:26:48.000Z", "modified": "2020-07-10T13:26:48.000Z", "name": "Soft Cell case - Related indicators from correlations", "published": "2020-07-10T13:27:09Z", "object_refs": [ "indicator--5d13beb9-9aac-47bd-b831-479802de0b81", "indicator--5d13beb9-0aa4-4139-bb10-4c0302de0b81", "indicator--5d13beb9-f780-4a83-8682-4a7a02de0b81", "indicator--5d13beb9-bbcc-473f-a1df-480402de0b81", "indicator--5d13beb9-e288-4d7d-b564-420902de0b81", "indicator--5d13beb9-4184-4585-b676-4d6502de0b81", "indicator--5d13beb9-a71c-4126-be17-4d2b02de0b81", "indicator--5d13beb9-e17c-4690-aff5-444902de0b81", "indicator--5d13beb9-b1f8-4716-8d89-419402de0b81", "indicator--5d13beb9-0ca0-447f-838f-458102de0b81", "indicator--5d13beb9-89b0-4419-8775-483f02de0b81", "indicator--5d13beb9-91d0-4529-8b77-4bf902de0b81", "indicator--5d13beb9-43dc-44b7-acdd-484f02de0b81", "indicator--5d13beb9-c44c-4108-b934-456802de0b81", "indicator--5d13beb9-0c18-4438-9e15-4e7102de0b81", "indicator--5d13beb9-15a4-411b-9cc6-49ff02de0b81", "indicator--5d13beb9-8610-477d-b3d0-4d5902de0b81", "indicator--5d13beb9-4eec-45e1-a1aa-4ece02de0b81", "indicator--5d13beb9-872c-4027-a62f-4c5302de0b81", "indicator--5d13beb9-71f0-47e1-99ae-424002de0b81", "indicator--5d13beb9-2278-4f6d-8a57-485402de0b81", "indicator--5d13beb9-df1c-4ac8-927a-4a5b02de0b81", "indicator--5d13beb9-240c-4205-8ba4-497002de0b81", "indicator--5d13beb9-55ac-475c-b1fa-43aa02de0b81", "indicator--5d13beb9-3fbc-426e-b402-41cd02de0b81", "indicator--5d13beb9-0c88-419a-9bd6-4ad002de0b81", "indicator--5d13beb9-5b8c-40a3-af8f-493502de0b81", "indicator--5d13beb9-dfa4-4247-8e37-45a502de0b81", "indicator--5d13beb9-4a58-4a2b-8672-47de02de0b81", "indicator--5d13beb9-0390-4b7f-ac78-46c602de0b81", "indicator--5d13beb9-e888-4872-8da7-4c6f02de0b81", "indicator--5d13bf36-34b0-463c-94c4-47e302de0b81", "indicator--5d13bf36-1918-4d1d-a293-4ead02de0b81", "indicator--5d13bf36-0018-454b-ae78-4c8802de0b81", "indicator--5d13bf36-9240-415f-a057-443602de0b81", "indicator--5d13bf36-d01c-41ff-9a8e-4f1202de0b81", "indicator--5d13bf36-2c4c-4778-86b8-485d02de0b81", "indicator--5d13bf36-0940-4c62-95f0-442502de0b81", "indicator--5d13bf36-c440-46dd-93db-491302de0b81", "indicator--5d13bf36-f87c-4312-923f-4f9602de0b81", "indicator--5d13bf36-e3f4-424a-86b6-4b5a02de0b81", "indicator--5d13bf99-1430-4f9d-98d5-bf3202de0b81", "indicator--5d13bf99-252c-45cb-b663-bf3202de0b81", "indicator--5d13bf99-294c-45ab-9bd1-bf3202de0b81", "indicator--5d13bf99-f418-4199-9ba8-bf3202de0b81", "indicator--5d13bf99-6eac-4a22-8ac1-bf3202de0b81", "indicator--5d13bf99-2230-4c4d-8d5f-bf3202de0b81", "indicator--5d13bf99-8ac4-4937-b48f-bf3202de0b81", "indicator--5d13bf99-b308-4963-a36f-bf3202de0b81", "indicator--5d13bf99-c720-4faf-b302-bf3202de0b81", "indicator--5d13bf99-78bc-472a-90af-bf3202de0b81", "indicator--5d13bf99-ffc4-4388-886d-bf3202de0b81", "indicator--5d13bf99-8148-49d0-9633-bf3202de0b81", "indicator--5d13bf99-1e48-473f-80e8-bf3202de0b81", "indicator--5d13bf99-960c-4884-b932-bf3202de0b81", "indicator--5d13bf99-fa48-4773-9bbd-bf3202de0b81", "indicator--5d13bf99-7c18-450a-b719-bf3202de0b81", "indicator--5d13bf99-cfc0-46a7-b030-bf3202de0b81", "indicator--5d13bf99-2938-4dcc-b9e4-bf3202de0b81", "indicator--5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81", "indicator--5d13bf99-a5e4-43bd-8be5-bf3202de0b81", "indicator--5d13bf99-d680-4508-b545-bf3202de0b81", "indicator--5d13bf99-d134-4529-92ab-bf3202de0b81", "indicator--5d13bf99-83e4-49d8-9a21-bf3202de0b81", "indicator--5d13bf99-213c-4b63-8b42-bf3202de0b81", "indicator--5d13bf99-f8c8-4768-bf68-bf3202de0b81", "indicator--5d13bf99-bf00-4afd-ac6c-bf3202de0b81", "indicator--5d13bf99-1198-42a3-a4ad-bf3202de0b81", "indicator--5d13bf99-0608-4d2e-95de-bf3202de0b81", "indicator--5d13bf99-cf84-4700-a457-bf3202de0b81", "indicator--5d13bf99-c1c4-485d-acfb-bf3202de0b81", "indicator--5d13bf99-7594-4dde-8981-bf3202de0b81", "indicator--5d13bf99-eec0-40fd-abb6-bf3202de0b81", "indicator--5d13bf99-8490-4d7f-8c05-bf3202de0b81", "indicator--5d13bf99-9884-4140-9ab3-bf3202de0b81", "indicator--5d13bf9a-4028-460d-a9cb-bf3202de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-9aac-47bd-b831-479802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'asyspy256.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-0aa4-4139-bb10-4c0302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[file:hashes.SHA256 = '177fcb8c089ad981fd1353d74fce5d13f26a6db78224c96209162cc145cf5ee8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-f780-4a83-8682-4a7a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[file:hashes.SHA256 = '40d6a2f0e12cbaa34db35bf2bac713cb3ab26e01c26289ad74fd88391ff33a84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-bbcc-473f-a1df-480402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[url:value = 'https://asyspy256.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-e288-4d7d-b564-420902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[url:value = 'http://asyspy256.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-4184-4585-b676-4d6502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[file:hashes.SHA256 = '56620a8035dc7244ccd525f11ed4b1b683794e9d72076363c6a8424ccfe64dd5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-a71c-4126-be17-4d2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.56.60.240']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-e17c-4690-aff5-444902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.121.48.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-b1f8-4716-8d89-419402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.213.106.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-0ca0-447f-838f-458102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.21.23.69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-89b0-4419-8775-483f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.184.15.106']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-91d0-4529-8b77-4bf902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'sz2016rose.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-43dc-44b7-acdd-484f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'hotkillmail9sddcc.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-c44c-4108-b934-456802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'rosaf112.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-0c18-4438-9e15-4e7102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'cvdfhjh1231.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-15a4-411b-9cc6-49ff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = '211-21-23-69.hinet-ip.hinet.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-8610-477d-b3d0-4d5902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'dffwescwer4325.myftp.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-4eec-45e1-a1aa-4ece02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'cvdfhjh12311.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-872c-4027-a62f-4c5302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'cvdfhjh1231.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-71f0-47e1-99ae-424002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'www.zhonglic.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-2278-4f6d-8a57-485402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = '8993327.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-df1c-4ac8-927a-4a5b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'ns1.hostgamma.asia']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-240c-4205-8ba4-497002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'bm999999.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-55ac-475c-b1fa-43aa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'www.bm999999.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-3fbc-426e-b402-41cd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = '15e752e3e1a29b41.cdn.jiashule.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-0c88-419a-9bd6-4ad002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'ns11.kowloonhosting.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-5b8c-40a3-af8f-493502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'swisspatentlaw.cn']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-dfa4-4247-8e37-45a502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'prescottarts.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-4a58-4a2b-8672-47de02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[domain-name:value = 'ressya-hiroba.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-0390-4b7f-ac78-46c602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[url:value = 'https://hotkillmail9sddcc.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13beb9-e888-4872-8da7-4c6f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:51:37.000Z", "modified": "2019-06-26T18:51:37.000Z", "pattern": "[url:value = 'http://hotkillmail9sddcc.ddns.net/84efbd38001399bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:51:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-34b0-463c-94c4-47e302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-1918-4d1d-a293-4ead02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-0018-454b-ae78-4c8802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'http://rosaf112.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-9240-415f-a057-443602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'http://sz2016rose.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-d01c-41ff-9a8e-4f1202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'http://hotkillmail9sddcc.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-2c4c-4778-86b8-485d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'https://sz2016rose.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-0940-4c62-95f0-442502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'https://cvdfhjh1231.myftp.biz/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-c440-46dd-93db-491302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'http://cvdfhjh1231.myftp.biz/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-f87c-4312-923f-4f9602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'https://rosaf112.ddns.net/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf36-e3f4-424a-86b6-4b5a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:53:42.000Z", "modified": "2019-06-26T18:53:42.000Z", "pattern": "[url:value = 'http://rosaf112.ddns.net/rosaf112.ddns.net/65afed00000000ca']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:53:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-1430-4f9d-98d5-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2020-07-10T13:26:47.000Z", "modified": "2020-07-10T13:26:47.000Z", "description": "SINKHOLE", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.226.209']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2020-07-10T13:26:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-252c-45cb-b663-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'ca297d004b32a058b56a2360a38b8841483c97642b243b97c3e2a26386665f5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-294c-45ab-9bd1-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '60faca782fa4be9366714d63f581afe5e3bec28968e4d8bf13ddb27cbf69308e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-f418-4199-9ba8-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'e1eedf55a76696735ca11ae38bfb8079fd9870dd823b8e0510704fd1c3877cd4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-6eac-4a22-8ac1-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '430683d033fe8d97300fa5dfac139f9b407d930a2f05455a24433192e1034eab']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-2230-4c4d-8d5f-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '57baf7f8092fc10b488271603fadb80e8d73b2944ddbf9868441d54c730b607e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-8ac4-4937-b48f-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'gokeenakte.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-b308-4963-a36f-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'ciscoupdate2019.gotdns.ch']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-c720-4faf-b302-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'zstoreshoping.ddns.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-78bc-472a-90af-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'booomaahuuoooapl.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-ffc4-4388-886d-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'tashdqdxp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-8148-49d0-9633-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'download311a7g5117main.booomaahuuoooapl.ru']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-1e48-473f-80e8-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'joshel.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-960c-4884-b932-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'www.tashdqdxp.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-fa48-4773-9bbd-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[domain-name:value = 'buygearnow.xyz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-7c18-450a-b719-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'b32c619e1976f425192f50bd9c0a345c62695221142c9803d180d769c3a138da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-cfc0-46a7-b030-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'd87997a5749f699e77e56aa651c076f408aaa1e906f165bc33f7239f90d6b0fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-2938-4dcc-b9e4-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'fd20b7afc3581173c7e80fa67bd7bf3962fe8e757dc131315c4932dc4dce7c83']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '074cc53b54be2de8ca4900dd2d7821fb09c2025fb399400835db4936d5b3e819']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-a5e4-43bd-8be5-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'd52375f8ab4333175944299d6bf8362956f2336ac02f3f657601939a2e1b860b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-d680-4508-b545-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'cf24b8da54c9736afe16c89271381df6586d20c4594f08211a2a9327a548f0ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-d134-4529-92ab-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = 'd85f1a383fd80fe3fcd4acbbc24b21e21eda4f35b63378fd6853d583eff14f4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-83e4-49d8-9a21-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '4601d9af39d22b5e9d6e6afcd36e594b10b43942b4f8fa60da1a4f4660264490']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-213c-4b63-8b42-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '25750861d22973ea96d028ba89d0c92cc7ab7cff313df87f787fe87746ce8f63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-f8c8-4768-bf68-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[file:hashes.SHA256 = '01299f05e555230f617d04867414c261eee9d26d215835e56cef7f252c9a9bd2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-bf00-4afd-ac6c-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'https://dffwescwer4325.myftp.biz/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-1198-42a3-a4ad-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://gokeenakte.top/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-0608-4d2e-95de-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://ciscoupdate2019.gotdns.ch/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-cf84-4700-a457-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://45.77.226.209/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-c1c4-485d-acfb-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://zstoreshoping.ddns.net/data']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-7594-4dde-8981-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://tashdqdxp.com/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-eec0-40fd-abb6-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://booomaahuuoooapl.ru/t.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-8490-4d7f-8c05-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://booomaahuuoooapl.ru/m.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf99-9884-4140-9ab3-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:21.000Z", "modified": "2019-06-26T18:55:21.000Z", "pattern": "[url:value = 'http://joshel.com/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5d13bf9a-4028-460d-a9cb-bf3202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-06-26T18:55:22.000Z", "modified": "2019-06-26T18:55:22.000Z", "pattern": "[url:value = 'http://booomaahuuoooapl.ru/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-06-26T18:55:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }