adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/555de343-19c0-42e9-b793-ab11950d210b.json

1472 lines
No EOL
60 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--555de343-19c0-42e9-b793-ab11950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:32.000Z",
"modified": "2015-05-28T08:01:32.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--555de343-19c0-42e9-b793-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:32.000Z",
"modified": "2015-05-28T08:01:32.000Z",
"name": "OSINT Cylance SPEAR Team: A Threat Actor Resurfaces from Cylance",
"published": "2015-05-28T10:02:21Z",
"object_refs": [
"observed-data--555de350-80d8-4e46-baa7-f22a950d210b",
"url--555de350-80d8-4e46-baa7-f22a950d210b",
"indicator--5566c7b9-5c2c-4dcc-93b6-460e950d210b",
"indicator--5566c7ba-c9e4-412e-bbee-4fa5950d210b",
"indicator--5566c7c7-36b0-4d4d-a057-4b43950d210b",
"indicator--5566c7e0-2dd0-4bc1-b327-4224950d210b",
"indicator--5566c800-ab24-4cc1-b8b0-44d9950d210b",
"indicator--5566c842-7bd8-4b53-8ff1-4741950d210b",
"indicator--5566c842-1e54-4664-81b4-42f4950d210b",
"indicator--5566c843-bd4c-4aac-8863-4f24950d210b",
"indicator--5566c853-a9bc-48a8-9f4c-418c950d210b",
"x-misp-attribute--5566c86a-0b0c-4233-b704-48c8950d210b",
"x-misp-attribute--5566c891-7614-47a7-99f2-4d9d950d210b",
"indicator--5566c8a7-5bf4-4bb0-9e26-4e22950d210b",
"indicator--5566c8c1-d8c4-42d4-ae12-4ac8950d210b",
"indicator--5566c8c2-1584-4cfa-80d5-4945950d210b",
"indicator--5566c8c2-6bfc-47c8-a1b3-4b55950d210b",
"indicator--5566c8ed-36a8-4f53-a490-4ce9950d210b",
"indicator--5566c8ee-dad4-417b-a752-443c950d210b",
"x-misp-attribute--5566c90c-abf4-4a58-8d7f-48e2950d210b",
"x-misp-attribute--5566c9e8-0a40-4a39-8331-4dc4950d210b",
"indicator--5566ca39-c570-45e4-a246-40b6950d210b",
"indicator--5566ca39-da1c-4ae8-ab54-45af950d210b",
"indicator--5566ca52-a154-40eb-aa21-4747950d210b",
"indicator--5566ca52-1014-4d90-8f1e-4cda950d210b",
"indicator--5566ca64-5b08-45eb-8f3a-41e6950d210b",
"observed-data--5566ca79-0400-4335-b7c0-44f1950d210b",
"url--5566ca79-0400-4335-b7c0-44f1950d210b",
"indicator--5566cb58-ee24-452b-a1a4-4f98950d210b",
"indicator--5566cb58-8248-418d-bf12-4ae6950d210b",
"indicator--5566cb58-a974-4835-a86a-4a03950d210b",
"indicator--5566cb58-40b0-4f2a-aa33-48f2950d210b",
"indicator--5566cb58-0890-4475-8476-49f5950d210b",
"indicator--5566cb58-b9f4-459d-9d1b-496e950d210b",
"indicator--5566cb58-c8b4-48b6-b49a-407b950d210b",
"indicator--5566cb59-9428-4bc1-86e4-4015950d210b",
"indicator--5566cb59-f57c-4e44-bb0e-4e43950d210b",
"indicator--5566cb59-0e30-476a-9248-425c950d210b",
"indicator--5566cb59-9a2c-49c5-a177-42a4950d210b",
"indicator--5566cb59-36b8-4f29-a58d-4a78950d210b",
"indicator--5566cb59-8664-4841-9bf2-49dc950d210b",
"indicator--5566cb59-5794-4a0e-9abb-4bc2950d210b",
"indicator--5566cb59-39d0-4dfb-b713-4669950d210b",
"indicator--5566cb5a-8fe0-4a85-a7ca-4989950d210b",
"indicator--5566cb5a-04d8-4d21-83ac-497b950d210b",
"indicator--5566cb5a-d600-4a98-a79b-46f1950d210b",
"indicator--5566cb5a-9750-4505-b04c-47a2950d210b",
"indicator--5566cb5a-99e4-45da-9b91-40e0950d210b",
"indicator--5566cb5a-c464-4e63-a793-4910950d210b",
"indicator--5566cb5a-ec34-42d2-baf3-452d950d210b",
"indicator--5566cb5a-8058-40b0-9fbf-485f950d210b",
"indicator--5566cb5b-f950-49eb-8a67-4efd950d210b",
"indicator--5566cb5b-eaf4-4752-9281-48f2950d210b",
"indicator--5566cb5b-6930-4a50-b5b8-4881950d210b",
"indicator--5566cb5b-7eb0-4417-96f1-4de4950d210b",
"indicator--5566cb5b-9b28-4bee-8600-4469950d210b",
"indicator--5566cb5b-7e7c-443d-b212-4ee1950d210b",
"indicator--5566cb5b-df6c-4960-8cf2-43f0950d210b",
"indicator--5566cb5c-91ac-4bb3-8880-498e950d210b",
"indicator--5566cb5c-28f8-49e5-8eb4-4ec8950d210b",
"indicator--5566cb5c-5fdc-440b-b72d-4440950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555de350-80d8-4e46-baa7-f22a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:53:20.000Z",
"modified": "2015-05-21T13:53:20.000Z",
"first_observed": "2015-05-21T13:53:20Z",
"last_observed": "2015-05-21T13:53:20Z",
"number_observed": 1,
"object_refs": [
"url--555de350-80d8-4e46-baa7-f22a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555de350-80d8-4e46-baa7-f22a950d210b",
"value": "http://blog.cylance.com/spear-a-threat-actor-resurfaces"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c7b9-5c2c-4dcc-93b6-460e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:46:01.000Z",
"modified": "2015-05-28T07:46:01.000Z",
"pattern": "[file:hashes.SHA256 = '6ba1d42c6493b18548e30bd60ca3d07a140d9d1945cf4e2b542e4a6d23913f40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:46:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c7ba-c9e4-412e-bbee-4fa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:46:02.000Z",
"modified": "2015-05-28T07:46:02.000Z",
"pattern": "[file:hashes.SHA256 = '9d838fd9d21778ed9dc02226302b486d70ed13d4b3d914a3b512ea07bf67e165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:46:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c7c7-36b0-4d4d-a057-4b43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:46:15.000Z",
"modified": "2015-05-28T07:46:15.000Z",
"pattern": "[file:name = 'ISIS_twitter_list.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:46:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c7e0-2dd0-4bc1-b327-4224950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:46:40.000Z",
"modified": "2015-05-28T07:46:40.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Systemcertificates\\\\Certificates.ocx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:46:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c800-ab24-4cc1-b8b0-44d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:47:12.000Z",
"modified": "2015-05-28T07:47:12.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\Certificates' AND windows-registry-key:values.data = 'Rundll32.exe \\\\\"\\\\%APPDATA\\\\%\\\\Microsoft\\\\SystemCertificates\\\\Certificates.ocx\\\\\",Setup']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:47:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c842-7bd8-4b53-8ff1-4741950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:48:18.000Z",
"modified": "2015-05-28T07:48:18.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.microsoftservices.proxydns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:48:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c842-1e54-4664-81b4-42f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:56:10.000Z",
"modified": "2015-05-28T07:56:10.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'fighthard.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c843-bd4c-4aac-8863-4f24950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:48:19.000Z",
"modified": "2015-05-28T07:48:19.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'rampage.freetcp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:48:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c853-a9bc-48a8-9f4c-418c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:48:35.000Z",
"modified": "2015-05-28T07:48:35.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.229.125.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5566c86a-0b0c-4233-b704-48c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:48:58.000Z",
"modified": "2015-05-28T07:48:58.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "C:\\Codes\\Eoehttp\\Release\\Eoehttp.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5566c891-7614-47a7-99f2-4d9d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:49:37.000Z",
"modified": "2015-05-28T07:49:37.000Z",
"labels": [
"misp:type=\"pattern-in-traffic\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Network activity",
"x_misp_type": "pattern-in-traffic",
"x_misp_value": "<!--?*$"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8a7-5bf4-4bb0-9e26-4e22950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:49:59.000Z",
"modified": "2015-05-28T07:49:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.224.214.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8c1-d8c4-42d4-ae12-4ac8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:50:25.000Z",
"modified": "2015-05-28T07:50:25.000Z",
"pattern": "[file:hashes.SHA256 = '8794189aad922f2287a56c5e2405b9fd8affd136286aad7ed893b90cd2b76b9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8c2-1584-4cfa-80d5-4945950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:50:26.000Z",
"modified": "2015-05-28T07:50:26.000Z",
"pattern": "[file:hashes.SHA256 = 'c593a844a87b3e40346efd5d314c55c5094d5bf191f9bb1aeec8078f6d07c0cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8c2-6bfc-47c8-a1b3-4b55950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:50:26.000Z",
"modified": "2015-05-28T07:50:26.000Z",
"pattern": "[file:hashes.SHA256 = '3219767408bba3fa41b9ab5f964531cf608fb0288684748d6ac0b50cf108c911']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:50:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8ed-36a8-4f53-a490-4ce9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:51:09.000Z",
"modified": "2015-05-28T07:51:09.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\dw20.EXE']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566c8ee-dad4-417b-a752-443c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:51:10.000Z",
"modified": "2015-05-28T07:51:10.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\msascm32.drv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:51:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5566c90c-abf4-4a58-8d7f-48e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:51:40.000Z",
"modified": "2015-05-28T07:51:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "%USERPROFILE%\\Desktop\\msacm32\\Release\\msacm32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5566c9e8-0a40-4a39-8331-4dc4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:55:20.000Z",
"modified": "2015-05-28T07:55:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Poison Ivy shellcode encryption key",
"x_misp_type": "text",
"x_misp_value": "Tiger324{"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566ca39-c570-45e4-a246-40b6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:56:41.000Z",
"modified": "2015-05-28T07:56:41.000Z",
"pattern": "[domain-name:value = 'queenberry.www1.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566ca39-da1c-4ae8-ab54-45af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:56:41.000Z",
"modified": "2015-05-28T07:56:41.000Z",
"pattern": "[domain-name:value = 'word.crabdance.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566ca52-a154-40eb-aa21-4747950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:57:06.000Z",
"modified": "2015-05-28T07:57:06.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.71.162.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566ca52-1014-4d90-8f1e-4cda950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:57:06.000Z",
"modified": "2015-05-28T07:57:06.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.171.246.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:57:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566ca64-5b08-45eb-8f3a-41e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:57:30.000Z",
"modified": "2015-05-28T07:57:30.000Z",
"pattern": "[domain-name:value = 'www.ollay011.zyns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T07:57:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5566ca79-0400-4335-b7c0-44f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T07:57:45.000Z",
"modified": "2015-05-28T07:57:45.000Z",
"first_observed": "2015-05-28T07:57:45Z",
"last_observed": "2015-05-28T07:57:45Z",
"number_observed": 1,
"object_refs": [
"url--5566ca79-0400-4335-b7c0-44f1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5566ca79-0400-4335-b7c0-44f1950d210b",
"value": "http://blog.shadowserver.org/2012/04/16/beware-of-what-you-download-recent-purported-ceiec-document-dump-booby-trapped/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-ee24-452b-a1a4-4f98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'microsoftservices.proxydns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-8248-418d-bf12-4ae6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.238.227.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-a974-4835-a86a-4a03950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.micro.zyns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-40b0-4f2a-aa33-48f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'computer001.dumb1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-0890-4475-8476-49f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'microlab.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-b9f4-459d-9d1b-496e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'fighhard.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb58-c8b4-48b6-b49a-407b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:28.000Z",
"modified": "2015-05-28T08:01:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.251.122.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-9428-4bc1-86e4-4015950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.127.249.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-f57c-4e44-bb0e-4e43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'anhtuan88.ns01.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-0e30-476a-9248-425c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'anhphuong85.www1.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-9a2c-49c5-a177-42a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.fornobody.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-36b8-4f29-a58d-4a78950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'ftp.fornobody.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-8664-4841-9bf2-49dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'fornobody.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-5794-4a0e-9abb-4bc2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.192.153.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb59-39d0-4dfb-b713-4669950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:29.000Z",
"modified": "2015-05-28T08:01:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.qwertyui.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-8fe0-4a85-a7ca-4989950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.71.138.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-04d8-4d21-83ac-497b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'beyondbuck.dns1.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-d600-4a98-a79b-46f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'letitsnowsmart.instanthq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-9750-4505-b04c-47a2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'prime98.jumpingcrab.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-99e4-45da-9b91-40e0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'fuck.ruouvangnhatrang.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-c464-4e63-a793-4910950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.250.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-ec34-42d2-baf3-452d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.micro1.zyns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5a-8058-40b0-9fbf-485f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:30.000Z",
"modified": "2015-05-28T08:01:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.99.13.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-f950-49eb-8a67-4efd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.204.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-eaf4-4752-9281-48f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.olay033.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-6930-4a50-b5b8-4881950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.olay044.dns04.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-7eb0-4417-96f1-4de4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = '9999992009.rr.nu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-9b28-4bee-8600-4469950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = '9999992011.rr.nu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-7e7c-443d-b212-4ee1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = '9999992009.myfw.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5b-df6c-4960-8cf2-43f0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.62.202.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5c-91ac-4bb3-8880-498e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:31.000Z",
"modified": "2015-05-28T08:01:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'microlab.mrslove.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5c-28f8-49e5-8eb4-4ec8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:32.000Z",
"modified": "2015-05-28T08:01:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.80.238.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5566cb5c-5fdc-440b-b72d-4440950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-28T08:01:32.000Z",
"modified": "2015-05-28T08:01:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'webhosts.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-28T08:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink